
A Dallas dental practice recently settled a HIPAA violation investigation that confirmed it shared Protected Health Information (PHI) of multiple patients in response to Yelp postings. It publicly disclosed patients’ last names, health conditions, treatment plans, insurance and cost details.
The practice agreed to pay a $10,000 fine, and adopt a corrective action plan that includes two years of HIPAA compliance monitoring.1
HIPAA law factors into almost every aspect of how a dental practice operates. It’s no wonder there are many ways they violate HIPAA laws that result in fines and corrective actions. Here are five common ones.
- Posting PHI on social media. This is an impermissible disclosure of PHI.
- Emailing PHI through a non-secure service. Some services only meet 1 or 2 of the six HIPAA law mandates. Check with your email service provider to ensure your system is fully compliant.
- Failing to enter into a HIPAA-Compliant Business Associate Agreement (BAA) with each vendor that provide services, functions, or activities for or on behalf of a practice; and requires access to patient ePHI.
- Lacking proper access controls to ePHI. Only authorized employees can access ePHI. Improper access can lead to theft of patient PHI.
- Denying patients access to health records or exceeding the timeframe for providing access. Patients have the right to access their records or obtain copies at their request.
1https://www.hhs.gov/about/news/2019/10/02/dental-practice-pays-10000-settle-social-media-disclosures-of-patients-phi.html