Ask Me Help Desk

Ask Me Help Desk (https://www.askmehelpdesk.com/forum.php)
-   Other Law (https://www.askmehelpdesk.com/forumdisplay.php?f=190)
-   -   Hipaa violation? Dentist office released personal records to unknown email account (https://www.askmehelpdesk.com/showthread.php?t=558540)

  • Feb 28, 2011, 12:04 PM
    joansmith71
    Hipaa violation? Dentist office released personal records to unknown email account
    I recently asked my dental office to email me a copy of my treatment plan as I had some questions regarding fees. I confirmed my correct email address on paper at the office, on the phone with the office, and in an email sent their account. I was told the next day that my plan was sent to a completely different email address, who's they don't know. The plan contained my full name, address, date of next appt. how much I had paid for a procedure, treatments I had scheduled, and the chart number. When I spoke to the office manager she said a typo had been made which is absolutely ridiculous since the email address I have and the email they sent my records to is completely different. What are my options? I'm filing a complaint with the state board and I'm going to ask to office to refund fees I had already prepaid as I don't feel comfortable continuing treatment with them. What type of attorney should I speak to regarding this matter? I'm not looking to benefit financially, my main concern is protection against identity theft.
  • Feb 28, 2011, 12:56 PM
    ScottGem

    First, while this may be a HIPAA violation it does not appear to be a deliberate one. So I doubt if the state board or HIPAA will do anything about it.

    Second, I would not waste my time hiring an attorney as there is nothing to sue over that I can see.

    Third, I see no reason to refund fees for work done. What happened does not affect the work done. While I understand not wanting to continue with that office, but you can have your records handed to you and take it to a new dentist.

    Finally, what I WOULD do is ask that they pay for a credit monitoring service for a year to make sure the info that was sent is not used for identity theft.
  • Feb 28, 2011, 01:12 PM
    AK lawyer
    Quote:
    Originally Posted by ScottGem View Post
    ...Finally, what I WOULD do is ask that they pay for a credit monitoring service for a year to make sure the info that was sent is not used for identity theft.
    Quote:
    Originally Posted by joansmith71 View Post
    ... The plan contained my full name, address, date of next appt., how much I had paid for a procedure, treatments I had scheduled, and the chart number.
    ...
    my main concern is protection against identity theft.
    How do you imagine that information would facilitate identity theft? I don't see that any credit card or banking information was compromised.
  • Feb 28, 2011, 03:53 PM
    joansmith71
    Thanks you for your feedback. Let me clarify, I'm not asking a refund for services already performed. I've paid in advance for procedures that have yet to be done but I don't feel comfortable staying at that practice. I don't want to sue the practice for damages, it's more to create a record if I experience issues later with identity theft, etc. same with the state board and hipaa, do you suggest a different approach? And I will definitely ask for credit monitoring, I think that's a more than fair request. Again, thank you for your feedback. I greatly appreciate any and all help!
  • Feb 28, 2011, 04:24 PM
    ScottGem
    Quote:
    Originally Posted by joansmith71 View Post
    i'm not asking a refund for services already performed. i've paid in advance for procedures that have yet to be done but i don't feel comfortable staying at that practice.
    Ok that's different and understandable.

    If you are looking to protect yourself, I think the credit monitoring should be sufficient.
  • Feb 28, 2011, 07:21 PM
    ballengerb1

    Good advice but I too do not see that anything about your financials was released so I don't see why they would pay to monitor your credit. Sure you get your fees back, the service has not been given. However, how has their mistake damaged you, financially? HIPAA regs mention that an error like this is not a violation
  • Feb 28, 2011, 07:28 PM
    Fr_Chuck

    Yes, you could ask for any unused advanced payment back and perhaps the cost of a credit monitoring service, but that is about it.

    I doubt if any government agency will do anything and if they do, merely a letter reminding them to be careful and at most require their clerks to do a few hours of training
  • Dec 7, 2011, 03:31 PM
    mrmax3007
    http://www.hhs.gov/ocr/privacy/hipaa...nts/index.htmlThis is a violation of HIPAA. All email from HIPAA covered entities (your dentist) containing any ePHI (elctronic Patient Health Information) must be secured and encrypted. In the case of sending electronic information it would require the intended receipient to answer a secure question in order to view any patient information. Any other recipient who did not know the answer to the specified question would not be able to access your patient information. In your case it does not sound like the proper security steps were taken by this dentist (unfortunately this is very common)as such this results in a breach of HIPAA.
    You as the patient can file a complaint with the Dept. of Health and Human Services.of the
    Here's the link for their site: http://www.hhs.gov/ocr/privacy/hipaa...nts/index.html.

    I own an I.T. company specializing in digital integration within private-practice dental and medical offices. I am not sure what else you can legally do to account for the "damages" you incurred however the Dept. of HHS can launch an investigation against the dentist and y stiff fines (cap limits are $1.5 million)... my guess is if this has happened with you its happened with other patients as well.

    • All times are GMT -7. The time now is 12:18 PM.