Hipaa violation? Dentist office released personal records to unknown email account
I recently asked my dental office to email me a copy of my treatment plan as I had some questions regarding fees. I confirmed my correct email address on paper at the office, on the phone with the office, and in an email sent their account. I was told the next day that my plan was sent to a completely different email address, who's they don't know. The plan contained my full name, address, date of next appt. how much I had paid for a procedure, treatments I had scheduled, and the chart number. When I spoke to the office manager she said a typo had been made which is absolutely ridiculous since the email address I have and the email they sent my records to is completely different. What are my options? I'm filing a complaint with the state board and I'm going to ask to office to refund fees I had already prepaid as I don't feel comfortable continuing treatment with them. What type of attorney should I speak to regarding this matter? I'm not looking to benefit financially, my main concern is protection against identity theft.