Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
About Ahlstrom’s Controversial HIPAA Testimony
By Darrell K. Pruitt; DDS
Dr. Robert H. Ahlstrom, representing the ADA as well as all US dentists, testified in July 2007 before the standards and security subcommittee of the National Committee on Vital and Health Statistics (NCVHS) about the benefits of HIPAA in dentistry. His testimony is featured as an official HHS document titled “Testimony of the American Dental Association, National Committee on Vital and Health Statistics Subcommittee on Standards and Security”, July 31, 2007.
http://www.ncvhs.hhs.gov/070731p08.pdf
The NCVHS Document
The document was presented by NCVHS to HHS Secretary Michael Leavitt as fact – a mistake that not only set back healthcare IT in dentistry, and miracles from trusted Evidence Based Dentistry [EBD] a decade or more – but seriously stained the reputation of the American Dental Association, crippling my profession’s influence in the nation’s capitol. Dr. Ahlstrom is a prosthodontist from Reno, Nevada and a tireless ADA volunteer. At one time, he was a respected proponent of paperless dental practices, and was rewarded with prominent appointments in the ADA, which he continues to silently cling to. However, at some point in his efforts, his enthusiasm for healthcare IT in dentistry caused him to lose perspective of who he was serving. When Dr. Ahlstrom chose to ignore the warnings of the danger from digitalized patient information, he abandoned the needs of dental patients and dentists.
Discussion Avoidance
For at least the last few years, Dr. Robert Ahlstrom has suspiciously avoided discussing the dangers of digital records with ADA members – including me – even in front of a crowd of a hundred or so witnesses in ADA Headquarters.
The Challenge
Even though I think it is unlikely that he will accept my open challenge, I emailed him an invitation to defend his testimony here, or on the PennWell forum. In my opinion, the time has come for Ahlstrom to either show courage or be terminally irrelevant. If he fails to respond, I personally call for his resignation from all ADA positions because of clear unaccountability to ADA membership.
Robert Ahlstrom is the only dentist left in the nation who applauds HIPAA, and I don’t expect any official from the ADA to come to his defense. It would be wonderfully entertaining, but that is just too much to ask of the shy good ol’ boys I have bumped heads with. My questions to the ADA about HIPAA have been evaded for years.
Ahlstrom’s Eleven Selling Points
Here are the 11 selling points Ahlstrom presented to our lawmakers in support of HIPAA – which I will contest individually and in depth:
1. Dental office computer systems will be compatible with those of the hospitals and plans they conduct business with. Referral inquiries will be handled easily.
2. Vendors will be able to supply low-cost software solutions to physicians/dentists who support standards-based electronic data interchange. Costs associated with mailing, faxing and telephoning will decrease.
3. All administrative tasks can be accomplished electronically. Dentists will have more time to devote to direct care.
4. Dentists will have a more complete data set of the patient they are treating, enabling better care.
5. Patients seeking information on enrollment status or health care benefits will be given more accurate, complete and easier-to-understand information.
6. Consumer documents will be more uniform and easier to read.
7. Cost savings to providers and plans will translate in less costly health care for consumers. Premiums and charges will be lowered.
8. Patients will save postage and telephone costs incurred in claims follow-up.
9. Patients will have the ability to see what is contained in their medical and dental records and who has accessed them. Patient records will be adequately protected through organizational policies and technical security controls.
10. Visits to dentists and other health care providers will be shorter without the burden of filling out forms.
11. Consumer correspondence with insurers about problems with claims will be reduced.
Pruitt’s Response
1. Dental office computer systems will be compatible with those of the hospitals and plans they conduct business with.
Referral inquiries will be handled easily. Just how important is that to dentists other than you and the insurers you repeatedly represent, Dr. Ahlstrom? Adequate communication with other healthcare professionals has never been an issue in my office, and the US Post Office is hard to beat for safety. Dentists’ offices are not emergency rooms. Even in the most urgent situation, I cannot imagine a general dentist needing anything faster than the telephone and fax machine. And if it is a life-threatening emergency, rather than going online, we simply dial 911 in my office.
Common forms of communication are much more convenient, inexpensive and dependable than computers. But most importantly, like the US mail, they do not endanger dental patients’ welfare like digital records do. In fact, because universally accepted communications are not covered by the HIPAA rule you support, they cannot draw inspections and fines from the HHS.
As far as aiding communication with insurers, that has always been an insurance problem – commonly used to delay and deny payments to dentists. Since dental insurance companies continue to avoid transparency with their own clients for strategic reasons, their greed must never again be officially declared as dentistry’s problem by representatives of the ADA. You are wrong to mislead the federal government. It has never been the mission of the ADA to protect the profits of dental insurance companies. In fact, those you assist compete with dentists for dental patients’ dollars. That means it is unethical as well as against the Hippocratic Oath for you to assist them, Dr. Ahlstrom.
2. Vendors will be able to supply low-cost software solutions to physicians/dentists who support standards-based electronic data interchange. Costs associated with mailing, faxing and telephoning will decrease.
Supply solutions for what problems? How can a prosthodontist be so imprecise as to include vague words like “low-cost” in such important testimony to lawmakers on behalf of the nation’s dentists? Low-cost compared to what – no software? Just how expensive are the postage and telephone bills compared to the $40 thousand vendor problem you describe later in your testimony to the NCVHS?
“One dentist contacted the ADA recently and said that their current vendor was not going to update the current version in use today and instead the dental office would be forced to purchase a new system for $30,000-$40,000 dollars or return to submitting paper claims.” Dr. Ahlstrom, please leave baseless advertisements to healthcare IT vendors. They follow a code that forces them to maintain credibility.
3. All administrative tasks can be accomplished electronically. Dentists will have more time to devote to direct care.
As the best, if grossly exaggerated selling point for HIPAA that Dr. Ahlstrom highlights, this is still a blatant reach that is silly. I find it odd to read that any dentists sacrifice chair time for administrative tasks.
The business of dentistry is actually so simple that it was managed successfully for decades in even the busiest offices with pegboards and ledger cards. The bottleneck in dentistry has never been the front desk. It has always been the speed of the dentist. As a matter of fact, HIPAA forms have actually hurt efficiency. In addition, operatory turn-around is further delayed by another unfunded and unproductive mandate called OSHA, which also offers nothing to hold down the cost of compliancy.
What is the difference between the two? OSHA makes a little bit of sense, is hundreds of times cheaper and it does not harm patients other than increasing the cost of dental care. As for Ahlstrom’s incredible claim that “All administrative tasks can be accomplished electronically,” HIPAA compliance itself increasingly adds serious administrative tasks to covered entities’ overhead even before HIPAA inspections of dental offices begin. Let me provide a partial list of documents that are expected to be handy for HIPAA inspectors: In April 2005, long before Ahlstrom’s deceptive suggestion that HIPAA reduces non-productive tasks, Piedmont Hospital in Atlanta was inspected by HHS for HIPAA violations.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9024921
As a result, Piedmont officials were presented with a documented list of 42 items that the agency wanted information on “… including physical and logical access to systems and data, Internet usage, violations of security rules by employees, and logging and recording of system activities. The document also requested items such as IT and data security organizational charts and lists of the hospital’s systems, software and employees, including new hires and terminated workers.”
Has the ADA prepared members for HIPAA inspections? Not at all! They never mention it. Isn’t that odd?
I personally conducted a survey that I posted on the Executive-Post titled “HIPAA Rules and Dentistry.”
https://healthcarefinancials.wordpress.com/2008/09/01/hipaa-rules-and-dentistry/
The results show that the range of compliancy was found to be from 0% for the requirement of a written workstation policy to 88% for that of password security. The average was 49%, meaning that less than half of the requirements are being respected by the dentists in this sample. Once again, neither Ahlstrom nor the ADA has mentioned a word about HIPAA inspections to membership.
4. Dentists will have a more complete data set of the patient they are treating, enabling better care.
This is beyond reaching. This is absurd. If Ahlstrom had not obviously included this false testimony to placate members of the NCVHS who know nothing about dentistry, the intention of his misrepresentation would not make sense at all. What more do dentists need to successfully treat a patient’s oral problems than an uncomplicated, up-to-date and concise health history like the hundreds of millions of paper ones safely in use today in dental offices? Even if one pulls up an interoperable electronic health record, the dentist still must review it before initiating treatment. No time saved there. As more eHRs become imperceptibly altered by health insurance thieves who are not likely to be allergic to the same medications as the true owners of the records, I am determined that my patients’ health histories will always be paper – even if I am forced to pretend to have a paperless practice as mandated by an absurd law. It will cost my patients more to have two sets of records, but they will enjoy less risk of anaphylactic shock.
Let’s face it, dentistry is not heart surgery. Dentists don’t even need to know blood types. A health record complicated with superfluous and possibly tainted information clearly increases the chance for serious error without providing patients any benefit. One complaint already heard from physicians using eMRs is that there is simply too much information in digital records that complicate treatment rather than enhance healthcare.
In addition, unethical employers, bankers, ad executives and insurers find detailed electronic information about patients’ frailties of value and worth paying for, while eHRs are being breached millions at a time. Why should a dentist maintain any more medical information than necessary? There is no black market value for dental records. Why on Earth create one?
5. Patients seeking information on enrollment status or health care benefits will be given more accurate, complete and easier-to-understand information.
This should have never been mentioned by Dr. Ahlstrom. Incomprehensible dental insurance policies can no longer be defended by the ADA. Otherwise the insurance industry will continue to encourage complexity in order to take advantage of their clients. As healthcare providers for trusting patients, we cannot allow agents of the ADA to force the nation’s dentists to be enablers of deceit. Otherwise, like Ahlstrom, we are guilty of deceit as well.
Adequate communication between an insured and the insurer has always been an insurance problem and not a dental problem. ADA leaders must immediately stop encouraging members to assume insurers’ responsibilities of explaining their intentionally complicated dental plans to their clients. The ADA should never again spend a penny of members’ dues to assist insurance companies. Once again, performing work for insurance companies is outside the mission of the ADA. It always has been.
6. Consumer documents will be more uniform and easier to read.
This is pure fantasy. Computerization does not fix sloppy, it empowers sloppy.
7. Cost savings to providers and plans will translate in less costly health care for consumers. Premiums and charges will be lowered.
Although it is undeniable that electronic records benefit insurers more than anyone else, one has to pay close attention to Ahlstrom’s use of the words “cost savings.” If Ahlstrom had said that HIPAA will lower dentists’ overhead, like head ADA lobbyist Michael Graham claims on his ADA website, Ahlstrom’s statement would be just another lie from another ADA representative.
http://www.ada.org/prof/advocacy/agenda.asp
By calling it a “cost savings,” Ahlstrom technically concedes that HIPAA will indeed require an increase in overhead – which dental patients will ultimately have to pay to obtain dental care. Ahlstrom cleverly skirts the lie that Graham continues to post by promising “savings over what it could cost otherwise” – perhaps without the “low-cost” vendors he previously mentioned.
It can no longer be denied by employees of the ADA like Michael Graham. ADA members will have to raise fees to cover the purchase and maintenance of untried and expensive information technology that neither patients nor dentists want. It is also undeniable that because of their deceit, more children will go to bed with toothaches; So much for increasing access to care, ADA.
Will there be problems? You bet! Big expensive ones attached to very angry ADA members similar to the $40 thousand problem mentioned by Ahlstrom himself.
Here is another problem that the ADA has kept hidden from membership: In Subpart D, §160.426, of the HIPAA enforcement rule, there is a section titled “Notification of the public and other agencies” which gives HHS the right to inform virtually everyone if they find a violation in a dental office. When inspections begin, I expect HHS to publicly punish violators. For good reason, there is a growing bi-partisan push for accountability for data breaches which continue to occur copiously. There is no doubt that news about HIPAA violations will be made public on the Internet through the NPPES using dentists’ NPI numbers. Since dentists freely volunteered for the numbers, it makes this legal. Volunteering is legal consent to abide the laws of the revised 1966 Freedom of Information Act which in 1996 was turned 180 degrees away from government entities such as the HHS and directed against US citizens who happen to be dentists. The ADA has also failed to inform members that an investigator can show up unannounced in any covered entity’s office and demand everything digital immediately. This means that office computers can be instantly confiscated even before one is publicly labeled as a HIPAA violator on the Internet.
And to think that some rookie healthcare IT enthusiasts are still foolish enough to mention Hurricane Katrina as a swell reason for going paperless. One can see hurricanes coming.
8. Patients will save postage and telephone costs incurred in claims follow-up.
Once again, this problem will never be solved electronically. Insurers will merely save money for postage on denial letters – which will naturally encourage more denials – and an insurance executive will receive a bonus.
9. Patients will have the ability to see what is contained in their medical and dental records and who has accessed them. Patient records will be adequately protected through organizational policies and technical security controls.
My patients can drop by my office at any time to see their dental records. If they want copies, I can provide those as well. I can even mail them. Nobody has ever had access to my patients’ paper records without my patients’ permission. As for protection, a huge, clunky sheet-metal file cabinet stuffed with hundreds of pounds of paper records, including radiographs, is hard to slip down a flight of metal and concrete stairs quickly without making at least a little noise. On the other hand, hackers, or even dishonest or angry employees raise no alarm whatsoever, and they can be gone in a flash with thousands of IDs. How can Dr. Ahlstrom possibly promise that with HIPAA, electronic records will be adequately protected? What about the organizational policies he casually mentions? Does this mean more staff meetings? I should remind everyone that selling point number three was a decrease in administrative work. Did Ahlstrom change his mind in mid-testimony?
Lastly, effective technical security controls just do not exist. For example: If electronic health records show who has accessed them, can someone discover who has accessed the more than 160 million records that have been reported lost in the last few years? Impossible!
10. Visits to dentists and other health care providers will be shorter without the burden of filling out forms.
Does this mean fewer HIPAA “Notice of Privacy Practices (NPP)” forms? How much time would it take for new patients to actually read the NPP form they sign? How much more time would it take for dentists to disclose to the patients that the form does nothing to protect their rights to privacy? Quite the contrary; “Patients also may ask covered entities to restrict the use or disclosure of their information beyond the practices included in the notice, but the covered entities would not have to agree to the changes.” – abstracted from “Protecting the Privacy of Patients’ Health Information,” released in April 2003 from the HHS.
http://www.hhs.gov/news/facts/privacy.html
11. Consumer correspondence with insurers about problems with claims will be reduced.
Since I am never a legal party in my patients’ insurance decisions, and since very few dental insurance companies hold themselves accountable to anyone, including their own clients, why should I care about patients’ contractual agreements with their dental insurance companies? I do not want that responsibility and such earthly bad advice from an ADA leader is simply not consistent with the mission of the ADA.
Assessment
In closing, I have to ask why Dr. Robert Ahlstrom would invent the fantasy he told lawmakers. It is as if he told the NCVHS what he thought HHS wanted to hear. Why couldn’t he just tell the truth? HIPAA offers no benefit to dental patients. In fact, the mandate endangers their welfare, making it unethical for a dentist to become a covered entity, even if encouraged to do so by a representative of the American Dental Association.
If I am wrong about any part of this national disgrace, Dr. Robert Ahlstrom should immediately stand up and publicly defend HIPAA on this forum. It is failing in dentistry on a national scale and pulling the ADA down with it. If nobody can clear up the apparent absurdity, not only will it hurt my profession, but the Department of Health and Human Services as well as Obama’s administration will suffer embarrassment when the media discovers that HIPAA is in reality, a grand fraudulent scheme of historic proportions.
The Challenge
It is your turn now, Dr. Robert Ahlstrom. Meet the professionals whose interests you misrepresented in front of lawmakers. Otherwise, be forever silent. I will always hold you accountable for abetting fraud against my profession.
Conclusion
Your thoughts and comments on this polemic and Medical Executive-Post are appreciated; especially from dentists, attorneys and health policy wonks, and IT gurus. Does the dentist have a point; or not?
Note: Dr. Pruitt blogs at PenWell and others sites, where this post first appeared.
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com or Bio: www.stpub.com/pubs/authors/MARCINKO.htm
Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest E-Ps delivered to your email box each morning? Just subscribe using the link below. It’s free. You can unsubscribe at any time. Security is assured.
Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos
Share this:
Filed under: "Doctors Only", Health Law & Policy, Information Technology, Op-Editorials, Research & Development | Tagged: ADA, eDRs, EHRs, EMRs, HIPAA |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
A Follow-Up,
Today, President-elect Barack Obama posted this on his website:
“To improve the quality of our health care while lowering its cost, we will make the immediate investments necessary to ensure that within five years, all of America’s medical records are computerized. This will cut waste, eliminate red tape, and reduce the need to repeat expensive medical tests. But it just won’t save billions of dollars and thousands of jobs – it will save lives by reducing the deadly but preventable medical errors that pervade our health care system.”
Link: http://change.gov/newsroom/blog/
Note that Obama did not say “except for dentistry.”
Won’t he be surprised!
-Darrell K. Pruitt; DDS
LikeLike
More HIPAA,
I posted this on Business Report.com in response to an article written by Anna Thibodeaux that was not truthful, in my opinion.
http://www.businessreport.com/news/2008/dec/29/not-your-fathers-dentist-tchn1/#comments
Fact or Ad?
Was the article “Not your father’s dentist” by Anna Thibodeaux a news item or a PR piece dressed up to look like news? It is difficult to tell. For the sake of accuracy in the marketplace, let’s figure it out.
Dr. Johnnie Hunt, a pediatric dental specialist in Louisiana has only had a paperless practice a month, yet she already claims that digital patient records are more accurate than her paper records were. It is simply amazing that she could discover that so quickly. Were there not any foul-ups in the transition from paper to digital? Not one? All I can say is that her paper records must have been incredibly sloppy.
Unfortunately, she will learn that computers don’t fix sloppy. They enhance sloppy in surprisingly sudden ways.
She also says that digital health records increase dental patients’ privacy. What if her computer is stolen from the office? What if the computer is hacked? In the last few years at least 160 million digital health records have been fumbled. How many paper records have been fumbled in the last 2000? That is also an amazing claim, Dr. Hunt.
She says digitalization preserves records in a disaster. What about a North Texas ice storm rather than a Louisiana hurricane? Which is easier to read with a flashlight – paper or digital?
What if one’s computers are suddenly confiscated by a federal agent who is investigating a massive ID theft which leads to one dentist’s practice? A Louisiana dentist can tell a hurricane is coming days in advance.
Pediatric dentist Dr. Johnnie Hunt says digital records cut costs. Everyone knows there is little hope of return on investment for physicians’ eMRs, and they have much more need for digitalization than dentists. That is why HHS Secretary Michael Leavitt had to bribe 1,200 physicians just to try eMRs.
Now, instead of producing digital records that doctors will buy, healthcare IT stakeholders are asking for GM-style bailouts from Congress. Don’t you know those will be special works of art. Think of the quality of a 1975 East German Trabant automobile. That is another sweet product of a captive market.
How can Dr. Hunt possibly say that digital records somehow lowered costs for her?
In his testimony to the Department of Health and Human Services over a year ago, ADA representative Dr. Robert H. Ahlstrom said:
“One dentist contacted the ADA recently and said that their current vendor was not going to update the current version in use today and instead the dental office would be forced to purchase a new system for $30,000-$40,000 dollars or return to submitting paper claims.”
Click to access 070731p08.pdf
Just how much was she paying her office help, and how many staff was she able to lay off?
Here is my favorite line in Anna Thibodeaux’s PR piece. Dr. Johnnie Hunt says:
“Computerized records also increase patient privacy, which is especially important to comply with the federal Health Insurance Portability and Accountability Act [HIPAA].”
Once one realizes that if a pediatric dentist has no digital records, HIPAA is irrelevant to the practice – it makes this argument cute in a childish way.
In dentistry, digital is a dangerous and expensive compromise; hardly an improvement. Let’s tell the truth.
-D. Kellus Pruitt; DDS
LikeLike
Does HIPAA apply to you?
“HIPAA regulations only apply to dental practices that submit or receive electronic transactions for which a standard has been established by the U.S. Department of Health and Human Services, either directly or through a vendor or clearinghouse.”
– ADA News
[Posted today; no byline]
Gather around, everyone! The new, ADA-approved, revised HIPAA Privacy Form 1, Notice of Privacy Practices (NPP) is available at: http://www.ada.org/goto/HIPAA
Here is one of the changes that makes not a wisp of difference because patients never read NPPs thank goodness: “The words ‘locate and’ are deleted in the revised form to convey U.S. Department of Health and Human Services counsel to the ADA that the HIPAA Privacy Act will not permit dentists to charge patients for time spent locating health care records.”
Darrell K. Pruitt; DDS
LikeLike
There goes a profit center.
Darrell
LikeLike
Hey, FWDDS. How progressive would you like to become in the eyes of the nation really soon? How about if I pull you out onto the event horizon with me? Does it make anyone uncomfortable?
Ronnie Wright, a very unique individual who grew up in Haltom City, was a friend of mine. I’ve proudly called him my mentor. One of his favorite habits was to grab his keys and grumble, “Let’s go.” If a newbie asked where. He’d squint, and growl, “Does it matter? Either you’re coming or you’re not.”
Whether you are ready for unprecedented transparency or not, the Twelfth Night is now a part of the national discussion about HIPAA Compliancy. If anyone objects to the way I’m handling things, please state your case so that we can discuss it in front of everyone in the neighborhood.
The following comment is posted on “Dental iQ.” I used to call the Website “The PennWell forum” before they changed the name. It was a good move. It cried for the word “Dental” in its title.
Let’s go.
Darrell
http://community.pennwelldentalgroup.com/forum/topics/hipaa-consultants-who-can-one
HIPAA consultants – Who can one trust?
How does one know who not to pay for HIPAA advice?
A PDF from the ADA was posted today about HIPAA and HITECH. It included an email address, Informatics@ada.org , that leads to an anonymous person in the ADA. I’ve asked for a name to address, but if you’ve followed me for any length of time, you’ll recall that I am capable of assigning them if necessary.
Hope you enjoy this little adventure. I’m learning new nasty tricks all the time. Do you think I’ll get a response from the ADA – whose adopted slogan is “Image is everything” (ADA/IDM)?
I’m optimistic. I think that each time I squeeze poor slobs between their Internet reputations and their bosses in these hard economic times, their leaders come ever closer to responding to me nose-to-nose instead of hiding behind nervous hourly employees.
Darrell
From: pruittdarrell [mailto:pruittdarrell@sbcglobal.net]
Sent: Sunday, August 09, 2009 7:19 PM
To: ‘Informatics@ada.org’
Subject: HIPAA Questions
This email is in reference to the article “HIPAA for Dentists – Frequently Asked Questions.”
http://74.125.95.132/search?q=cache:n14a1IkCqIwJ:www.ada.org/prof/resources/topics/hipaa/hipaa_exposed.ppt+HIPAA+dentistry&cd=2&hl=en&ct=clnk&gl=us
“The ADA will be the profession’s prime resource for complying with these regulations.” – Dr. Robert A. Faiella, 1st District trustee. Dr. Faiella heads the Association’s Electronic Health Record Workgroup.
Dear ADA
At the end of the PDF edition of the August 9, 2009 “HIPAA for Dentists – Frequently Asked Questions,” this email address, Informatics@ada.org , is posted for ADA members who have additional questions about HIPAA. I have such questions. I would appreciate a response that can be shared with others who are listening in.
First of all, let me compliment you and your team for posting a timely warning about prevalent misinformation concerning HIPAA. I’ve also noticed that there is a class of ambitious entrepreneurs who are chasing ARRA money. In addition, I’ve noticed that almost over night, some evolve into nimble experts attracted to sudden 19 billion dollar opportunities. You said it so well In the 12th slide:, “Most Y2K consultants are now ‘HIPPA’ consultants” – emphasizing the common misspelling of the 1996 Rule. And just to tap your point firmly in place, the very next slide shows the envelope from a letter that was sent by Suite Solutions to Robert Lapp, ADA Director of Dental Informatics. Emblazoned on the lower left of the envelope in bold, red letters are the words, “Important – HIPPA Compliance Information.”
According to the meta information on Google: “Suite Solutions is a leading provider of professional services to technical documentation and training groups.” In other words, Suite Solutions is in the business of compliance. I would assume that every one of the company’s relevant employees would have better grasp of relevant acronyms. Others might call ours a “picky” or a “gotcha” criticism, but I think you and I, whoever you are, strongly agree that such mistakes in this business announce loudly a lack of dedication to one’s work. “HIPPA” is the one never event that is inexcusable for a company that depends on credibility to sell advice about HIPAA.
About the same time that Arlene Furlong’s article, “New HIPAA rules stem from federal recovery act provisions,” was posted on ADA Online, I sensed that there is a renewed interest in HIPAA compliancy among dentists. As a matter of fact, in the August edition of my local dental newsletter, The Twelfth Night, a two page piece appeared, titled “The Compliance Corner – Health Information Technology for Economic & Clinical Health Act.” (Also known by its acronym, “HITECH.”) It was written by Travis Criswell, the technology auditor for Dental Compliance Specialists, LLC, which is headed by Sharalyn Fichtl. At this time, it is unclear whether “Compliance Corner” is a paid advertisement for DCS or the start of a featured monthly column.
It is our shared mistrust of consultants that causes me to ask you to clarify or reject some information which Mr. Criswell presented to members of the Fort Worth District Dental Society.
First of all, here is the only sentence in the article that Mr. Criswell underlined. I assume it means he thought it was most important:
“That means no matter if you have the most cutting edge paperless office, or are still filing everything in your old filing cabinet as paper, you are still subject to adhere to all the rules set forth regarding breach notification and prudent protection of PHI in your care.”
Yet in Furlong’s article, she seems to say just the opposite:
“To protect the rights of individuals whose information will be stored and exchanged in the electronic health record environment, HITECH expands upon HIPAA’s privacy and security protections for individuals’ health information. This includes some expansion of the applicability of HIPAA (Health Insurance Portability and Accountability Act of 1996) standards, but a dentist whose practice is still entirely paper-based will not be subject to its rule, at least in most circumstances and state law permitting.” (Emphasis mine).
Which is correct? Your reply is important to several members of the FWDDS.
Secondly, Mr. Criswell mentions encryption, but the whole paragraph begs for a key.
“Encryption is another hot spot for HITECH. The rules even go so far as to really supplement what HIPPA [sic] instructed on what is sufficient encryption and identified that NIST (National Institute of Standards and Technology) is now the acceptable method of encryption. No longer can organizations invent their own methods to simply scramble data, or employ simple to crack encryption methods. NIST has identified several encryption algorithms that meet standards which include AES (Advanced Encryption Standard) and TDES (Triple Data Encryption Algorithm) but it is up to the organizations to ensure their encryption methods and products meet such standards.”
Can you explain in layman’s terms what Mr. Criswell might have been trying to tell ADA members? Will encryption help shield dentists from liability or not?
I appreciate you being patient with me (us). The last question is mine, and it is related to the true cost of HIPAA: If a computer is stolen in a burglary, compromised by a dishonest employee who sells IDs on the side, or otherwise hacked, will it not inevitably lead to bankruptcy even if the dentist reports the tragedy according to the letter of the law?
I’m sure you know that if more than 500 patients’ identities are fumbled – and what dentist has fewer than 500 patients? – the shameful incident must be reported to the local media. If that doesn’t ruin the dentist’s career, imagine what happens if irrelevant, busy-work documentation of administrative trivia demanded by HIPAA and the Red Flags Rule are not in order when HHS and FTC investigators (probably PricewaterhousCoopers employees working on commission) arrive with search warrants. I think you are aware that Congress is hungry for feel-good fines to show constituents that they mean business. It would be so nice to have a name to address.
All of us appreciate your help with the confusion which surrounds HIPAA. After you have answered these three questions, I am interested in learning more about your statement on the 4th slide under the FAQ “How much will HIPAA cost me?” You replied: “You’re already paying $200 a week to comply with proprietary payer requirements.”
That is over $10,000 a year in healthcare dollars that falls far short of reaching midnight toothaches. I’m interested in learning how the ADA intends to cut this needless cost. Please respond promptly.
Sincerely,
D. Kellus Pruitt; DDS
LikeLike
Below is a corrected link in “HIPAA consultants – Who can one trust?
From: pruittdarrell [mailto:pruittdarrell@sbcglobal.net]
Sent: Sunday, August 09, 2009 7:19 PM
To: ‘Informatics@ada.org’
Subject: HIPAA Questions
This email is in reference to the PowerPoint presentation “HIPAA for Dentists – Frequently Asked Questions.”
http://www.ada.org/prof/resources/topics/hipaa/hipaa_exposed.ppt
Darrell Pruitt; DDS
LikeLike
Dear Olivia Wann, RDH, BA
You recently posted an article on Dentistry iQ titled “What’s new with HIPAA.” I attempted to post the 6 questions below, but was unsuccessful.
http://www.dentistryiq.com/index/display/article-display/7539657744/s-articles/s-dentisryiq/s-hygiene-department/s-what_s-new_with_hipaa.html
The problem with submitting a comment was not your fault. There is something wrong with the Dentistry iQ link to your article. It repeatedly froze two different computers in my office. I wish they would fix it. It’s a hassle. For that reason, I will also copy your entire article for presentation along with this email on the PennWell forum, Texas Dental Association’s Facebook and the Medical Executive-Post so that others’ computers won’t freeze if they should want to read it.
The poor Dentistry iQ link is the reason that I am emailing you my questions to this address I found on your Modern Practice Solutions Website. I think you will agree that you should clarify your assertions. It is important that we not mislead those who are naïve.
In your second paragraph, you stated that “Having a national system for computerized health records will improve patient care, increase patient safety, and simplify compliance in the United States. Additionally, these records will save costs, minimize errors and maximize efficiency.”
Can you please clarify for readers on this forum:
1. How will eDRs improve care of dental patients?
2. How will eDRs increase patient safety?
3. What do you mean when you say that having a national system for computerized health records will simplify compliance in the US?
4. How will eDRs save costs in dentistry?
5. How will eDRs minimize errors in dentistry?
6. How will eDRs maximize efficiency?
I wish to thank you in advance of your attention to the statements you made. There are a couple of hundred professionals who await your reply, so please respond promptly, Olivia Wann, RDH.
Sincerely,
D. Kellus Pruitt; DDS
———————————————————
What’s new with HIPAA
By Olivia Wann, RDH, BA
President Obama signed into law last February The American Recovery and Reinvestment Act known as the “Stimulus Bill.” The federal government included in this law $19.2 billion that is intended to increase the use of the Electronic Health Records (EHR) known as the Health Information Technology for Economic and Clinical Health Act, or HITECH Act.
What does this mean for patients? Having a national system for computerized health records will improve patient care, increase patient safety, and simplify compliance in the United States. Additionally, these records will save costs, minimize errors and maximize efficiency. Yet, the computerization of all health records by the end of 2014 means new regulatory requirements for the healthcare profession, including dental offices.
The HITECH Act increases the penalties for various HIPAA violations, which is significant to covered entities. Covered entities include dental offices who submit claims electronically or verify patient’s information online, such as insurance benefits. The act will also now require business associates to comply with many of HIPAA’s rules and subject them to HIPAA’s civil and criminal penalties. Business associates are individuals who have access to protected health information such as an independent contractor (i.e., software trainer, accountant, practice management consultant, computer technician).
Why all the fuss? Most hygienists readily agree that protecting patient’s health information is serious matter. Identity theft is on the rise. Furthermore, HIPAA outlines how and why individuals may file a complaint.
Consider that since April 2003 when HIPAA’s Privacy Rule became effective, the Health and Human Services Office of Civil Rights has received over 27,000 complaints with over 4,500 cases investigated and resolved. There have been four criminal HIPAA violations prosecuted to date with over 350 complaints considered by the Department of Justice.
In providing HIPAA trainings across the country, some individuals having mistakenly thought that these regulations are more applicable to administrative employees who handle patient account information such as payments and insurance. Regardless whether an employee is considered “clinical” or “administrative,” the privacy of protected health information may be breached. Simply look at your patient information screen and note how much information is gathered on patients which requires security measures. Thus, the entire team is responsible for launching a successful HIPAA program to avoid violations including criminal prosecutions.
A dentist contacted our office indicating that a hygienist disclosed the name and information of patient in need of periodontal services to a hygiene student without permission. On being contacted by the student who offered to treat the patient at the hygiene school, the patient contacted the dentist to a file a complaint for breaching his privacy. The dentist dismissed the hygienist.
The federal government prosecuted a phlebotomist at a cancer center who stole the social security number and date of birth of a patient (United States v. Gibson).1 Gibson had access to patient information such as date of birth and social security numbers. He used the information to obtain credit cards in the patient’s name. The employee was charged as a criminal violation for the wrongful disclosure of individually identifiable health information with the intent to use the information for personal gain and sentenced to 16 months in prison. Gibson plea bargained and made restitution to the credit card companies and the patient who was the victim of identity theft. As noted here, a clinical employee accessed information and was held in criminal violation of HIPAA.
To commit a criminal offense, a person must “knowingly” violate a HIPAA rule, 42 U.S.C. § 1320d-6.2 Interestingly, the Stimulus Bill added to the Wrongful Disclosures Criminal Penalties “a person (including an employee or other individual) shall be considered to have obtained or disclosed individually identifiable health information in violation of this part if the information is maintained by a covered entity…” Therefore, employees who knowingly violate a HIPAA rule may be subject to a criminal penalty, not simply the corporation or covered entity. Penalties may range up to $250,000 and 10 years imprisonment. 42 U.S.C. § 1320d-6(b)(3)
In response to a nurse pleading guilty to a HIPAA violation, Jane W. Duke, United States Attorney for the Eastern District of Arkansas stated, “What every HIPAA-covered entity needs to realize and reinforce to its employees is that the privacy provisions of HIPAA are serious and have significant consequences if they are violated … Long gone are the days when medical employees were able to snoop around office files for ‘juicy’ information to share outside the office. We are committed to providing real meaning to HIPAA. We intend to accomplish this through vigorous enforcement of HIPAA’s right-to-privacy protections and swift prosecution of those who violate HIPAA for economic or personal gain or malicious harm.”3
Hygienists should thus seriously evaluate the level of HIPAA compliance in their practice to avoid practice interruptions, penalties and litigation. Modern Practice Solutions strongly suggests providing training for your staff, conducting a risk assessment of your patient’s protected health information and incorporating the necessary Privacy & Security policies for compliance. A team approach to HIPAA compliance assures a more successful program and a smoother transition into the electronic health record era.
Olivia Wann, RDA, BS, joined the dental profession in 1985. She attended Tennessee Technology Center as a RDA and graduated from St. Joseph’s College with a BS in Health Care Administration. Currently, Olivia is a 2nd year law student at the Nashville School of Law. Olivia founded Modern Practice Solutions in the year 2000 providing in-office training, consulting and national seminars on compliance topics. Please visit http://www.modernpracticesol.com or contact Olivia at (615) 308-6695.
LikeLike
Calling all HIPAA Consultants
Just when you thought I was out of surprises aged to perfection, I break out some special 17 month old cheese. Some may recognize the bouquet.
From: pruittdarrell [mailto:pruittdarrell@sbcglobal.net]
Sent: Saturday, August 22, 2009 9:22 PM
To: ‘olivia@modernpracticesol.com’
Subject: Ready to talk yet?
Dear Olivia Wann, RDH, BSHCA and HIPAA Consultant:
So we meet again. Remember me yet? It’s Darrell Pruitt DDS. That’s a nice consulting business you’ve got going for yourself. It would be a shame to see something bad happen to it.
Consultants live and die by their reputations, and I consider it my civic duty to adjust yours for the safety of naive friends in my neighborhood who otherwise might not recognize your mumbo-jumbo deception as easily as I do, and could get hurt. Have you ever thought about going into law?
Lots of sports fans already noticed that you have not bothered to answer any of the six questions I emailed you a few days ago. I imagine if you had the courage to utter a peep, you might complain that I have not given you enough time. Ordinarily you might get sympathy, but you and I both know that this isn’t the first time you ignored me, is it Olivia. My first email to you, which was much more polite than this one, is still waiting on your response after 17 months. Please think about answering this (it’s only a rhetorical question): If you cannot answer dentists’ questions, how can you possibly be a competent HIPAA consultant, even if you have a BSHCA degree?
It’s been so long, you may have forgotten that HIPAA compliance was the subject of a survey I performed titled “HIPAA Rules and Dentistry.”
Click to access hipaa-survey-dentists4.pdf
I told you that nine of the ten HIPAA requirements which were the topics of the survey were copied verbatim from your article titled “Demystifying HIPAA: Part III—Physical Safeguards of the Security Rule,” which appeared in the November 2007 issue of Contemporary Oral Hygiene.
http://www.contemporaryoralhygieneonline.com/issues/articles/2007-11_03.asp
It turns out that not a single dentist in the survey of 18 was 100% HIPAA compliant. In fact, the results show that less than half of the requirements are being respected, and most dentists think the majority of the requirements are a senseless waste of time. They make good arguments. One dentist lamented, “We try to comply, however, many times I feel every government agency in the country wants to run my practice without regard to the problems, expense or aggravation it causes the health provider” See what I mean? They’re a tough crowd.
After reading that for the second time in less than 2 years, do you really think you can shop your lies about HIPAA around here and not be held accountable? In case you didn’t know, you’re trapped along with a few other unfortunate HIPAA consultants named Travis Criswell and Sharalyn Fichtl of Dental Compliance Specialists LLC and Kelly McLendon RHIA. If you google their names. My challenges show up on all their first pages. In fact, I’m Kelly McLendon’s first hit. I don’t guess he minds because he hasn’t uttered a peep either. He is so weak on the Internet that he can probably use the search engine help. Some call this “branding.” I call it “domesticating and branding.”
And now, let me show you and my sports fans how your silence has already damaged your reputation. When you, I or any other dentist googles “Olivia Wann,” my unanswered request for clarification of 6 statements you packed into one paragraph comes up as your 2nd hit: “Olivia Wann RDH questioned by D. Kellus Pruitt DDS”
http://community.pennwelldentalgroup.com/forum/topics/olivia-wann-rdh-questioned-by
Does that bother you any, Olivia? Do you think I will grow bored with hounding you and your colleagues smooth out of my neighborhood? Are there any more like you on their way? I find this fun in an ornery way.
It is my long-held and uncontested opinion that you and other HIPAA consultants are a huge part of the problem, Ms. Olivia Wann, RDH, BSHCA.
D. Kellus Pruitt; DDS
LikeLike
ADA priorities – CareCredit trumps HIPAA
Even though the ADA has still not informed members about HIPAA’s latest and critical breach notification requirements that were announced last week, someone in ADA headquarters managed to find time to slip in a press release today for CareCredit/GE that members could easily mistake as a sincere article with no byline.
http://www.ada.org/prof/resources/pubs/adanews/adanewsarticle.asp?articleid=3705
The title of the ad is “CareCredit launches new patient tool – Online resource center aids health and financial decisions.” It describes how CareCredit and the ADA intend to use the patient’s age to target ads about dental products. It’s a new kind of marketing scheme that barely touches the profit opportunities of data mining when coupled with CareCredit’s “paperless statements.” Here is the third paragraph:
“On the Web site, http://www.carecredit.com , patients can quickly and efficiently access a wide variety of information in written and video format, from a CareCredit doctor locator and user’s guide to tips on preventing credit fraud. The site allows patients to conveniently make payments online, ‘go green’ by signing up for paperless statements and gain access to current health information based on their individual life stage. Health information is sourced from third-party organizations (including ADA.org) that provide patient guidelines for appropriate care based on age.”
Personally, I think it is absurd that an officer in the ADA decided that promoting CareCredit/GE is more important to membership than warning about the imminent HIPAA enforcement which threatens to bankrupt dentists nationwide. Was this one of the decisions our new executive director, Dr. Kathleen O’Loughlin signed off on? Will we ever know? By the way, why was the previous ADA executive director, Dr. James Bramson, fired? He and I were just getting to know each other.
So just how good is the financial product anyway? Is the quality of CareCredit/GE, an ADA Business Resources-endorsed partner, any better than ADA/IDM that crashed and burned so publicly just months ago? Does Dr. O’Loughlin realize that there are some really disappointed members out here?
David Fasoli, President of CareCredit is quoted in the ad. He says all the right things, and sounds assuring enough: “The relationship between the patient and the dentist is based on trust. When a dentist offers patients CareCredit as a way to pay for their dentistry, part of that trust relationship is transferred to us. CareCredit continues its commitment to providing the doctor and the patient with a positive experience, so that the trust relationship is honored and strengthened.”
So Fasoli says that positive experiences for patients strengthen “the trust relationship,” Let’s take a closer look at CareCredit’s reputation for promoting positive experiences in the neighborhood, and then close with something about trusting relationships. And as we expose the results of a simple Internet search, let’s pretend that CareCredit’s reputation suddenly becomes our own when things go awry. Since we may well have recommended CareCredit to our dissatisfied patient with whom we also have a trust relationship, we will wear CareCredit’s reputation. With that in mind, let’s see what’s on the rack.
Here are the first 10 hits when one googles “CareCredit consumer complaints,”
1. Care Credit / GEMB Complaints – Get rid off!
Feb 26, 2007 … Consumer Tips & Tricks …. If I gather enough complaints from googling “Care Credit” I will submit ….. 2009 Consumer Complaints Board …
http://www.complaintsboard.com/complaints/care-credit-gemb-c6012.html – Cached – Similar
2. Care Credit Complaints – Sneaky little rules!
Aug 20, 2007 … I have yet to meet a satisfied Care Credit customer. … Consumer Tips for Saving Money ! … 2009 Consumer Complaints Board …
http://www.complaintsboard.com/complaints/care-credit-carecreditcom-c21538.html – Cached – Similar
3. My3cents.com – CareCredit complaints and reviews
Read real consumer reviews and complaints on CareCredit and more at My3cents.com – Your advocate for consumer empowerment.
http://www.my3cents.com/search.cgi?criteria=CareCredit – Cached – Similar
4. My3cents.com – CareCredit Complaint – Legal references for …
Dec 8, 2004 … CareCredit Consumer Review – Legal references for CareCredit fraud-fight back! … Care Credit – Complaint – Medical Credit Card …
http://www.my3cents.com/showReview.cgi?id=7861 – Cached – Similar
5. CareCredit GE MoneyBank Consumer Complaints
CareCredit GE MoneyBank Reviews, Complaints and Compliments – Visit to read, write or respond to customer service reviews and consumer complaints about …
http://www.measuredup.com/ …/CareCredit…/Consumer-Complaint-1 – Cached – Similar
6. Rip-off Report: Care Credit – GE Money Bank Extremely deceptive …
Aug 4, 2007 … Reaction to other complaints about GE Money Bank/Care Credit: IT IS TIME TO TAKE … for medical loans to a very vulnerable consumer market. …
http://www.ripoffreport.com/reports/0/265/RipOff0265301.htm – Cached – Similar
7. An Honest Review About Care Credit – CareCredit Healthcare Finance …CareCredit Healthcare Finance Plans – User Rating: 1 stars. … 21 consumer reviews · Subscribe to reviews on this product … I think that’s partly to do with the high rates that care credit imposes and possible customer complaints. …
http://www.epinions.com/content_438215872132 – Cached – Similar
8. CareCredit @ Pissed Consumer
CareCredit reviews and complaints. The company offers a number of … Consumer Reports is the most famous consumer product reviews and rating agency. …
carecredit.pissedconsumer.com/ – Cached – Similar
9. care credit complaint
May 3, 2008 … care credit complaint. … I paid care credit on time every month, so I was pretty surprised … Search our consumer complaints database …
browse.complaints.com/redirect.php?entry_id=148381 – Cached – Similar
10. Health care credit cards causing some pain | StarTribune.com
Aug 13, 2009 … Although fraud lawsuits like Swanson’s appear to be rare nationwide, complaints about predatory marketing of CareCredit cards prompted
So does CareCredit sport a reputation ADA members can take pride in? Hardly. I’d be afraid that if I referred a patient to CareCredit, he or she might do quick, basic research like I have done and never schedule another appointment with me.
And finally, there is that thing David Fasoli calls “the trust relationship.” If we are sharing reputations, trust and spit, why did CareCredit/GE Vice President Cindy Hearn refuse to discuss the implications of the Red Flags Rule with respect to her product? Does she not trust me?
I followed a link in the ADA ad to CareCredit/GE’s Website. After a few more minutes of searching, I located an email address inside CareCredit under “Sales.” So I used it. Have you noticed that executives in command and control companies prefer telephone conversations with consumers over emails? I’ve cornered a few of them, including VP Cindy Hearn. and in desperation they have tried calling me on the phone, even after being warned not to.
Evolution in sales techniques which involve more accountability will eliminate those dinosaurs naturally. Now let me show you why. Emails are just too easy to share with everyone. I do hope you enjoy this one.
When the going gets tough, good ol’ boys go offline.
——————————————————————————–
From: pruittdarrell [mailto:pruittdarrell@sbcglobal.net]
Sent: Wednesday, August 26, 2009 11:40 AM
To: ‘sales@carecredit.com’
Subject: Red Flags and CareCRedit
Dear Sales Department, CareCredit:
I am a dentist who practices in Fort Worth, Texas, and I am trying to determine if by signing up for CareCredit, it will make me a covered entity under the FTC’s Red Flags Rule.
A prompt reply would be appreciated.
Sincerely,
D. Kellus Pruitt; DDS
LikeLike
HIPAA fines and other absurdities
In the case of data breaches, which two industries in the nation lose the most clients after notification that their secrets have been fumbled? According to the Ponemon Institute, financial institutions and doctors’ offices lead the nation. This problem is obviously much more serious than the ADA has been telling membership. Statistically, dentists around the nation must be going bankrupt because of data breaches, yet nobody has reported a thing about it. That would be the ADA’s job, except that a handful of influential leaders have invested too much of ADA dues, careers and pride into electronic Dental Records. Forcing the self-sustaining bureaucracy to back away from informatics and other distractions like CareCredit/GE won’t be easy, and it won’t be pretty (That doesn’t rule out entertainment, though). I intend to deliver unprecedented accountability to the ADA House of Delegates, and I’m going to do it by the end of the week when they meet during the national convention. I believe there is a good chance that I can significantly help membership re-take control of renegade bureaucracy in the ADA this year by enforcing allegiance to the ADA’s mission statement. And if I fail ? Big deal. There’s always Dr. Ron Tankersley’s turn as President in 2010, and then will come Dr. William Glecos’ reign in 2011. Like Tankersley, Glecos is also a big fan of HIPAA. After that, it will probably be a woman again. I’ve forgotten the President-elect candidate’s name. No wagering, please.
If as a healthcare provider, you have patient identifiers on your office computer, why even bother with trying to maintain HIPAA compliancy? If a dentist’s office should be inspected by HHS and/or the FTC, it will only follow a breach of patients’ PHI. By the time HHS arrives, there will have already been much sorrow in this office. More than likely, the breach will have been self-reported by an honest dentist who did the only ethical thing possible – inform the patients involved who could be hurt by the lost information. And because of honesty, it is certain that the dentist will be rewarded with bankruptcy long before the inspectors arrive to make certain irrelevant tasks were properly documented before a drug addict crashed a stolen truck through the dentist’s front door and took a laptop. By the way, 35% of all breaches are from stolen laptop computers. Yes, by the time inspectors arrive, HIPAA fines aren’t scary at all. Let me show you why. As you follow along, see if this story also reminds you of the scene in Airplane! when the passengers are standing in the aisle of the plane waiting their turn to beat the hell out of a defenseless, hysterical teenage girl that a doctor, played by Leslie Nielsen, couldn’t get to shut up, even by slapping her.
Let’s get the obscene stuff over with first. I read today that the Ponemon Institute estimates that a breach will cost a provider $202 per patient. Their research is quoted in the Interim Final Rule for Notification. (See “Long term costs for a breach of just 499 records could be as high as $100,798” – ExperiorData Healthcare Security & Encryption press release)
http://www.experiordata.com/blog/?p=94
The direct costs of notifying patients and covering their credit reports for a few years is only $50 per patient. However, the long term reputational damage costs $152 per patient. If the breach involves more than 500 patients, the costs per patient go up because then local news media have to be informed of the unfortunate accident. A breach could cost the average dentist a million dollars or more, even before the lawsuits. (Gasp!)
That brings me to another article I read today which also has some important and timely news that the ADA Department of Dental Informatics is unlikely to share with membership: “Federal Court Finds Standing for Security Breach Victims Fearing Identity Theft.”
http://www.huntonprivacyblog.com/2009/09/articles/security-breach/federal-court-finds-standing-for-security-breach-victims-fearing-identity-theft/
This means that if the loss of a million dollars isn’t discouraging enough to shake an honest dentist’s fear of HHS fines, there are thousands of other reasons post-breach inspections are irrelevant and a waste of taxpayer money. It turns out that if a dentist maintains 4000 patients on a stolen computer, one third of the $800,000 cost will be to give a heads-up to 4000 possible plaintiffs.
As long as identifiers are attached to records like fuses to bombs, consumers will justifiably not trust the security, and HIT stakeholders will have simply squandered our grandchildren’s money for nothing more meaningful than corporate bonuses. Let’s face the fact that this year’s ADA House of Delegates simply must back our butts out of this dead end and try another path unobstructed by mandates like HIPAA, the Red Flags Rule and the CCHIT’s definition of “meaningful use.” We be idiots.
I have a few ideas if anyone is interested. I can wait my turn, though. I’ll just sit back and watch and report how swell Dr. Ron Tankersley is doing as the newest “under the radar screen” ADA President. Did you know that the ADA promised to open a Website for members soon that will be designed to discuss current issues? Guess which dentist in the nation will dominate that site? Once again, no wagering, please. You do know, however, that I already dominate the Texas Dental Association’s Facebook, don’t you?
D. Kellus Pruitt; DDS
LikeLike
Dr. Pruitt,
Here is more on HIPAA’s broken promises
http://www.thehealthcareblog.com/the_health_care_blog/2009/09/hipaas-broken-promises.html#comments
And, to all those who loathe this law.
Duke
LikeLike
HIPAA Training Costs for Hospitals
Duke and Dr. Pruitt,
Few discuss, or benchmark, HIPAA training costs for private dentists as it is up to the individual DDS/DMD. Ditto for private MDs, etc. Yet, even fewer discuss HIPAA training costs for hospitals, even though the privacy regulations provide each hospital with a great deal of flexibility in developing training programs for its staff; and hence related costs.
For example, each hospital’s training program varies based on the size of the facility, number of staff, types of operations, worker turnover, and in general the experience of the work force.
DHHS estimated that each employee who has access to PHI required around one hour of training in the policies and procedures. An additional cost to the hospital is the production of affiliated training materials. Training costs were subsided toward the end of 2006, except for the minimal training provided to new employees.
Today, the comprehensive deployment of training at the initiation of HIPAA related eHRs, is far different than the reduced level of training needed in 2009.
And so, can anyone provide more information on these HIPAA related eHR hospital training costs? Thanks in advance.
Val
LikeLike
More HIPAA surprises! Hello, state Attorneys General!
Critical information concerning HIPAA that the TDA Executive Director evaded discussing with me over a month ago (question 22 of 35), was posted a few days ago on Lexology.com. (Below) Lots of surprises were slipped into the 2000+ pages of healthcare law that nobody had time to examine. How is that for “best practices” in government?
Gradually, we are discovering that Obama’s healthcare plans offered something for everyone fortunate enough to be at the right place at the right time with lots of money and political influence. That would be the healthcare stakeholders. Not healthcare principals.
Here is what the image-conscious TDA, a stakeholder, would rather not discuss: HITECH allows data breaches from dentists’ offices to be prosecuted by Attorney Generals – in addition to fines from the HHS and probably the FTC. All it takes is a burglary of a dental office to ruin a dental career.
There was nothing holding down the cost of being HIPAA compliant even before the state Attorneys General hitch their political wagons to the enforcement. This means that dentistry performed in paperless practices hobbled by ever more stifling federal and state regulations that the ADA has proven to be incapable of stopping, will cost increasingly more than dentistry using paper records. That is inescapable hard economics. Stakeholders are expensive. Yet the President of the United States intends for dentists to also be part of the national eHR system by 2014. Expensive, expensive fantasy.
Not even Dentrix, the largest eDR vendor in the nation, can show that eDRs save money. In fact, a Dentrix representative named Eric said as much to me a month ago on Dentrix’s own Facebook. (See “Dentrix Hell”).
Eric didn’t stop there. When challenged about the safety of Dentrix’s product, he said, “Like I said before, I understand your concern about the priceless information that is your patient’s information, but it is not Dentrix’ responsibility to provide the security of your digital information.”
That’s an incredible thing to say about a dental product which will not even save money on dental care. It gets worse: I read this week that the US now uses Dentrix for all federally supported dental care for American Indians. If I were an Indian dental patient, I’d be pissed at having to accept second-rate, dangerous healthcare.
Expect a continuing parade of ambitious stakeholders like AGs and Dentrix to continue to increase the cost healthcare for non-productive reasons. Obama opened the door long ago.
One day, the image-conscious ADA will simply have to admit that unquestioningly promoting HIPAA and paperless practices was the most costly mistake ever made by the ADA.
Lexology.com article
“New HIPAA cop: first AG settlement for HIPAA violations” by Proskauer Rose LLP and Sara B Krauss http://www.lexology.com/library/detail.aspx?g=33ca0a8b-9201-4cf8-b3cf-e815486b131d
Last week, the Connecticut Attorney General became the first state attorney general to enter into a settlement agreement for HIPAA violations, as a result of the new authority granted to attorneys general under the Health Information Technology for Economic and Clinical Health Act (HITECH Act).
This settlement resulted from the first ever attorney general action under the HITECH Act, as a result of the loss by Health Net, a health insurer, of a computer disk drive that contained unencrypted protected health information such as claims forms, health plan appeals information, and other sensitive data relating to approximately 1.5 million health plan participants (approximately one-third of whom resided in Connecticut). The Connecticut AG focused upon the several month delay by Health Net in reporting the loss to law enforcement officials.
As part of the settlement, Health Net has agreed to pay $250,000 to the state, offer two years of credit monitoring for affected participants, obtain $1 million of identity theft insurance, and reimburse affected individuals for security freezes. An additional contingent payment of $500,000 will need to be paid, under specified circumstances, in the event that the lost information is actually accessed and misused. Further, Health Net has agreed to a corrective action plan that includes various privacy and security measures to heighten protections for health information as well as other sensitive data, regular monitoring, and reporting to the attorney general’s office. Many of the steps that Health Net agreed to undertake relate to the handling of portable media and the encryption of sensitive data, such as encryption of hard drives, including those on desktop computers, as well as to the improvement of security training and awareness for personnel.
While many commentators have understandably focused on the security breach notification provisions of the HITECH Act, the provision of the Act that authorizes state attorneys general to bring civil actions for violations of HIPAA also warrants attention. The inclusion of this provision adds an additional avenue for enforcement of privacy and security violations by HIPAA-covered entities, although the Connecticut action is the only action that has been brought to date since HITECH Act was enacted in February 2009.
——————–
So where’s leadership on this, ADA?
And you, TDA. What’s your excuse? Over a month ago, I directly asked the Executive Director, “Does Texas Attorney General Greg Abbott intend to sue HIPAA-covered entities who experience data breaches? (Attorneys General in other states are doing this).”
She replied: “The Texas Attorney General’s office has posted an extensive listing of major lawsuits and settlements on its website. Of those listed, some address identity theft issues, specifically the cases involving CVS, EZ Pawn, and RadioShack. For a complete listing, http://www.oag.state.tx.us/consumer/lawsuits.php#68 .“
That was so bureaucratic-cute of her, wasn’t it, TDA members? Even though she expertly put me in my place, she could have saved words by just telling me, “Find it your own damn self.”
Which I did.
D. Kellus Pruitt DDS
LikeLike