And … Judicial Affairs

By Darrell K. Pruitt DDS

Dear Dr. Roy N. Burk – Chairman

In your email to me on Thursday, you informed me that you would call my office this week at your convenience to discuss the as yet to be defined complaints about my “unprofessional conduct” from unnamed origins – some of which are rumored to be as old as three years. Also in your reply that was days late, you confirmed my suspicion that you rarely check your email (even though you provided your address). That is why I asked the manager of the TDA Twitter account to send you the message not to call my office. I’ve given her another message today to tell you to check you email. You said you prefer to have a phone conversation with me. However, I naturally decline because of obvious reasons such as inconvenience, misinterpretations and limited exchange of information.

Foundation of our Nation

The foundation of our nation was defined in carefully chosen words written by Thomas Jefferson, Thomas Paine and others. You have to admit that writing is a much more meaningful and efficient way to resolve the TDA’s mistake than with a 5 minute phone conversation. In addition, by working out our misunderstanding in meaningful sentences that can be viewed by all, both of us are much less likely to say something we might regret if our conversation gets heated… which it will. After all, you threatened my reputation in my community, Dr. Roy Burk. And for that reason, I intend to hold you personally accountable in your community if Judicial Case No. 12-2010-3 is not dismissed. Fair is fair.

Let’s Talk 

Things said in anger help nobody, and can be completely avoided with the written word. In short, there is no reason for either our phone conversation or the meeting you have planned for me on September 18. We can all do something else on that Saturday rather than waste the morning in an Omni Fort Worth hotel room. That is, if you are more interested in resolution than punishment. So let’s negotiate this mistake quickly and quietly, but in a transparent manner, Dr. Burk. As Dr. David May said (but did not mean) when he took over as TDA President in 2007, “Let’s talk.”

TDA Censorship? 

The issue at hand is clearly TDA censorship for political reasons rather than “unprofessionalism.” Trust me when I tell you that nobody who is following us is fooled by the kangaroo court you propose. Considering the recent NLRB decision against the TDA for mistreating employees, the TDA is no longer considered an ethically run organization by many. That means your credibility is shot from the beginning. This week, Jan Jarvis, whom I’m sharing this email with, published “Fort Worth medical clinic spends $15,000 notifying patients of theft” in the Fort Worth Star-Telegram.”

http://www.star-telegram.com/2010/08/06/2389717/fort-worth-medical-clinic-spends.html#ixzz0wIaU5AQa

My Community 

This is my community. Some of my patients are (or rather were) also patients of the local allergy clinic where computers containing 25,000 patients’ PHI were stolen in a burglary. In the end, the data breach will cost the clinic hundreds of thousands of dollars in lost customers because of the bad publicity, in addition to possible HIPAA fines and perhaps a lawsuit from Texas Attorney General Gregg Abbott. Yet, the TDA has still failed to warn members of the liability of their computers. There is simply no excuse for the TDA’s neglect, and punishing me for revealing the truth will not help anyone, and it aggravates me. That said, please allow me to show you exactly how the TDA’s censorship is hurting dentists as well as endangering their patients in Texas – even as we speak: One year ago today, I posted the following article concerning the liabilities of data breaches on the TDA’s Facebook. It is one of many cautionary articles I contributed about data breaches, electronic dental records and HIPAA. However, the TDA as well as the ADA has ignored the exploding identity theft problem because of undisclosed allegiances to entities other than dentists and patients. The behavior of my professional organization is counter to the Hippocratic Oath and indefensible.

In October, an unnamed person in the TDA determined that TDA members should be prevented from reading the following information.

TDA Facebook, August 11, 2009

HITECH/HIPAA Breach notification

On August 18, American dentists will hear from HHS that HITECH-empowered HIPAA now requires that patients be notified if a breach includes their identifiers. Most will be surprised to learn that the notification requirement is nothing new. The law has been there for years. Besides the law, everyone has to admit that notifying those whose welfare is at risk is the only ethical thing to do, even if it bankrupts a practice. And that is the problem. Breach notification will bankrupt a dental practice. The law has been around for years. It simply never was enforced by either HHS or CMS because it would be so devastating to small medical and dental practices. I assume that the shoddy enforcement is why the ADA did not see a need to distribute discouraging information about the HIPAA requirement. For some reason, the ADA supported the adoption of HIPAA. Some day we’ll know why.  This is not the first time I’ve brought up the breach notification topic on a TDA publication. At the first of 2007, the TDA ventured into the blogosphere with “Ask a Colleague” Forum as part of the TDA’s Website. I began to take over the forum with a contribution posted on January 13, 2008 which I copied below. It is a snail-mail letter I received from President-elect Dr. John S. Findley, describing for the only time in ADA history, the ADA’s Data Breach protocol.

ADA Resources? 

As you can see from the hard work put into the letter, it took a considerable amount of ADA dues to produce this response for only one ADA member. Nevertheless, my question was not taken lightly because they probably assumed it would show up again. And, they were correct. Even though the leaders failed to share it with other ADA members, before it was forgotten, it was cc’d to

• Dr. S. Jerry Long, trustee, Fifteenth District
• Dr. James Bramson, executive director
• Ms. Mary Logan, chief operative officer
• Ms. Tamra Kempf, chief legal counsel
• Ms. Mary Kay Linn, executive director, Texas Dental Association

Two and a half years later, Findley’s letter is current enough to be posted with only minor changes. For example, Dr. James Bramson and Ms. Mary Logan no longer work for the ADA.

One more note about Dr. Findley’s response to my question, I did not misrepresent myself in my email to him that I had a computer stolen. He knew from six months earlier when I first emailed him my question that it was a hypothetical question about an obscure topic that ADA leaders did not want to talk about.

Posted: 13 Jan 2008 10:05 AM on the TDA.org Forum

Data breach protocol announced

On January 8th, Dr. John S. Findley, President-elect of the American Dental Association, signed the letter below which defines a data breach, describes a dentist’s obligation under the law in Texas to notify patients involved and the penalty for failing to do so. This is the first time this information has been made available to dentists anywhere in the nation in the 12 years of the HIPAA rule. Dr. Findley and his team are to be congratulated for working through an arduous and unpopular task. It demanded courage.

Darrell

ADA

American Dental Association

http://www.ada.org

John S. Findley, D. D. S. President-Elect

January 8, 2008

Dr. Darrell Pruitt

6737 Brentwood Stair Rd., Ste. 220

Fort Worth, Texas 76112-3337

Dear Doctor Pruitt:

I received your email of December 26th and regret to learn of the loss of your computer. I did inquire as to appropriate procedures upon the occurrence of such an event and am copying below an excerpt from the response of out legal department. “It appears that under these circumstances the dentist may wish to notify affected patients that their information may have been compromised so that they can take necessary steps to protect themselves (i.e. cancel credit cards, notify social security about potentially stolen social security numbers…). (This communication is informational and personal consultation between the dentist and his or her attorney is recommended.) They should also check their state breach notification laws to determine if there is anything else that is required. In this case, the Texas Identity Theft Enforcement and Protection Act (Texas Code Sec. 48 et seq) (the “Act”) covers data breach notification. The Act protects both “Personal Identifying Information,” which is defined as any information that alone, or in conjunction with other information, can be used to identify an individual and an individual’s:

A) name, social security number, date of birth, or government-issued identification number;

B) mother’s maiden name;

C) unique biometric data, including the individual’s fingerprint, voice print, and retina or iris image;

D) unique electronic identification number, address, or routing code; and

E) telecommunication access device.

The Act also protects “Sensitive Personal Information,” which is defined as an individual’s first name or first initial and last name in combination with any one or more of the following items, if the name and the items are not encrypted:

i) social security number;

ii) driver’s license number or government-issued identification number; or

iii) account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account.

Sec. 48.102 of the Act creates a duty for businesses to protect and safeguard information through creating and implementing procedures for such purpose. If there is a breach in the security of information, the Act requires a business that maintains ‘Sensitive Personal Information” to notify the owners of such information as soon as possible that a breach has occurred. The Act specifies one of the following modes of notice to be provided:

1) written notice;

2) electronic notice, if the notice is provided in accordance with 15 U.S.C. Section 7001 (which basically requires that a consumer must consent to receiving such notice in electronic form); or

3) notice as provided by Subsection (f) (see below).

(f) If the person or business demonstrates that the cost of providing notice would exceed $250,000, the number of affected persons exceeds 500,000, or the person does not have sufficient contact information, the notice may be given by:

1) electronic mail, if the person has an electronic mail address for the affected persons;

2) conspicuous posting of the notice on the person’s website; or

3) notice published in or broadcast on major statewide media.

Violations

“A person who violates the Act is liable to the state for a civil penalty of at least $2,000 but not more than $50,000 for each violation.” The information pertaining to your question was found in the Identity Theft Enforcement and Protection Act, Chapter 48 of the Business and Commerce Act of Texas.

We hope this information helps.

Sincerely,

John S. Findley, D.D.S.

President-elect

JSF:cac

cc: Dr. S. Jerry Long, trustee, Fifteenth District

• Dr. James Bramson, executive director
• Ms. Mary Logan, chief operative officer
• Ms. Tamra Kempf, chief legal counsel
• Ms. Mary Kay Linn, executive director, Texas Dental Association

Assessment

Dr. Findley’s letter to me was also deleted from the now closed TDA.org Forum.  The TDA’s actions are a lot like burning books, Dr. Roy Burk.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

• DICTIONARIES: http://www.springerpub.com/Search/marcinko
• PHYSICIANS: www.MedicalBusinessAdvisors.com
• PRACTICES: www.BusinessofMedicalPractice.com
• HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
• CLINICS: http://www.crcpress.com/product/isbn/9781439879900
• ADVISORS: www.CertifiedMedicalPlanner.org
• BLOG: www.MedicalExecutivePost.com
• FINANCE:Financial Planning for Physicians and Advisors
• INSURANCE:Risk Management and Insurance Strategies for Physicians and Advisors

Filed under: "Doctors Only", Ethics, Information Technology, Pruitt's Platform | Tagged: CMS, Darrell Pruitt, DDS, Dr. James Bramson, Dr. John S. Findley, Dr. Roy N. Burk, Dr. S. Jerry Long, EHRs, EMRs, HIPAA, HITECH, Identity Theft Enforcement and Protection Act, Judicial Case No. 12-2010-3, Mary Kay Linn, Ms. Mary Logan, PHI, TDA Council on Ethics, Texas Code Sec. 48 et seq | 37 Comments »