Dental Trio & Psych Practice Hit with Access, Privacy Fines
F
Data Breach Insurance WHAT YOU NEED TO KNOW
I
t’s relatively easy to put Data Breach insurance in place. Here are some quick notes to review to will help you get prepared before you apply:
• Are your devices encrypted? • Does your network have a fire- wall set up?
• Do your computers have anti- virus protection? If not, work with your IT company to get any of these in place.
Premiums will be based on your an- nual revenue. A completed applica- tion will be required to apply and will go through underwriting review for approval.
An average cost for a $1 million policy can be around $2,000 annually. Cov- erage may include risk management services, which is typically only found in stand-alone policies.
You may find an endorsement of data breach coverage on your malpractice policy. While the standard limit is usually $50,000, you can always check into what the cost of increasing that limit will be on your malpractice policy or if they will allow such a request. You may not find the endorsement to cover as much as a stand-alone data breach policy will cover, but it is an option for consideration. We strongly encourage a stand-alone policy, but any coverage is better than no cover- age at all.
To learn more about getting protected with a Data Breach policy, reach out to MDIS at
info@mdis4dds.com or 800-944-7550.
ollowing a winter of hibernation, the Department of Health and Human Services (HHS) regulators roared to life with the announcement of three settlements and one fine totaling more than $172,000 for violations of HIPAA’s Patient Right of Access and Privacy Rules. Each HIPAA dental fine, as well as the behavioral health fine, were issued for varying degrees of noncompliance.
MONETARY PENALTIES FOR THREE DENTISTS & BEHAVIORAL HEALTH PROVIDER
MEDICAL RECORDS The MDA receives frequent calls
and emails from both members and the public inquiring about providing copies of dental
records. We have an extensive online FAQ on this subject!
Make sure you and your team know what is required by law!
As the investigatory and enforcement arm of HHS, the Office for Civil Rights (OCR) has taken the following en- forcement actions that underscore the importance and necessity of compliance with the HIPAA Rules, including the foundational Right of Access provision:
Dr. Donald Brockley, DDM, a solo dental practitioner in Butler, Pa., failed to provide a patient with a copy of their medical record. After being issued a Notice of Proposed Determination, Dr. Brockley requested a hearing before an Administrative Law Judge. The litigation was resolved before the court made a determination by a settlement agreement in which Dr. Brockley agreed to pay $30,000 and take corrective actions to comply with the HIPAA Privacy Rule’s right of access standard.
Dr. U. Phillip Igbinadolor, DMD & Associates, PA (UPI), a dental practice with offices in Charlotte and Monroe, N.C., impermissibly disclosed a patient’s PHI on a webpage in response to a negative online review. UPI did not respond to OCR’s data request, did not respond or object to an administrative subpoena, and waived its rights to a hearing by not contesting the findings in OCR’s Notice of Proposed Determination. OCR imposed a $50,000 HIPAA fine.
Northcutt Dental-Fairhope, LLC (Northcutt Dental), a dental practice in Fairhope, Ala., that impermissibly disclosed its patients’ PHI to a campaign manager and a third-party marketing company hired to help with a state senate election campaign, agreed to take corrective action and pay $62,500 to settle potential violations of the HIPAA Privacy Rule.
Jacob and Associates, a psychiatric medical services provider with two office locations in California, agreed to take corrective actions and pay OCR $28,000 to settle potential violations of the HIPAA Privacy Rule, including provisions of the right of access standard.
OCR DIRECTOR WARNS ENFORCEMENT WILL CONTINUE
In a statement accompanying the announcement, OCR Director Lisa J. Pino underscored the agency’s commitment to enforcing privacy and security standards for patients’ protected health information (PHI).
“Between the rising pace of breaches of unsecured protected health information and continued cyber security threats impacting the health care industry, it is critical that covered entities take their HIPAA compliance responsibilities seriously,” said Pino.
“OCR will continue our steadfast commitment to protect individuals’ health information pri- vacy and security through enforcement, and we will pursue civil money penalties for violations that are not addressed.”
Learn how you can avoid fines and become HIPAA compliant with Compliancy Group, endorsed by ADA Member Advantage and MDA. Members save 15 percent on a HIPAA compliance program. Visit
compliancy-group.com/ada to learn more.
ISSUE 3 | MAY/JUN 2022 | focus 25
MODENTAL.ORG/RECORDS
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32