Avi Baumstein and HIPAA Compliancy

A Ten-Step Process

By Darrell K. Pruitt; DDSpruitt

HIPAA inspections are coming. Are you still computerized? If so, are you prepared? The fines are steep if a dentist’s [optometrist, podiatrist, allopath or osteopath’s] computer is hacked and he or she is found to be not in compliance.

About Avi Baumstein

Avi Baumstein is an information security analyst at the University of Florida’s Health Science Center in Gainesville. He posted an article recently; on InformationWeek titled “Time to Get Serious about HIPAA.” Baumstein is one expert who should know.

Link: Ten Step Process


Mr. Baumstein notes that in October, the HHS inspector general issued a report that was sharply critical of CMS (Medicare and Medicaid) for not enforcing HIPAA security. The embarrassing dope-slap of CMS leadership causes Baumstein and other experts in the security industry to anticipate more “proactive enforcement” (unannounced inspections) in the next year. 

From his article, I am led to believe that the last prerequisite for meaningful action to enforce security is a tax-paying and otherwise acceptable nominee for Secretary of Health and Human Services. Whoever Obama finally digs up [Kathy Sibelius] I think providers are in for significant changes. 

For example, it will be the Secretary who will ultimately decide if HIPAA inspections will be performed by new federal employees or PriceWaterhouseCoopers personnel – which was the former President’s administration’s “market approach” to helping the GDP by outsourcing policing duties, as well as accountability, to favored big businesses. (For those who are sensitive about political affiliations and become upset with me for saying unflattering things about your heroes, please don’t feel too hurt.  I’m a bi-partisan critic for natural reasons).

The ADA’s imaginary playing field and toy soldiers

“The electronic health record may not be the result of changes of our choice. They are going to be mandated. No one is going to ask, ‘Do you want to do this?’ No, it’s going to be, ‘You have to do this.’ That’s why we absolutely need the profession to be represented in the discussions about EHR to make sure our ideas are enacted to the greatest extent possible.”

ADA President-Elect Dr. John S. Findley,

In-house interview ADA News

October 7, 2008

In spite of President Findley’s manicured and traditional cause-I-say-so sound bite, the actual invisibility of ADA leadership in healthcare IT matters clearly hints that whatever happens in Obama’s healthcare reform, dentists’ and patients’ concerns stand little hope of being adequately represented by ADA representatives. 

For example, when I recently contacted CCHIT to ask about EHRs in dentistry, I was told that I was one of the first to even mention dentistry to the private and reclusive non-profit EHR certification club. I think that chunk of unexpected news blows a huge hole in President Findley’s boat. Want to see something hilariously scary in a darkly humorous way? The President’s campaign motto this time last year was “Findley for the future.” Get it?

In spite of the silent neglect of dentists’ interests by dental leaders from the top down, I would like to proclaim that there is accidental hope that future HIPAA inspectors will know more about dentistry than the jobless OSHA hired in the late 1980s during the HIV panic. I heard a rumor back then that OSHA sent an inspector to a dental office who didn’t know the difference between a microwave and an autoclave.

Panic and Urgency

Panic, a favored US government bureaucratic response, occurred when OSHA leaders found themselves suddenly under pressure from Congress over a mysterious disease that was raging out of control. Since immediate action was demanded, even if it was irrelevant and wasteful, OSHA leadership was so busy chasing shadows that it was hiring almost anyone just to cover their lower backs. Eventually, the panic subsided and yielded to a low level of common sense, thanks in large part to the intervention of the late Rep. Dr. Charlie Norwood of Georgia – a dentist and a courageous statesman. Nevertheless, because of the momentum of institutional panic, millions of healthcare dollars have been wasted on 99% superstition; incredible? Consider this.

In the last two decades, how many lives have been saved by covering dental chairs with plastic between patients? Now, how much does the effort raise dentists’ fees – thereby lowering accessibility and increasing disease and suffering among Americans? Furthermore, after each dental patient is released, the “contaminated” sheet of petroleum-based polyethylene is thrown away. I ask this: Are the reasons for inevitable environmental problems caused by regularly adding non-biodegradable plastic to the city dump based on evidence-based science? 

Of course not! This and other related acts of foolishness are nothing but lingering, costly superstition – now accepted as standard of care without proof of effectiveness. Here is how such absurdity happens: Some of those weekend miracles quickly hired by OSHA in the ‘80s went on to become prosperous and influential consultants with lots of ideas.

Since the US government is prone to panic followed much too quickly by careless and expensive overkill, national responses to adversity often stimulate lots of employment – evidence of need be damned. The OSHA surge of the 80s followed the AIDS scare. More recently, coming on the heels of the banking collapse, auditing has become one of the fastest growing fields in the industry. The feds cannot hire people with accounting skills fast enough. I contend that one should expect that for reasons and attitudes similar to those surrounding the increased funding for OSHA, it follows that news of frightening breaches of EHRs by the hundreds of thousands at a time has created a new nidus of power in a fresh, enthusiastic administration, as well as an enormous employment opportunity for anyone with knowledge of dentistry – like super-hygienists.

A hazy glimpse of the future and a promise to tie all this together soon

This brings us to a fanciful peek over the edge of the event horizon in dentistry. At the same time that HIPAA inspections of dental offices appear unavoidable, there is currently a turf war between fully licensed dentists and expanded duty “super-hygienists” who wish to be able to practice independently – limiting their invasive work to only easy fillings and simple extractions that in their assessment will not turn complicated.

Link: www.HealthcareFinancials.com

Turf Wars

This kind of war has been fought before, and physicians lost. Nurse-practitioners annexed physician turf like Sudetenland, and they are still grabbing lebensraum. CMS loves it. 

However, dentistry is different. It is my opinion that because of dental patients’ very personal reasons that include under-rated motivation from primal fear and terror, they will shun almost-dentists almost immediately – leaving graduates with huge student loan payments and lots of unused knowledge about dentistry.

Furthermore, I predict that when super-hygienists consider the expense of finishing out and leasing space at a shopping mall or department store, in addition to monthly loan payments to cover the price of dental equipment, or perhaps even the buy-in price to an insurance-sponsored dental franchise, a few will be discouraged from their initial intention to increase accessibility to dental care by lowering cost and quality.  

I think reality will cause a few super-hygienists to be readily lured from their initial goals upon entering two-year junior college programs that taught them nomenclature and the easy parts of doing dentistry. Unless they agreed to work in underserved areas in exchange for paid tuition, some will consider the benefits of working for commission for the US government as HIPAA inspectors. And later, the most successful of these will have the opportunity to continue their careers as HIPAA consultants with lots of ideas.

Are you following me so far? In conclusion, within two years, instead of real-dentists and almost-dentists being faced with uninformed HIPAA inspectors like OSHA’s shock-and-awe weekend miracle crews of the ‘80s, there will accidentally be thousands of nomenclature-savvy super-hygienists graduating across the nation looking for work about the time an acceptable HHS nominee finds his or her stride. What a story! 

Did I ever tell you that I once did a short stint as a screenplay writer? 

I guess I am being a little bit silly concerning super-hygienists, but do you see how all these pieces of history can conceivably come together at a time when the nation couldn’t be more vulnerable to wasting money on foolishness? Common sense about patients’ security is just not that common in Washington DC, and the absurdity of HIPAA is so great that the stunned silence it evokes actually causes the enforcement of folly to fit in well with the traditional Democratic tendencies of using big government to handle all possible contingencies caused by human frailties – even if that means micromanaging everyone. Who needs that? 

Every day, I am increasingly thankful that my office is not computerized. The sheet-metal box that contains my patients’ ledger cards does not have a USB port. Preparation for inspection is tricky by design.

Link: www.MedicalBusinessAdvisors.com


Baumstein concedes that preparing for a HIPAA inspection is difficult because the law is intentionally vague:

“One goal of HIPAA was to be a one-size-fits-all, technology-neutral regulation.” 

Incredible; when you read the ten obligations Baumstein says a dentist must complete to be compliant with a vague mandate, you too may want to go back to a pegboard system – carbon paper and all.  

It seems to me that in 2003 or so, someone in the ADA Department of Dental Informatics should have warned ADA leadership about the obvious fact that as long as there is a dependable supply of cheap carbon paper in the nation, HIPAA enforcement has the potential to drive computers smoothly out of dentistry. Instead, there was silence followed by increased funding for the department’s budget, and the game was on. By 2005, at the urging of the former administration and healthcare IT stakeholder Newt Gingrich, the ADA News was posting articles pushing ADA members to quickly volunteer for irreversible NPI numbers for no good reason.  A trusting majority of members dutifully followed the tainted command. I am saddened by the loss few yet comprehend.

Link: www.HealthDictionarySeries.com


And so, your thoughts and comments on this Medical Executive-Post are appreciated. In bringing a close to this contiguous, here is something some may find interesting about the University of Florida, where Avi Baumstein works. Do you remember the 330,000 dental patient records that were hacked this fall from the Dental School located in Gainesville, Florida?  You guessed it; same college town – same health science center

And, as of last week that the dental school was still hemorrhaging patient data to who knows where. I bet by now, Baumstein knows more about HIPAA and dentistry than anyone in the nation How about you? 

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com  or Bio: www.stpub.com/pubs/authors/MARCINKO.htm

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Get our Widget: Get this widget!

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest E-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

6 Responses

  1. Hi Darrell, Ari and all MEP Subscribers,

    According to Professor, M. Eric Johnson of Dartmouth College; he can obtain thousands of medical files for patients using popular peer-to-peer [P2P] applications.

    Worse, given the distributed nature of P2P networks, users might never know that their files have been accessed, as there’s no central monitoring for security breaches underway in P2P data sharing.

    Link: http://by118w.bay118.mail.live.com/mail/InboxLight.aspx?n=1588970600#1

    Do you think HIT, and the various eMR products, are going to become just like Napster, et all?



  2. Scary.


  3. In regards to Barbara’s concern about eHR breaches ultimately causing widespread dissemination of information about patients’ frailties, what if our nation’s enemies have already collected a significant number of Americans’ health records – perhaps by well-funded hackers? If that were possible, would it make safeguarding of eHRs an issue of national security instead of an afterthought?

    What if in less than a decade, eHRs also contain genetic data? By then, the US could be vulnerable to biological smart weapons of unimaginable stealth. Compared to small pox or anthrax, the next generation of weaponized biology could strategically and precisely target individual leaders and top scientists, for example.

    Once DNA codes are included, I think eHR breaches of tomorrow could be scary for generations.

    Darrell K. Pruitt; DDS


  4. Character counts, starting now

    Imagine being a respected, ethical person in a small town who finds that he or she must accept work as a public relations consultant with a local, notoriously sneaky company. That is a tough job full of professional, as well as social sacrifices. If one’s job is to teach students how to be effective public relations professionals with reputations which pass routine Internet search tests, how does one handle this chapter? The Internet is a sudden small town not all bosses are prepared for. That can make it dangerous for naïve and trusting employees.

    Ari Adler, a PR consultant from Michigan who works for Delta Dental, also teaches public relations to college students – although his course is for college credit, whereas mine is not. He also probably gets paid. Here is how Adler described the sometimes ethical dilemma on his website 5Ws on January 28:

    “I’ve had the topic of personal vs. professional online activity come up in Twitter discussions and during presentations to folks wanting to explore social media. It seems that whether we’ve been at this for a while or it’s a strange new playground, none of us are really very comfortable making a decisive argument about how your personal and professional life should or shouldn’t collide via your online activities.”


    Prophetically, a week later Mr. Adler found himself trapped between a dentist and his boss, Delta Dental. In an interview for an online story, Adler publicly made the announcement that Delta now guarantees the dental fillings that its preferred providers produce – an unprecedented move in the dental industry which lowers fillings to the market level of haircuts. Understandably, Adler was publicly and personally challenged about this selling point by a dentist. That incident occurred a month ago, and neither Delta Dental nor Ari Adler has come forward to claim responsibility for Adler’s statement. Yet Delta probably gained clients because of the deception.

    So now, young and ambitious, high-tech PR students, whom does this calculated rumor hurt the most? Delta Dental, or consultant Adler?

    I’ll tell you early in today’s lecture, before anyone falls to sleep, that Delta’s public abandonment of Adler is the most important point of this lesson, Grasshoppers. Remember it because it could show up on a pop quiz sometime in your career.

    As a brand new PR consultant with a reputation to protect, think very hard before signing on to work for a managed care discount broker like Delta Dental, BCBS or the notoriously dishonest, UnitedHealthcare – owner of Ingenix. In a sudden small town, their sneaky, cost-cutting business practices cause permanent harm to everyone they touch – employees as well as clients. Always remember this before you attach yourself to any business entity: Delta left Adler stranded with no means of escape. The encounter caused permanent scars that Adler did not deserve.

    I am certain that Ari Adler is disgusted with the way Delta Dental thoughtlessly sacrificed his credibility and reputation – using him as a disposable Internet interface (and buffer) between Delta’s unethical leaders and consumers. (See “I will hurt you Delta Dental – Part five: Ari Adler’s Problem.”)


    These days, managed care discount brokers like Delta are in deep PR trouble. Small town transparency is undermining their command-and-control business models which were nurtured in – and are traditionally supported by obscurity, confusion and delays that are consistent with modern business in the 1960’s. Suddenly, due to improved communications, including social networks, the bureaucratic problems that coincidentally insulated leaders from accountability to customers are now easily solved with quick online conversations that unfortunately for some, become permanent records in the community. This means that slow-moving, fat corporations, whose leaders’ work ethics long ago shrunk to vestigial, are exposed and defenseless in front of those they fear the most – the customers they serve who give them money. When the lights start flashing, robbers hide behind innocent bystanders who have delicate lives of their own. Good ol’ boys hide behind innocent consultants who have delicate lives of their own.

    Working conditions matter, starting now

    From reading some of his work, I think Adler is probably one of the higher paid consultants in the managed care market. He’s clearly the sharpest I have ever read. Unfortunately for fat businesses that need good PR starting tomorrow, it will be talented professionals like Ari Adler who will refuse such dangerous jobs. Then the dinosaurs will use up a few second-tier PR specialists – including some who are sensational, exciting and all over the Internet – and others who are mysterious, sullen and without a visible sense of humor. If a huge American business like Delta Dental has not accepted delivery of a trainload of clues by then, I don’t know what will happen. And that brings me to the rumor of the day: Following the brief appearance of the second-tier PR wonders who learned marketing techniques from cheap, online courses (not mine), door-to-door duties will eventually become part-time and after-school jobs for the kids, cousins and in-laws of the latest set of vice-presidents and board members in downsized neighborhood insurance businesses with big signs and full-page yellow pages ads.

    The good news is, I don’t think the market correction will have to cut that deep for that long in order for improvements to develop. I think the mess our community is involved in will mercifully start really stinking and fall apart much sooner once proud good ol’ boys in giant businesses run out of decent people to hide behind. That is when they’ll try hiding behind each other – providing a short period of free and spectacular entertainment for the community, sort of like Enron. In summary, I think within a year, there will be nowhere to hide for those still standing, and the stock market will dip only a little bit more before turning around with strong gains. I am describing of course the influences of sharp, natural cutting-edge of transparency in the marketplace that demands respect and discipline of alert and serious players. Not the soft, comfortable, currently popular bailout mentality.

    Don’t feel sorry for dead and dying dinosaurs. They had a long and glorious run, and we owe our history to them. But they should not, and cannot be saved. They are too inefficient for today’s market and there is simply no room for them. Besides, they are fat, cold-blooded lizards who eat their young.

    No matter what I personally do from here forward in the discovery of a vast frontier, an informed consumer community simply will no longer allow unconscionable boardroom command-and-control tactics to gain anything but ridicule on the Internet. Any PR expert who is in the profession for keeps must maintain a respectable Internet presence, and jealously defend his or her reputation. For those who like a goood times a lot, this means one must do the right thing even if nobody is watching. That is called personal accountability, and it will also make our roads safer for everyone. For a public relations professional, the only thing worse than having an embarrassing video on the Internet is to have nothing on the Internet at all. Which brings me to…

    Gross anatomy – Coming soon to a forum near you.

    In the next part, I will dissect for you another trapped dinosaur called BCBS-opotamus. It could get messy, so dress appropriately. Wear old shoes.

    As I am writing this, the monster is stumbling and flailing – slinging snot all over the place while carelessly crushing unprepared PR consultants left and right in an attempt to scramble out of a slippery hole a former employee dug for grins. Here’s the exciting thing about being one of the few at the event horizon: Hardly anyone has noticed the thread so far, and the harder BCBS struggles, the more attention the story will acquire. I humbly request that you be a good sport and share the tale with friends to give it a really swell start… or not.

    Here is a brief introduction: BCBS, in its famous cost-cutting ways, hired cost-effective, but unprepared second-tier PR consultants to shut up a man named Martin Ethridgehill who once worked for BCBS of New Mexico until a little more than a month ago. The exciting and truly confounding problem that has created panic at BCBS nationwide is the nature of the comment that Ethridgehill posted on ModernHealthcare.com. Its title is “Don’t rush EHRs without addressing medical ID theft” – Ethridgehill’s cautionary statement that medical ID theft is dangerous and that the nation should be careful in its rush to adopt paperless healthcare practices. Sounds like good advice. Right? Here’s my favorite twist in the real-time lesson: BCBSNM does not want any part of Ethridgehill’s side of the argument. Now, students, imagine you are the PR consultant who is called into the VP’s office at 9:05 AM tomorrow morning and told to hard-sell the counter-point that although it is counter-intuitive, recklessness in adopting eHRs is actually healthier for BCBSNM clients, as well as their growing number of imposters.

    If you want to read ahead, and actually prepare for tomorrow’s lesson for once in your easy educational career, go to the Medical Executive-Post thread, “Don’t Rush Into eHRs.”


    You signed up for advanced studies in social networking (not for credit). That is what you paid for, friends. That is what I deliver.

    D. “Scoop” Pruitt


  5. Dr. Donald Cohen’s opportunity

    “Dr. Donald Cohen is a licensed practicing dentist in New York State for over thirty years with over 20 years of teaching experience at Columbia University SDOS and over 20 years as an Attending Dentist at Columbia Presbyterian Hospital in New York City. He is past president of the New York State Society of Dentistry For Children and is currently Director of Compliance for Health Compliance Team Inc., a national compliance company delivering total on-site compliance solutions to dental offices and numerous seminars. Additionally, he is a Consultant to Henry Schein Inc. in practice transitions and compliance.”

    Dr. Donald Cohen, like Travis Criswell, Sharalyn Fichtl, Kelly Mclendon and Olivia Wann, is a HIPAA consultant. He posted a press release on DentalBlogs.com on August 28 titled “Dentists Should Know About New HIPAA Rules.”


    I took interest in his article because he did not try to make HIPAA sound like something that actually makes sense. If I were forced for some reason to become HIPAA compliant, of all the consultant companies I have come across, Compliance for Health Compliance Team, directed by Dr. Donald Cohen, would be the one I would choose. That is my unpaid opinion.

    Dr. Cohen allowed my contrarian comments to be posted following his article. That is progress. Maybe he will share some of his thoughts about HIPAA with us if we ask him to. I think this would also count as “meaningful use” of the Internet, so that means that there is ARRA stimulus money in it for us. I need it. Business is sort of slow.

    Here is what I submitted to Dr. Cohen’s attention today. If he posts it, it will make three in a row. He could be my hero:

    Yes, I’m back.

    Please understand that I am not selling a thing, friends. I don’t even own a Website (in the conventional sense). I am merely trying to alert my profession of the imminent HIPAA disaster which nobody wants to face, not even the ADA. In fact, a few Internet editors who have advertising interests with the ADA have gone so far as to censor me in a futile attempt to deny me freedom of speech. Though it can be dependably entertaining, it never ends well for slow-moving dinosaurs and does little to promote transparency, until the last day or so.

    I have been following the HIPAA issue a long time. I was surprised to discover how very difficult it is to find HIPAA consultants who will entertain suggestions that HIPAA just might be the most stupid idea ever supported by the ADA. Who can blame them? The mandate, stupid or not, is their living.

    That is why I sincerely respect Dr. Donald Cohen for allowing my comments to appear following his article “Dentists Should Know About New HIPAA Rules” that was posted on DentalBlogs.com a few days ago.


    In the last few days, I have been participating in an unprecedented and urgently needed discussion about HIPAA and dentistry with HIPAA consultants Kelly Mclendon, who is a Registered Health Information Administrator, and Olivia Wann, a Registered Dental Assistant with a BS in Health Care Administration. Our exchanges are at the last of an article titled “Kelly Mclendon RHIA – censors – D. Kellus Pruitt DDS.”


    Here are the six questions we discussed which I first posed to Mclendon:

    1. How will eDRs (electronic dental records) improve care of dental patients?

    2. How will eDRs increase patient safety?

    3. What does Olivia Wann mean when she says that having a national system for computerized health records will simplify compliance in the US?

    4. How will eDRs save costs in dentistry?

    5. How will eDRs minimize errors in dentistry?

    6. How will eDRs maximize efficiency?

    Considering all the topics we covered, I’d say we eliminated a dozen or so common misconceptions about electronic dental records and HIPAA. I’m thankful for this opportunity to spread the word so that progress is given a chance.

    Thank you, Dr. Cohen. Your courage is not unnoticed. I’ll offer you an opportunity soon.

    D. Kellus Pruitt; DDS


  6. Darrell, Avi and others,

    Most all medical professionals since inception, in 1996, knew intuitively that HIPAA was a good idea – gone very bad. Especially, many of the privacy portions which have been bastardized beyond all common sense.


    Dr. Meriwether Baker Rellman


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: