The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants

Response to Valerie Powell, PhD

By Darrell K. Pruitt; DDS

Dear Valerie, 

This is a response to statements in www.ModernHealthcare.com, although to address all of the issues will probably be more space than they will want to devote to this. So, I’ll leave it to them to decide how much, if any, they would like to post.

Starting from the Top

Valerie Powell asks whether a dentist would face liability under HIPAA if electronic health data were stolen. Of course they would.  And in six months the FTC will be interested in data breaches as well. The “Red Flag Rules” were not eliminated, they were just delayed.

Practice Interference 

She asks whether the thefts would interfere with the dentist’s practice. Yes again – in many unpleasant ways. For example, if there is a data breach connected to a series of identity thefts from a dental office, the HHS Office of Civil Rights, state investigators or even the FBI can confiscate the dentist’s computer to investigate.  A search warrant would shut down an office much more unexpectedly than paper floating away in a hurricane.  By the way, using Hurricane Katrina as a reason for dentists to go digital is merely a weak rationalization commonly used by those who would de-value paper records to increase the relative value of digital.    

Self-Reporting 

If the dentist is able to self-report the breach before finding out from law officials, even before the inspectors arrive, ready to teach the careless dentist a good lesson as an example to others, the dentist would be obligated to contact every one of his or her patients as soon as possible to tell them, “I am terribly sorry to inform you that your social security number, date of birth, health insurance information and other valuable items have been stolen from my office.  However, I will assist you in watching for identity thefts for the next few years at my expense.”

The Ponemon Institute Report 

A couple of years ago, the Ponemon Institute estimated that it costs almost $200 per patient to do this.  For a small dental practice with only 2500 active patients, that is half a million dollars – even before the fines arrive.

Economic Costs 

But wait, there is more. If the immediate financial costs do not bankrupt the practice, Ponemon once estimated that 20% of the clients will never return to a business that fumbled their identity. I think Ponemon is an optimist. Ponemon’s estimate is not based on breaches from dental practices. I think at least a third of dental patients would immediately leave and probably seek out a dentist who uses paper records. And that is when they will find me.

Conclusion

And so, your thoughts and comments on this Executive-Post, and continuing discourse, are appreciated.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com  or Bio: www.stpub.com/pubs/authors/MARCINKO.htm

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Filed under: Health Insurance, Information Technology, Op-Editorials, Practice Management | Tagged: EHRs, EMRs, HIT | 5 Comments »