By Lee Slaton, Vice President of Healthcare; Smart Training

A former receptionist at a dental practice in New York was sentenced to 2 to 6 years of prison for stealing the protected health information (PHI) of hundreds of patients.

The PHI of 653 patients was taken from the office and shared with a co-defendant via email. The information included names, birth dates, and Social Security numbers.

The co-defendant used the information to obtain credit lines from Barclaycard in the victims’ names. Credit ranged from $2,000 to $7,000 per individual. The co-defendant, along with others, used the credit to purchase Apple gift cards that were used to buy tablets and laptop computers that collectively cost more than $700,000.

How can this type of theft be prevented?

Unfortunately, there’s no magic bullet that puts the brakes on PHI theft. It takes a layered approach of implementing commonsense precautions to help protect patients’ PHI.”

The top four deficiencies that Smart Training‘s compliance advisors notice in its compliance assessments for TDA members are:

  1. No annual HIPAA risk assessment. A risk assessment is what a practice’s privacy officer uses to identify shortcomings in the practice’s efforts to protect patient information.
  2. Lack of encryption of all electronic storage mediums in the practice
  3. No regular background checks on office personnel
  4. No monitoring of computer login files