Check out some similar questions!

joansmith71 · Feb 28, 2011, 12:04 PM

I recently asked my dental office to email me a copy of my treatment plan as I had some questions regarding fees. I confirmed my correct email address on paper at the office, on the phone with the office, and in an email sent their account. I was told the next day that my plan was sent to a completely different email address, who's they don't know. The plan contained my full name, address, date of next appt. how much I had paid for a procedure, treatments I had scheduled, and the chart number. When I spoke to the office manager she said a typo had been made which is absolutely ridiculous since the email address I have and the email they sent my records to is completely different. What are my options? I'm filing a complaint with the state board and I'm going to ask to office to refund fees I had already prepaid as I don't feel comfortable continuing treatment with them. What type of attorney should I speak to regarding this matter? I'm not looking to benefit financially, my main concern is protection against identity theft.

ScottGem · Feb 28, 2011, 12:56 PM

First, while this may be a HIPAA violation it does not appear to be a deliberate one. So I doubt if the state board or HIPAA will do anything about it.

Second, I would not waste my time hiring an attorney as there is nothing to sue over that I can see.

Third, I see no reason to refund fees for work done. What happened does not affect the work done. While I understand not wanting to continue with that office, but you can have your records handed to you and take it to a new dentist.

Finally, what I WOULD do is ask that they pay for a credit monitoring service for a year to make sure the info that was sent is not used for identity theft.

AK lawyer · Feb 28, 2011, 01:12 PM

Originally Posted by ScottGem

...Finally, what I WOULD do is ask that they pay for a credit monitoring service for a year to make sure the info that was sent is not used for identity theft.

Originally Posted by joansmith71

... The plan contained my full name, address, date of next appt., how much I had paid for a procedure, treatments I had scheduled, and the chart number.
...
my main concern is protection against identity theft.

How do you imagine that information would facilitate identity theft? I don't see that any credit card or banking information was compromised.

joansmith71 · Feb 28, 2011, 03:53 PM

Thanks you for your feedback. Let me clarify, I'm not asking a refund for services already performed. I've paid in advance for procedures that have yet to be done but I don't feel comfortable staying at that practice. I don't want to sue the practice for damages, it's more to create a record if I experience issues later with identity theft, etc. same with the state board and hipaa, do you suggest a different approach? And I will definitely ask for credit monitoring, I think that's a more than fair request. Again, thank you for your feedback. I greatly appreciate any and all help!

ScottGem · Feb 28, 2011, 04:24 PM

Originally Posted by joansmith71

i'm not asking a refund for services already performed. i've paid in advance for procedures that have yet to be done but i don't feel comfortable staying at that practice.

Ok that's different and understandable.

If you are looking to protect yourself, I think the credit monitoring should be sufficient.

ballengerb1 · Feb 28, 2011, 07:21 PM

Good advice but I too do not see that anything about your financials was released so I don't see why they would pay to monitor your credit. Sure you get your fees back, the service has not been given. However, how has their mistake damaged you, financially? HIPAA regs mention that an error like this is not a violation

Fr_Chuck · Feb 28, 2011, 07:28 PM

Yes, you could ask for any unused advanced payment back and perhaps the cost of a credit monitoring service, but that is about it.

I doubt if any government agency will do anything and if they do, merely a letter reminding them to be careful and at most require their clerks to do a few hours of training

mrmax3007 · Dec 7, 2011, 03:31 PM

http://www.hhs.gov/ocr/privacy/hipaa...nts/index.htmlThis is a violation of HIPAA. All email from HIPAA covered entities (your dentist) containing any ePHI (elctronic Patient Health Information) must be secured and encrypted. In the case of sending electronic information it would require the intended receipient to answer a secure question in order to view any patient information. Any other recipient who did not know the answer to the specified question would not be able to access your patient information. In your case it does not sound like the proper security steps were taken by this dentist (unfortunately this is very common)as such this results in a breach of HIPAA.
You as the patient can file a complaint with the Dept. of Health and Human Services.of the
Here's the link for their site: http://www.hhs.gov/ocr/privacy/hipaa...nts/index.html.

I own an I.T. company specializing in digital integration within private-practice dental and medical offices. I am not sure what else you can legally do to account for the "damages" you incurred however the Dept. of HHS can launch an investigation against the dentist and y stiff fines (cap limits are $1.5 million)... my guess is if this has happened with you its happened with other patients as well.