Book Review – Dark, Dark Reading
By Darrell K. Pruitt DDS
Complying with HIPAA is an investment in the future of your dental practice. HIPAA Privacy sets forth requirements regarding the proper protection, use, and disclosure of patient information. HIPAA Security addresses using and protecting electronic patient information and the electronic technology that can save time, increase revenues, and improve workflow.” So are those evidence-based claims or an advertisement in the $250 ADA publication I purchased?
On Being Leary
I’ve learned to be wary when dentalcare stakeholders like authors Ed Jones and Carolyn P. Hartley call HIPAA an “investment in the future of your practice” much like I would advise people to be wary of a dentist who sells cosmetic veneers by calling it an “investment in your smile!” All too often it turns out to be an investment in the dentist’s smile.
Unsupported Claims
Contrary to the authors’ unsupported claims in the Introduction of “The ADA Practical Guide to HIPAA Compliance,” there is no evidence that electronic technology saves time, increases revenues or improves workflow in dental offices. And even though Jones and Hartley mention “investment” numerous times in their HIPAA guide, how smart is it for a dentist to sink money into expensive electronic technology that demands mind-numbing documentation (even if it’s done on a computer); that exposes a practice to government inspections which carry liabilities up to $1.5 million even before state attorneys general get involved; that endangers the long-term welfare of both the dental practice as well as dental patients, and that promises no financial return? So just how smart is a HIPAA investment in the future of one’s practice?
Disaster Recovery
I wasn’t far into Jones and Hartley’s imaginative guide to HIPAA compliance before reading other long-since rejected selling points that are so lame that even rookie eDR vendors know better than to attempt them. The authors’ naïve claim of the digital advantage of easier “disaster recovery” from a fire or hurricane is a good example of ADA-approved HIT fiction. Just ask yourself why disaster recovery was hardly a concern throughout the history of dentistry until the ADA leadership mindlessly bought in to promoting paperless practices and suddenly needed selling points in the worst way.
ADA Slogan
“Dentistry is healthcare that works”.
Beware
Any time dentalcare stakeholders trot out solutions, before asking the price, dentists should determine that there is indeed a corresponding problem that needs to be solved. Here is a simple marketplace test of Jones and Hartley’s disaster recovery claim: Which is cheaper: Disaster recovery insurance or data breach insurance? Common sense says that dentists’ offices are much more likely to be hit by burglars than fires and hurricanes. When burglars break into dentists’ offices, they don’t go for filing cabinets and ledger cards. They steal computers that can contain thousands of patients’ identities. As for the small percentage of US dentists whose offices are located in coastal cities and vulnerable to hurricanes, perhaps those dentists should maintain both digital and paper patient records. After all, which kind is easier to read during power failures that are common with hurricanes as well as ice storms – which occur much more frequently and throughout the nation? What’s more, pegboards and ledger card boxes in a paper-based practice are not only hack-proof, but their use is unaffected when Internet servers go down, or are hacked. Confused yet?
“You may decide to engage a technology consultant at some point, but after reading this book, you’ll have specific reasons for that engagement.”
Still Not a Fan
I’m not a fan of creative writers Ed Jones and Carolyn P. Hartley’s style of humor, but I needed a few continuing education credits and decided to pick up 8 easy hours through the ADA by purchasing their HIPAA guide and accompanying test. After finally conquering the first 2 bureaucratic-tedious chapters, it’s a pretty sure bet that I’ll try to wing it on the test long before getting through all 360 pages – many with footnotes even.
In the Minority
I think studying for a CPA exam would be more riveting reading for me, as well as perhaps more meaningful for my dental patients – even if I were a HIPAA-covered entity. But since I’m one of the 4% of dentists in the nation who still doesn’t store or transmit patients’ protected health information (PHI) in slippery digital form, I never have to worry about attracting a subjective inspection because of my highly visible opinions about the absurdity of HIPAA in dentistry. Fines for being “willfully negligent” start at $50,000, and my transparent lack of respect for the Law would understandably trigger an inspection if I were a HIPAA-covered entity.
HIPAA Flexibility
On the other hand, since the HIPAA Rule is “flexible” by design, and HIPAA-covered dentists can be charged with huge fines – the other 96% of dentists in the nation who use computers in the business office have good reason to be careful about exercising their basic freedoms in the land of the free. It’s easy to see why covered entities aren’t complaining. Not to worry. As always, Proots has your six, good buddy. Are flexible laws really in American citizen’s best interest?
Although authors Jones and Hartley repeatedly point out that the HIPAA Rule’s flexibility is its beauty – even to the extent of allowing dentists to decide whether or not to notify their patients of a breach – dentists simply must be warned of the dangers that are inherent in vague laws: Flexibility for the dentist always means subjectivity for the inspector. History has shown us that subjectivity is dangerous in the hands of poorly-trained people with badges working on commission. The odds of fair treatment following even a self-reported data breach are not in a dentist’s favor. Even the simplest investigation by HHS representatives will cost a dentist at least $100 – even if the dentist is determined to be innocent of a baseless complaint – perhaps filed by a disappointed patient or employee.
Investigations and Violations
“Violation Category (A) Did Not Know: For a violation in which it is established that the Covered Entity did not know and, by exercising reasonable diligence, would not have known the Covered Entity violated such provision [$100-$50,000 per violation]. Chapter 2, page 20. HHS Secretary Kathleen Sebelius promised Congress that she intends to efficiently investigate every complaint against providers and vows to stop data breaches through stricter enforcement of the (hazy) HIPAA Rule – starting real soon. How is that not tyranny?
HITECH Subjectivity?
The ADA’s guide to HIPAA compliance has reaffirmed to me that HITECH HIPAA is a subjective law designed for abuse by those who created it. What’s more, eDRs provide NOTHING to dental care that has not been adequately and safely handled by conventional means of communication for decades at far lower costs. Sooner or later, the sudden news about HIPAA’s absurdity in dentistry is going to hit the HIT market like a brick. Following that flash of honesty, anyone who doesn’t agree that HIPAA is absurd in dentistry will do so at risk of snickers. So how complicated is compliance?
Chapter One: Dentist’s Obligations
Chapter 1, page 1: “This book is concerned with only a portion of [Public Law 104-191]: Subtitle F — Administrative Simplification, hereinafter referred to as ‘HIPAA.’” Later in Chapter 1, Jones and Hartley use a paragraph to describe dentists’ obligations.
“Adopting Health IT presents challenges as well. For example, a dental practice must research and evaluate available systems, assess the current and foreseeable needs of the practice, negotiate the terms of the contract for the system and related services, including items such as the cost and availability of tech support, the number of licenses and authorized users that the contract will include, and the hardware and software features that enable HIPAA and HITECH compliance. Time and energy must be devoted to training staff to use the electronic health record system. A dental practice adopting an electronic health record should consult its attorney both with regard to the acquisition itself (including any contracts, licenses, and other legal documents) as well as with regard to the legal implications of using an electronic health record (for example, the dental practice should understand what will constitute the legal record and how the electronic health record would affect document retention requirements). A dental practice that intends to take advantage of the HITECH Act Medicare or Medicaid reimbursement incentives must understand and stay abreast of developments regarding the incentives, such as the qualifications of an “eligible provider,” how to demonstrate compliance with the “meaningful use” criteria, how reimbursement incentives will be structured, and certification criteria of dental information systems.”
Now do you see why the name “HIPAA” works better for stakeholders than “Administrative Simplification”?
HIT Rot
As another illustration of how effectively stakeholders have hidden rot in HIT, the most common misspelling of HIPAA is “HIPPA,” and most consumers trustingly assume at least one of the Ps stands for “Privacy.” HIPAA hasn’t been about patient privacy since it was amended 8 years ago, and the P stands for “Portability.” And boy-howdy are digital records ever portable! HIPAA has ceased to be a benevolent law for Americans. It’s become instead a bi-partisan plan to take control of healthcare from healthcare principals and award it to healthcare stakeholders such as the HIT industry.
Assessment
You’ll spend a good amount of time implementing the Security Rule in your dental practice, but it’s the maintenance measures that will keep you in compliance.” This is a beautiful, meaningless point, Ed Jones and Carolyn P. Hartley.
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
Filed under: "Doctors Only", Book Reviews, Health Law & Policy, Information Technology, Pruitt's Platform | Tagged: ADA, ARA, Darrell Pruitt, DDS, dentists, HIPAA, HITECH | 39 Comments »
Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 