In 2013, California-based dentist Robert Meaglia was preparing for the holidays when he had unwelcome visitors in his dental practice. Burglars broke in through the back door and stole numerous items, including a Gameboy and toothbrushes. Worst of all, they took his computer containing unencrypted patient information.
According to an Aug. 8, 2014, news article published by the California Dental Association (CDA), because the information was unencrypted, Meaglia had to report this incident to the attorney general, the state and the U.S. Department of Health and Human Services (HHS). He later found that the software program he had in place was classified by the Office for Civil Rights (OCR) as “data masking” and not true encryption. This data breach meant he had to report this incident to his patients.
Police later found his computer in a drug bust, but unfortunately, patient information had been compromised. The CDA article reported that Meaglia “wanted to share his experience to help warn other dentists to protect themselves and their patients from such a break-in.”
For a breach in which the covered entity (in this case, the dentist) did not and could not have reasonably known about it, fines range from $100 to $50,000 per incident, with a yearly cap at $1.5 million in penalties. For more severe offenses where the covered entity acted with “willful neglect” and failed to make a timely correction, fines begin at $50,000 per incident with the $1.5 million yearly penalty cap, according to HHS.
Theft of patient data is not the only way dentists can illegally share patient information. A dentist in Kokomo, Indiana, was fined for mishandling patient records in 2013, after hiring a private company to dispose of his patient records. A March 2, 2015, ADA News article reported that a week later, 60 boxes of these records were found discarded in an Indianapolis dumpster. The attorney general’s office retrieved the files and no identity theft was identified or reported. However, the dentist was held responsible for the breach and was fined $12,000.
Finish reading this article in Contour magazine.
~Isabel Pennings, Creighton ’20, ASDA Contributing Editor