Dental Data Breach Affects more than 1 Million Patients
A dental data breach report submitted to the U.S. Department of Health & Human Services (HHS) Office for Civil Rights shows that 1,004,304 patients have been affected by the Dental Care Alliance incident. Dental Care Alliance is a Sarasota, Florida-based Dental Support Organization (DSO) with more than 320 affiliated dental practices across 20 states.
Approximately 30 of those affiliated dental practices are located here in Texas.
It was hacked on Sept. 18, 2020; and the dental data breach was detected Oct. 11 and contained two days later. The protected health information (PHI) of more than a million individuals has potentially been compromised. The breach notification letters sent to the affected patients did not provide further information on the nature of the attack.
In a breach notification submitted to the Maine Attorney General’s office, the DSO indicated that some patient information was acquired by the hackers, such as patient names in combination with financial account numbers. Approximately 100,000 of the affected patients had their financial account number exposed, according to the report.
How do you share your PHI with outside firms?
This might sound like piling on to some of you, since we reviewed a similar situation in last month’s compliance article. Some might be reading this and thinking, “That’s a big DSO, and what happened to them is unlikely to happen to my small practice.” Perhaps.
But how many of you practice owners are outsourcing different business functions of your practice to outside firms? Does that outsourcing involve patient data? If so, don’t keep your head in the sand.
How the firms you share your patients’ PHI with safeguard your patients’ data is of paramount importance to you. If you and/or one of your business associates are neglectful in how that PHI is handled, it could literally cost you your practice.
In the case of Dental Care Alliance, this breach is going to cost them millions of dollars to rectify; not to mention rupture trust between them, the practices they support, and the patients they serve.
Need HIPAA help?
Smart Training’s Compliance Advisers encounter practice owners every week who have their heads in the sand when it comes to the unacknowledged and unprepared-for risk to their livelihood that data breaches pose. Dealing with Business Associate Agreements isn’t rocket science, but Business Agreements do need to be properly prepared and executed. A boilerplate form with blanks won’t suffice for a Business Associate Agreement.
Not sure if your practice is properly protected? Smart Training’s certified HIPAA professional created hundreds of custom Business Associate Agreements for our clients. Compliance and risk management isn’t a sideline for Smart Training; it’s all it does. It’s conducted over 1,500 inspections of dental practices across the country. Put the advantage of Smart Training’s experience to work for your practice.
If you’re interested in speaking with our Compliance Advisers about how we can help your dental practice with HIPAA, request a free demo here.