On January 8th, Dr. John S. Findley, President-elect of the American Dental Association, signed the letter below which defines a data breach, describes a dentist’s obligation under the law in Texas to notify patients involved and the penalty for failing to do so. This is the first time this information has been made available to dentists anywhere in the nation in the 12 years of the HIPAA rule. Dr. Findley and his team are to be congratulated for working through an arduous and unpopular task. It demanded courage. Darrell Pruitt DDS
———————————————
ADA
American Dental Association
John S. Findley, D. D. S. President-Elect
January 8, 2008
Dr. Darrell Pruitt
6737 Brentwood Stair Rd., Ste. 220
Fort Worth, Texas 76112-3337
Dear Doctor Pruitt:
I received your email of December 26 and regret to learn of the loss of your computer. I did inquire as to appropriate procedures upon the occurrence of such an event and am copying below an excerpt from the response of out legal department.
“It appears that under these circumstances the dentist may wish to notify affected patients that their information may have been compromised so that they can take necessary steps to protect themselves (i.e. cancel credit cards, notify social security about potentially stolen social security numbers…). (This communication is informational and personal consultation between the dentist and his or her attorney is recommended.) They should also check their state breach notification laws to determine if there is anything else that is required.
In this case, the Texas Identity Theft Enforcement and Protection Act (Texas Code Sec. 48 et seq) (the “Act”) covers data breach notification. The Act protects both “Personal Identifying Information,” which is defined as any information that alone, or in conjunction with other information, can be used to identify an individual and an individual’s:
A) name, social security number, date of birth, or government-issued identification number;
B) mother’s maiden name;
C) unique biometric data, including the individual’s fingerprint, voice print, and retina or iris image;
D) unique electronic identification number, address, or routing code; and
E) telecommunication access device.
The Act also protects “Sensitive Personal Information,” which is defined as an individual’s first name or first initial and last name in combination with any one or more of the following items, if the name and the items are not encrypted:
i) social security number;
ii) driver’s license number or government-issued identification number; or
iii) account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account.
Sec. 48.102 of the Act creates a duty for businesses to protect and safeguard information through creating and implementing procedures for such purpose. If there is a breach in the security of information, the Act requires a business that maintains ‘Sensitive Personal Information” to notify the owners of such information as soon as possible that a breach has occurred. The Act specifies one of the following modes of notice to be provided:
1) written notice;
2) electronic notice, if the notice is provided in accordance with 15 U.S.C. Section 7001 (which basically requires that a consumer must consent to receiving such notice in electronic form); or
3) notice as provided by Subsection (f) (see below).
(f) If the person or business demonstrates that the cost of providing notice would exceed $250,000, the number of affected persons exceeds 500,000, or the person does not have sufficient contact information, the notice may be given by:
1) electronic mail, if the person has an electronic mail address for the affected persons;
2) conspicuous posting of the notice on the person’s website; or
3) notice published in or broadcast on major statewide media.
A person who violates the Act is liable to the state for a civil penalty of at least $2,000 but not more than $50,000 for each violation.”
The information pertaining to your question was found in the Identity Theft Enforcement and Protection Act, Chapter 48 of the Business and Commerce Act of Texas.
We hope this information helps.
Sincerely,
John S. Findley, D.D.S.
President-elect
JSF:cac
cc: Dr. S. Jerry Long, trustee, Fifteenth District
Dr. James Bramson, executive director
Ms. Mary Logan, chief operative officer
Ms. Tamra Kempf, chief legal counsel
Ms. Mary Kay Linn, executive director, Texas Dental Association
Actually this happened to me about 5 years ago, and I wish I had this info back then. I hope this is the type of info I can file away and never have to use Thanks, Jason
Don’t tell anyone, but HIPAA failed long ago and the nation’s politicians are trying to keep it a secret until at least after the next presidential election. I am afraid the bad news won’t wait. Of all the candidates, I think Senator Barack Obama will be the one to spill the news by responding to this essay on Dentist.Com. Why shouldn’t I invite him to respond on a free forum? It is worth a try. From what his campaign website says, he is a fan of modern communication and Dentist.Com is revolutionary in healthcare – as well as consistent with Obama’s ideas for government. Keep reading. I’ll show you the event horizon, friend.
All presidential candidates, including Obama, still have no clue about the absurdity of HIPAA because politicians never consider dentistry. That is unfortunate. It is nothing new
Under his stated commitment to invest in healthcare information technology, his campaign reveals that “A key feature of Barack Obama’s health care plan is the use of technology to lower the cost of health care.” He certainly was not considering dentistry when he wrote that statement. He also was not considering dentistry when he wrote that paper records are inferior to electronic records when coordinating care, measuring quality and reducing errors.
Senator Obama claims that he will develop healthcare IT in coordination with providers and frontline workers. Once again, I think we can be certain that he was not thinking about dentists. Healthcare IT is going nowhere in dentistry.
He does, however, make a valid point that paper claims cost twice as much to process than electronic. That makes digitalization of dental claims a wonderful opportunity for the insurance industry to increase their profits as well as executive bonuses. But it falls far short of a dentistry concern, nor is reducing insurance overhead at all consistent with the Hippocratic Oath. If insurers want to save money using digitalized data, they deserve to. This is America. They will just have to convert paper dental claims themselves. For every dollar they require dentists to invest in their IT infrastructure, someone goes to bed with a toothache. Accessibility to dental care is not only consistent with the mission of the American Dental Association, but it is always more important than CEO stock options.
The virtually complete rejection of EHRs in dentistry proves that dentists do not want the expense and liabilities that come with paperless practices. Even after being heavily pushed by entrepreneurial and governmental stakeholders, fewer than 15% of physicians have adopted EHRs. Because physicians must maintain four to five times the number of patients’ records as dentists, and because medical histories can be as thick as telephone books, as well as the constant need for lab results and consultations with others that is almost non-existent in dentistry, physicians’ patients might actually benefit from EHRs some day. However, the Department of Health and Human Services has to finally resort to paying 1200 physicians across the nation just to get them to try EHRs. How much will taxpayers have to pay dentists to try them, considering they offer no tangible benefits for dental patients, while the expenses and liabilities of being HIPAA compliant continue to increase because there is nothing holding down the cost? Taxpayers cannot afford any more mandate fantasy.
Now that the truth is out, and HIPAA is inescapably dead in dentistry, where do we go from here? Organized dentistry must announce that it is separating from the rule because actions allowed and even encouraged by the act directly harm dental patients. The HIPAA rule is unethical, not only because it methodically takes control of treatment decisions from dentists and patients, but because it is a complete failure at protecting patient privacy as well. HIPAA clearly disregards the Hippocratic Oath in many painful ways.
So how could the failure of interoperable EHRs in dentistry affect the election if someone like Barack Obama were paying attention? Many politicians who know so little about dentistry promise higher quality (fillings) at lower prices. Any dentist who has ever done a filling has to wonder how EHRs can possibly cause that to happen. Will Barack Obama really listen to reason, or will he ignore dentists just like the Bush administration does.
I chose candidate Barack Obama to highlight, not because I particularly support him, but because of my interest in another promise he posted under the topic: “Create a Transparent and Connected Democracy – Open Up Government to Citizens.”
His campaign literature claims that an Obama presidency will use cutting-edge technology, creating a new level of transparency, accountability and participation. Furthermore, his campaign promises that it has a vision of how technology can help connect government to its citizens and better engage them in democracy. It already sounds a lot like Dentist.Com, doesn’t it? Hmmm… Who is copying whom? Maybe Obama and Dentist.Com’s creator both sense society’s desire of better, more inclusive democratic governance.
In Obama’s list of ways to integrate citizens into the actual business of government, he includes making government data available online. Perhaps if Obama were president, I could find out how many dentists in the nation have NPI numbers. Neither the Department of Health and Human Services nor the ADA Department of Dental Informatics will let go of that information. I assume they keep it a national secret for my own good.
Without even one mention of “2.0,” there are plenty of web 2.0 characteristics in the fresh ideas Obama offers in his campaign. Not only does he promote blogs, wikis and social networking, but he wants to open up government decision-making and involve the public in the work of agencies by tapping into the vast expertise of citizenry to help make more informed decisions. This represents “architecture of participation” – the classic characteristic of web 2.0. Today, this is also called using the Internet as a “platform.”
Get this: Obama would require his appointees to employ all the technological tools available including blogs, wikis and social networking. He pledges to modernize information sharing in order to improve governance and to allow citizens to be heard. It is my opinion that ADA officials could learn from Obama. If a member wishes to voice an opinion, organized dentistry still use letters to the editor -“Talk to the hand, doctor.” No kidding.
Here is the reason that I think Obama just might listen, even though he has misconceptions about EHRs. He says he wants to restore the basic principle that government decisions should be based on the best-available, scientifically-valid evidence and not on the ideological predispositions of agency officials. Wow.
Now if I can only get Barack Obama to understand that HIPAA does not help dental patients, he will be the first ever enlightened politician in dental history. Darrell Pruitt DDS
As you may already be aware, I have a hobby. I uncover absurdity in dentistry, and then I share what I find with my friends. Modern Internet transparency is exposing a limitless amount of material for me to share, simply because so much was obscure for so long. HIPAA alone makes dentistry a target-rich neighborhood. Good thing I write profusely and thank God for freedom of speech. Just in time. I could use some help, you know.
Dr. Findley’s letter of January 8th (posted 1/25/08) ominously outlines the seriousness of a data breach for dental offices. It is clear that a breach could bankrupt a practice whether it is reported or not.
If it is so dangerous to maintain patients’ identifiers on office computers, what are the offsetting advantages to electronic health records?
For the sake of argument, let us will away every one of the liabilities of HIPAA in dentistry and pretend that electronic health records software doesn’t cost $60,000 per dentist. Since we’re evaporating liabilities, let’s disappear the PriceWaterHouse inspectors that HHS is hiring to enforce HIPAA compliance as well. We would not have liked them anyway. Trust me.
Let us also pretend that in offices of two employees or less, nobody has a federal obligation to take on the responsibility of the IT security officer, who has to deal with Standard CFR 164.310 (d)(2)(iii). ( It specifies that where it is reasonable and appropriate, the covered entity should “maintain a record of the movements of hardware and electronic media and any person responsible therefore.” This standard requires the security officer to track the movements of hardware and electronic media that contains ePHI.1(p12) – source: “HIPAA security series: 3. Security standards: physical standards. US Dept of Health and Human Services, Centers for Medicare and Medicaid Services.” Updated Mar 2007, Vol 2, Paper 3. Available at: http://www.cms.hhs.gov/EducationMaterials)
Finally, let us fool ourselves into believing that our patients actually give a flip about electronic dental records.
Dr. Robert H. Ahlstrom, who testified in July before the standards and security subcommittee of the National Committee on Vital and Health Statistics (NCVHS), is a prosthodontist from Reno and a tireless ADA volunteer. He is a respected veteran proponent of paperless dental practices. He is known to often point out that now is the time for dentists to quickly invest in the ultra-slippery portability of digitalized patient information so that every dental patient’s dental history, as well as personal identifiers, can be made available instantly on any computer on Earth, possibly tens of thousands at a time. This fall he was appointed chair of the Dental Practice Model 2020 Committee – a group of ADA representatives shaping the future of our profession.
Here is an excerpt from the article containing Dr. Ahlstrom’s testimony about the benefits of HIPAA:
——————————
Dr. Ahlstrom, representing the ADA at the hearing, cited as potential benefits to dentists and patients from standards developed under the Health Information Portability and Accountability Act of 1996, more commonly short-handed to HIPAA:
1 – dental office computer systems will be compatible with those of hospitals and health plans and referral inquiries handled easily;
2 – vendors will be able to supply low-cost software solutions to physicians and dentists who support standards-based electronic data interchange;
3 – administrative tasks can be accomplished electronically and dentists will have more time to devote to direct care;
4 – dentists will have a more complete data set of the patient in their care;
5 – patients seeking information on enrollment status and benefits will receive more accurate, complete and easier to read information;
6 – consumer documents will be more uniform and easier to read;
7 – provider and plan cost savings will translate to less costly health care;
8 – patient claims follow-up costs will be reduced;
9 – patients will be able to see the information in their medical and dental records and who has accessed those records; patient records will be adequately protected through organizational policies and technical security controls;
10 – patient visits to dentists and other providers will be shorter without the burden of paper forms and consumer claims correspondence with insurers reduced.
———————————
With all the respect which is due to Dr. Ahlstrom, who unselfishly devotes his life to make improvements in the lives of others, I strongly disagree with him. I have problems with every one of his 10 selling points for HIPAA. I offer you my itemized objections, and look forward to reading rebuttals:
1 – dental office computer systems will be compatible with those of hospitals and health plans and referral inquiries handled easily; [How important is that? Communication with other healthcare professionals has never been an issue in my office. I cannot imagine a general dentist ever needing anything faster than a telephone and FAX machine. Both are still convenient, inexpensive and do not endanger our patients’ welfare - mostly because they are not yet covered by HIPAA. As far as aiding communication with insurers, that is not dentistry’s problem. There is no logical reason for the ADA to help dental insurance companies increase their profits. This has never fit into the mission of the American Dental Association.]
2 – vendors will be able to supply low-cost software solutions to physicians and dentists who support standards-based electronic data interchange; [Supply solutions for what problems? How can a prosthodontist be so imprecise as to include vague words like “low-cost” in such important testimony which will be formally presented to Health and Human Services Secretary Michael Leavitt? Low-cost compared to what - no software? Dr. Ahlstrom should leave baseless advertisements to healthcare IT vendors. Once again, solutions for what problems?]
3 – administrative tasks can be accomplished electronically and dentists will have more time to devote to direct care; [As one of the best selling points that Dr. Ahlstrom highlights, this is still clearly a blatant reach. I find it odd to read that any dentists sacrifice chair time for administrative tasks. To further expose the absurdity in this weak selling point, HIPAA compliance itself increasingly adds administrative tasks to covered entities’ overhead, yet HIPAA inspections of dental offices have not even started. The business of dentistry is actually so simple that it was managed successfully for decades in even the busiest offices with pegboards and ledger cards. The bottleneck in dentistry has never been the front desk. It has always been the speed of the dentist. Furthermore, a dentist’s work actually takes more time now that it did fifty years ago because modern dentists have to wait on anesthesia to take effect before drilling on teeth. In addition, operatory turn-around is further delayed by an earlier unfunded mandate called OSHA, which also has nothing to hold down the cost of compliancy. The difference between the two? OSHA makes a little bit of sense, is hundreds of times cheaper and it does not harm patients.]
4 – dentists will have a more complete data set of the patient in their care; [This is beyond reaching. This is absurd. If this were not obviously written to placate members of the NCVHS who know nothing about dentistry, the intention of such a misrepresentation would not make sense at all. What more do dentists need to successfully treat a patient’s oral problems than an uncomplicated, up-to-date and concise health history like the hundreds of millions of paper ones safely in use today? Even if one pulls up an interoperable electronic health record, the dentist still must review it before initiating treatment. No time saved there. As more and more EHRs become imperceptibly altered by health insurance thieves who are not likely to be allergic to the same medications as the true owners of the records, I thank God that my patients’ health histories will always be paper, even if I pretend to have a paperless practice as mandated by law. It will cost more to have two sets of records, but my patients will enjoy less risk of anaphylactic shock.
Let’s face it, dentistry is not heart surgery. Dentists don’t even need to know blood types. A health record complicated with superfluous and possibly questionable health information clearly increases the chance for serious error without providing patients any benefit. In addition, some unethical employers, bankers, ad agencies and even insurers find detailed electronic information about patients’ frailties of value and worth paying for someone to steal millions at a time. Why should a dentist maintain any more medical information than necessary? There is no black market value for dental records. Why create one?]
5 – patients seeking information on enrollment status and benefits will receive more accurate, complete and easier to read information; [This should have never been mentioned by Dr. Ahlstrom. Adequate communication between an insured and the insurer is clearly an insurance problem and not a dental problem. ADA leaders like Dr. Ahlstrom must stop encouraging members to assume insurers’ responsibilities of explaining their intentionally complicated dental plans to their clients. The ADA should never again spend a penny to assist insurance companies. Once again, performing work for insurance companies is clearly outside the mission of the ADA. It always has been.]
6 – consumer documents will be more uniform and easier to read; [This is pure fantasy. Computerization does not fix sloppy, it empowers sloppy.]
7 – provider and plan cost savings will translate to less costly health care; [Although it is undeniable that electronic records benefit insurers more than anyone else, one has to pay close attention to Ahlstrom’s use of the words “cost savings.” If Ahlstrom had said that HIPAA will lower dentists’ overhead, that would be a lie. By calling it a cost savings, Ahlstrom technically concedes that HIPAA will indeed require an increase in overhead - which dental patients will ultimately have to pay to obtain dental care. Ahlstrom cleverly skirts a lie by promising savings over what it could cost otherwise. Perhaps he means without the low-cost vendors he previously mentioned.
It is undeniable. Dentists will have to raise fees just to cover the purchase of untried and expensive information technology that neither patients nor dentists demand. It is also undeniable that because of this absurdity, more children will go to bed with toothaches. So much for increasing access to care.
Will there be problems? You bet. Big expensive ones attached to very angry ADA members.
Here is something that has not been mentioned to members: In Subpart D, §160.426, of the HIPAA enforcement rule, there is a section titled “Notification of the public and other agencies” which gives HHS the right to inform virtually everyone if they find a violation in a dental office. When inspections begin, I expect HHS to publicly exhibit examples of violators because there is a growing bi-partisan push for accountability for data breaches, which continue to occur copiously. There is no doubt that news about HIPAA violations will be made public through the NPPES website using NPI numbers. Since dentists freely volunteered for the numbers, it makes this legal. Volunteering is legal consent to abide the laws of the revised 1966 Freedom of Information Act. Members have also not been told that an investigator can show up unannounced in any covered entity’s office and demand everything digital. This means that office computers can be immediately confiscated even before one is publicly labeled as a HIPAA violator on the Internet.]
8 – patient claims follow-up costs will be reduced; [This problem will never be solved electronically. Insurers will merely save money for postage on denial letters and an insurance executive will receive a bonus.]
9 – patients will be able to see the information in their medical and dental records and who has accessed those records; patient records will be adequately protected through organizational policies and technical security controls; [My patients can drop by my office at any time to see their dental records. If they want copies, I can provide those as well. I can even mail them. Nobody has ever had access to my patients’ paper records without my patients’ permission. As for protection, a huge, clunky sheet-metal file cabinet stuffed with hundreds of pounds of paper records, including radiographs, is hard to slip down a flight of metal and concrete stairs quickly without making at least a little noise. On the other hand, hackers, or even angry employees raise no alarm whatsoever, and they are gone in a flash with thousands of IDs. How can Dr. Ahlstrom promise that with HIPAA, electronic records will be adequately protected? What about the organizational policies he casually mentions? Does this mean more staff meetings? I should remind everyone that selling point number three was a decrease in administrative work. Lastly, effective technical security controls do not exist. For example: If electronic health records show who has accessed them, can someone discover who has accessed the 160 million records that have been reported lost in the last two years?]
10 – patient visits to dentists and other providers will be shorter without the burden of paper forms and consumer claims correspondence with insurers reduced. [Does this mean fewer HIPAA forms? Why should I care about a patient’s business with his or her insurer? I do not want that responsibility and such advice from an ADA leader is simply not consistent with the mission of the ADA.]
In closing, I have to ask why Dr. Ahlstrom would make up all this stuff. It is like he told the NCVHS what he thought they wanted to hear. Why couldn’t he just tell the truth? HIPAA offers no benefit to dental patients. In fact, the mandate endangers their welfare, making it unethical for a dentist to become a covered entity, even if encouraged to do so by the American Dental Association.
Someone really needs to step up and publicly defend HIPAA now. It is becoming a national embarrassment.
For each presidential candidate who has blatantly promised miracles from interoperable electronic health records which they knew nothing about, I would advise them to not say much at all about them right now. Especially this close to November. Darrell Pruitt DDS
The article describes how Dr. John Luther, Senior Vice President, Dental Practice/Professional Affairs in the ADA, caught an organized group of insurance companies red-handed conspiring to hijack the term “Evidence Based Dentistry” in order to deceptively promote their cost control efforts as quality control – carelessly harming their clients. Hardened dentists like Dr. Luther have always known that dental insurance companies regularly lie to their clients. Dental insurance is a sleazy business. I found it earthly entertaining to watch Dr. Luther kick their butts a bit. He’s my new hero.
“It is our opinion that this group is overweighed with individuals possessing insurance and finance backgrounds, and has no one with knowledge of evidence-based research and methods.” – John R. Luther, D.D.S., in a letter to AHIP in a Dec. 20, 2007 http://www.ada.org/prof/resources/pubs/adanews/images/080121_weitzner_letter.pdf
I think the ADA should sponsor research to study the importance of “dental homes” and the benefits from long term relationships with dental teams that patients prefer, rather than insurers. I could be wrong about the importance of continuity of care. Research could possibly show that patients, who go from dentist to dentist – depending on provider lists, may actually receive fewer fillings in their lifetimes than patients who stay with the same dentist for decades. I think dental insurance companies already have all the information one needs in order to do an exhaustive and definitive study of the issue. Do you think they might share that information with Dr. Luther if they were told that the research would possibly benefit the overall health of their managed care clients as well as all Americans? That, friends, would make for a worthwhile EBD study. Darrell Pruitt DDS
I saw some very nice Lumineers (by Den-mat) at the Southwest Dental Conference last week. I have never tried them, but I am considering it.
Do they pop off as often as veneers? Since Lumineers require no preparation, how much can one lengthen incisors before interference dislodges the restorations and/or causes myofascial pain? Darrell Pruitt DDS
DATA BREACH PROTOCOL ANNOUNCED BY ADA
On January 8th, Dr. John S. Findley, President-elect of the American Dental Association, signed the letter below which defines a data breach, describes a dentist’s obligation under the law in Texas to notify patients involved and the penalty for failing to do so. This is the first time this information has been made available to dentists anywhere in the nation in the 12 years of the HIPAA rule. Dr. Findley and his team are to be congratulated for working through an arduous and unpopular task. It demanded courage. Darrell Pruitt DDS
———————————————
ADA
American Dental Association
John S. Findley, D. D. S. President-Elect
January 8, 2008
Dr. Darrell Pruitt
6737 Brentwood Stair Rd., Ste. 220
Fort Worth, Texas 76112-3337
Dear Doctor Pruitt:
I received your email of December 26 and regret to learn of the loss of your computer. I did inquire as to appropriate procedures upon the occurrence of such an event and am copying below an excerpt from the response of out legal department.
“It appears that under these circumstances the dentist may wish to notify affected patients that their information may have been compromised so that they can take necessary steps to protect themselves (i.e. cancel credit cards, notify social security about potentially stolen social security numbers…). (This communication is informational and personal consultation between the dentist and his or her attorney is recommended.) They should also check their state breach notification laws to determine if there is anything else that is required.
In this case, the Texas Identity Theft Enforcement and Protection Act (Texas Code Sec. 48 et seq) (the “Act”) covers data breach notification. The Act protects both “Personal Identifying Information,” which is defined as any information that alone, or in conjunction with other information, can be used to identify an individual and an individual’s:
A) name, social security number, date of birth, or government-issued identification number;
B) mother’s maiden name;
C) unique biometric data, including the individual’s fingerprint, voice print, and retina or iris image;
D) unique electronic identification number, address, or routing code; and
E) telecommunication access device.
The Act also protects “Sensitive Personal Information,” which is defined as an individual’s first name or first initial and last name in combination with any one or more of the following items, if the name and the items are not encrypted:
i) social security number;
ii) driver’s license number or government-issued identification number; or
iii) account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account.
Sec. 48.102 of the Act creates a duty for businesses to protect and safeguard information through creating and implementing procedures for such purpose. If there is a breach in the security of information, the Act requires a business that maintains ‘Sensitive Personal Information” to notify the owners of such information as soon as possible that a breach has occurred. The Act specifies one of the following modes of notice to be provided:
1) written notice;
2) electronic notice, if the notice is provided in accordance with 15 U.S.C. Section 7001 (which basically requires that a consumer must consent to receiving such notice in electronic form); or
3) notice as provided by Subsection (f) (see below).
(f) If the person or business demonstrates that the cost of providing notice would exceed $250,000, the number of affected persons exceeds 500,000, or the person does not have sufficient contact information, the notice may be given by:
1) electronic mail, if the person has an electronic mail address for the affected persons;
2) conspicuous posting of the notice on the person’s website; or
3) notice published in or broadcast on major statewide media.
A person who violates the Act is liable to the state for a civil penalty of at least $2,000 but not more than $50,000 for each violation.”
The information pertaining to your question was found in the Identity Theft Enforcement and Protection Act, Chapter 48 of the Business and Commerce Act of Texas.
We hope this information helps.
Sincerely,
John S. Findley, D.D.S.
President-elect
JSF:cac
cc: Dr. S. Jerry Long, trustee, Fifteenth District
Dr. James Bramson, executive director
Ms. Mary Logan, chief operative officer
Ms. Tamra Kempf, chief legal counsel
Ms. Mary Kay Linn, executive director, Texas Dental Association
This is great info Darrell!
Thanks for sharing. This is the type of help you hope you never need, but is so valuable if you do need it…………….
Actually this happened to me about 5 years ago, and I wish I had this info back then. I hope this is the type of info I can file away and never have to use
Thanks, Jason
HIPAA FALLS FLAT IN US DENTISTRY
Don’t tell anyone, but HIPAA failed long ago and the nation’s politicians are trying to keep it a secret until at least after the next presidential election. I am afraid the bad news won’t wait. Of all the candidates, I think Senator Barack Obama will be the one to spill the news by responding to this essay on Dentist.Com. Why shouldn’t I invite him to respond on a free forum? It is worth a try. From what his campaign website says, he is a fan of modern communication and Dentist.Com is revolutionary in healthcare – as well as consistent with Obama’s ideas for government. Keep reading. I’ll show you the event horizon, friend.
All presidential candidates, including Obama, still have no clue about the absurdity of HIPAA because politicians never consider dentistry. That is unfortunate. It is nothing new
While searching for a presidential candidate to invite to participate in open discussion about the future of dentistry, I came across Barack Obama’s campaign website. http://www.barackobama.com/issues/technology/#solve-problems
Under his stated commitment to invest in healthcare information technology, his campaign reveals that “A key feature of Barack Obama’s health care plan is the use of technology to lower the cost of health care.” He certainly was not considering dentistry when he wrote that statement. He also was not considering dentistry when he wrote that paper records are inferior to electronic records when coordinating care, measuring quality and reducing errors.
Senator Obama claims that he will develop healthcare IT in coordination with providers and frontline workers. Once again, I think we can be certain that he was not thinking about dentists. Healthcare IT is going nowhere in dentistry.
He does, however, make a valid point that paper claims cost twice as much to process than electronic. That makes digitalization of dental claims a wonderful opportunity for the insurance industry to increase their profits as well as executive bonuses. But it falls far short of a dentistry concern, nor is reducing insurance overhead at all consistent with the Hippocratic Oath. If insurers want to save money using digitalized data, they deserve to. This is America. They will just have to convert paper dental claims themselves. For every dollar they require dentists to invest in their IT infrastructure, someone goes to bed with a toothache. Accessibility to dental care is not only consistent with the mission of the American Dental Association, but it is always more important than CEO stock options.
The virtually complete rejection of EHRs in dentistry proves that dentists do not want the expense and liabilities that come with paperless practices. Even after being heavily pushed by entrepreneurial and governmental stakeholders, fewer than 15% of physicians have adopted EHRs. Because physicians must maintain four to five times the number of patients’ records as dentists, and because medical histories can be as thick as telephone books, as well as the constant need for lab results and consultations with others that is almost non-existent in dentistry, physicians’ patients might actually benefit from EHRs some day. However, the Department of Health and Human Services has to finally resort to paying 1200 physicians across the nation just to get them to try EHRs. How much will taxpayers have to pay dentists to try them, considering they offer no tangible benefits for dental patients, while the expenses and liabilities of being HIPAA compliant continue to increase because there is nothing holding down the cost? Taxpayers cannot afford any more mandate fantasy.
Now that the truth is out, and HIPAA is inescapably dead in dentistry, where do we go from here? Organized dentistry must announce that it is separating from the rule because actions allowed and even encouraged by the act directly harm dental patients. The HIPAA rule is unethical, not only because it methodically takes control of treatment decisions from dentists and patients, but because it is a complete failure at protecting patient privacy as well. HIPAA clearly disregards the Hippocratic Oath in many painful ways.
So how could the failure of interoperable EHRs in dentistry affect the election if someone like Barack Obama were paying attention? Many politicians who know so little about dentistry promise higher quality (fillings) at lower prices. Any dentist who has ever done a filling has to wonder how EHRs can possibly cause that to happen. Will Barack Obama really listen to reason, or will he ignore dentists just like the Bush administration does.
I chose candidate Barack Obama to highlight, not because I particularly support him, but because of my interest in another promise he posted under the topic: “Create a Transparent and Connected Democracy – Open Up Government to Citizens.”
His campaign literature claims that an Obama presidency will use cutting-edge technology, creating a new level of transparency, accountability and participation. Furthermore, his campaign promises that it has a vision of how technology can help connect government to its citizens and better engage them in democracy. It already sounds a lot like Dentist.Com, doesn’t it? Hmmm… Who is copying whom? Maybe Obama and Dentist.Com’s creator both sense society’s desire of better, more inclusive democratic governance.
In Obama’s list of ways to integrate citizens into the actual business of government, he includes making government data available online. Perhaps if Obama were president, I could find out how many dentists in the nation have NPI numbers. Neither the Department of Health and Human Services nor the ADA Department of Dental Informatics will let go of that information. I assume they keep it a national secret for my own good.
Without even one mention of “2.0,” there are plenty of web 2.0 characteristics in the fresh ideas Obama offers in his campaign. Not only does he promote blogs, wikis and social networking, but he wants to open up government decision-making and involve the public in the work of agencies by tapping into the vast expertise of citizenry to help make more informed decisions. This represents “architecture of participation” – the classic characteristic of web 2.0. Today, this is also called using the Internet as a “platform.”
Get this: Obama would require his appointees to employ all the technological tools available including blogs, wikis and social networking. He pledges to modernize information sharing in order to improve governance and to allow citizens to be heard. It is my opinion that ADA officials could learn from Obama. If a member wishes to voice an opinion, organized dentistry still use letters to the editor -“Talk to the hand, doctor.” No kidding.
Here is the reason that I think Obama just might listen, even though he has misconceptions about EHRs. He says he wants to restore the basic principle that government decisions should be based on the best-available, scientifically-valid evidence and not on the ideological predispositions of agency officials. Wow.
Now if I can only get Barack Obama to understand that HIPAA does not help dental patients, he will be the first ever enlightened politician in dental history. Darrell Pruitt DDS
ADA HIPAA testimony to NCVHS, July 2007
As you may already be aware, I have a hobby. I uncover absurdity in dentistry, and then I share what I find with my friends. Modern Internet transparency is exposing a limitless amount of material for me to share, simply because so much was obscure for so long. HIPAA alone makes dentistry a target-rich neighborhood. Good thing I write profusely and thank God for freedom of speech. Just in time. I could use some help, you know.
Dr. Findley’s letter of January 8th (posted 1/25/08) ominously outlines the seriousness of a data breach for dental offices. It is clear that a breach could bankrupt a practice whether it is reported or not.
If it is so dangerous to maintain patients’ identifiers on office computers, what are the offsetting advantages to electronic health records?
For the sake of argument, let us will away every one of the liabilities of HIPAA in dentistry and pretend that electronic health records software doesn’t cost $60,000 per dentist. Since we’re evaporating liabilities, let’s disappear the PriceWaterHouse inspectors that HHS is hiring to enforce HIPAA compliance as well. We would not have liked them anyway. Trust me.
Let us also pretend that in offices of two employees or less, nobody has a federal obligation to take on the responsibility of the IT security officer, who has to deal with Standard CFR 164.310 (d)(2)(iii). ( It specifies that where it is reasonable and appropriate, the covered entity should “maintain a record of the movements of hardware and electronic media and any person responsible therefore.” This standard requires the security officer to track the movements of hardware and electronic media that contains ePHI.1(p12) – source: “HIPAA security series: 3. Security standards: physical standards. US Dept of Health and Human Services, Centers for Medicare and Medicaid Services.” Updated Mar 2007, Vol 2, Paper 3. Available at: http://www.cms.hhs.gov/EducationMaterials)
Finally, let us fool ourselves into believing that our patients actually give a flip about electronic dental records.
We should be left with lots of benefits, right?
In my research to find value in EHRs, I came across an article posted on August 23rd titled, “Association testifies on HIPAA transaction standards,” written by Craig Palmer.
http://www.ada.org/prof/resources/pubs/adanews/adanewsarticle.asp?articleid=2641
Dr. Robert H. Ahlstrom, who testified in July before the standards and security subcommittee of the National Committee on Vital and Health Statistics (NCVHS), is a prosthodontist from Reno and a tireless ADA volunteer. He is a respected veteran proponent of paperless dental practices. He is known to often point out that now is the time for dentists to quickly invest in the ultra-slippery portability of digitalized patient information so that every dental patient’s dental history, as well as personal identifiers, can be made available instantly on any computer on Earth, possibly tens of thousands at a time. This fall he was appointed chair of the Dental Practice Model 2020 Committee – a group of ADA representatives shaping the future of our profession.
Here is an excerpt from the article containing Dr. Ahlstrom’s testimony about the benefits of HIPAA:
——————————
Dr. Ahlstrom, representing the ADA at the hearing, cited as potential benefits to dentists and patients from standards developed under the Health Information Portability and Accountability Act of 1996, more commonly short-handed to HIPAA:
1 – dental office computer systems will be compatible with those of hospitals and health plans and referral inquiries handled easily;
2 – vendors will be able to supply low-cost software solutions to physicians and dentists who support standards-based electronic data interchange;
3 – administrative tasks can be accomplished electronically and dentists will have more time to devote to direct care;
4 – dentists will have a more complete data set of the patient in their care;
5 – patients seeking information on enrollment status and benefits will receive more accurate, complete and easier to read information;
6 – consumer documents will be more uniform and easier to read;
7 – provider and plan cost savings will translate to less costly health care;
8 – patient claims follow-up costs will be reduced;
9 – patients will be able to see the information in their medical and dental records and who has accessed those records; patient records will be adequately protected through organizational policies and technical security controls;
10 – patient visits to dentists and other providers will be shorter without the burden of paper forms and consumer claims correspondence with insurers reduced.
———————————
With all the respect which is due to Dr. Ahlstrom, who unselfishly devotes his life to make improvements in the lives of others, I strongly disagree with him. I have problems with every one of his 10 selling points for HIPAA. I offer you my itemized objections, and look forward to reading rebuttals:
1 – dental office computer systems will be compatible with those of hospitals and health plans and referral inquiries handled easily; [How important is that? Communication with other healthcare professionals has never been an issue in my office. I cannot imagine a general dentist ever needing anything faster than a telephone and FAX machine. Both are still convenient, inexpensive and do not endanger our patients’ welfare - mostly because they are not yet covered by HIPAA. As far as aiding communication with insurers, that is not dentistry’s problem. There is no logical reason for the ADA to help dental insurance companies increase their profits. This has never fit into the mission of the American Dental Association.]
2 – vendors will be able to supply low-cost software solutions to physicians and dentists who support standards-based electronic data interchange; [Supply solutions for what problems? How can a prosthodontist be so imprecise as to include vague words like “low-cost” in such important testimony which will be formally presented to Health and Human Services Secretary Michael Leavitt? Low-cost compared to what - no software? Dr. Ahlstrom should leave baseless advertisements to healthcare IT vendors. Once again, solutions for what problems?]
3 – administrative tasks can be accomplished electronically and dentists will have more time to devote to direct care; [As one of the best selling points that Dr. Ahlstrom highlights, this is still clearly a blatant reach. I find it odd to read that any dentists sacrifice chair time for administrative tasks. To further expose the absurdity in this weak selling point, HIPAA compliance itself increasingly adds administrative tasks to covered entities’ overhead, yet HIPAA inspections of dental offices have not even started. The business of dentistry is actually so simple that it was managed successfully for decades in even the busiest offices with pegboards and ledger cards. The bottleneck in dentistry has never been the front desk. It has always been the speed of the dentist. Furthermore, a dentist’s work actually takes more time now that it did fifty years ago because modern dentists have to wait on anesthesia to take effect before drilling on teeth. In addition, operatory turn-around is further delayed by an earlier unfunded mandate called OSHA, which also has nothing to hold down the cost of compliancy. The difference between the two? OSHA makes a little bit of sense, is hundreds of times cheaper and it does not harm patients.]
4 – dentists will have a more complete data set of the patient in their care; [This is beyond reaching. This is absurd. If this were not obviously written to placate members of the NCVHS who know nothing about dentistry, the intention of such a misrepresentation would not make sense at all. What more do dentists need to successfully treat a patient’s oral problems than an uncomplicated, up-to-date and concise health history like the hundreds of millions of paper ones safely in use today? Even if one pulls up an interoperable electronic health record, the dentist still must review it before initiating treatment. No time saved there. As more and more EHRs become imperceptibly altered by health insurance thieves who are not likely to be allergic to the same medications as the true owners of the records, I thank God that my patients’ health histories will always be paper, even if I pretend to have a paperless practice as mandated by law. It will cost more to have two sets of records, but my patients will enjoy less risk of anaphylactic shock.
Let’s face it, dentistry is not heart surgery. Dentists don’t even need to know blood types. A health record complicated with superfluous and possibly questionable health information clearly increases the chance for serious error without providing patients any benefit. In addition, some unethical employers, bankers, ad agencies and even insurers find detailed electronic information about patients’ frailties of value and worth paying for someone to steal millions at a time. Why should a dentist maintain any more medical information than necessary? There is no black market value for dental records. Why create one?]
5 – patients seeking information on enrollment status and benefits will receive more accurate, complete and easier to read information; [This should have never been mentioned by Dr. Ahlstrom. Adequate communication between an insured and the insurer is clearly an insurance problem and not a dental problem. ADA leaders like Dr. Ahlstrom must stop encouraging members to assume insurers’ responsibilities of explaining their intentionally complicated dental plans to their clients. The ADA should never again spend a penny to assist insurance companies. Once again, performing work for insurance companies is clearly outside the mission of the ADA. It always has been.]
6 – consumer documents will be more uniform and easier to read; [This is pure fantasy. Computerization does not fix sloppy, it empowers sloppy.]
7 – provider and plan cost savings will translate to less costly health care; [Although it is undeniable that electronic records benefit insurers more than anyone else, one has to pay close attention to Ahlstrom’s use of the words “cost savings.” If Ahlstrom had said that HIPAA will lower dentists’ overhead, that would be a lie. By calling it a cost savings, Ahlstrom technically concedes that HIPAA will indeed require an increase in overhead - which dental patients will ultimately have to pay to obtain dental care. Ahlstrom cleverly skirts a lie by promising savings over what it could cost otherwise. Perhaps he means without the low-cost vendors he previously mentioned.
It is undeniable. Dentists will have to raise fees just to cover the purchase of untried and expensive information technology that neither patients nor dentists demand. It is also undeniable that because of this absurdity, more children will go to bed with toothaches. So much for increasing access to care.
Will there be problems? You bet. Big expensive ones attached to very angry ADA members.
Here is something that has not been mentioned to members: In Subpart D, §160.426, of the HIPAA enforcement rule, there is a section titled “Notification of the public and other agencies” which gives HHS the right to inform virtually everyone if they find a violation in a dental office. When inspections begin, I expect HHS to publicly exhibit examples of violators because there is a growing bi-partisan push for accountability for data breaches, which continue to occur copiously. There is no doubt that news about HIPAA violations will be made public through the NPPES website using NPI numbers. Since dentists freely volunteered for the numbers, it makes this legal. Volunteering is legal consent to abide the laws of the revised 1966 Freedom of Information Act. Members have also not been told that an investigator can show up unannounced in any covered entity’s office and demand everything digital. This means that office computers can be immediately confiscated even before one is publicly labeled as a HIPAA violator on the Internet.]
8 – patient claims follow-up costs will be reduced; [This problem will never be solved electronically. Insurers will merely save money for postage on denial letters and an insurance executive will receive a bonus.]
9 – patients will be able to see the information in their medical and dental records and who has accessed those records; patient records will be adequately protected through organizational policies and technical security controls; [My patients can drop by my office at any time to see their dental records. If they want copies, I can provide those as well. I can even mail them. Nobody has ever had access to my patients’ paper records without my patients’ permission. As for protection, a huge, clunky sheet-metal file cabinet stuffed with hundreds of pounds of paper records, including radiographs, is hard to slip down a flight of metal and concrete stairs quickly without making at least a little noise. On the other hand, hackers, or even angry employees raise no alarm whatsoever, and they are gone in a flash with thousands of IDs. How can Dr. Ahlstrom promise that with HIPAA, electronic records will be adequately protected? What about the organizational policies he casually mentions? Does this mean more staff meetings? I should remind everyone that selling point number three was a decrease in administrative work. Lastly, effective technical security controls do not exist. For example: If electronic health records show who has accessed them, can someone discover who has accessed the 160 million records that have been reported lost in the last two years?]
10 – patient visits to dentists and other providers will be shorter without the burden of paper forms and consumer claims correspondence with insurers reduced. [Does this mean fewer HIPAA forms? Why should I care about a patient’s business with his or her insurer? I do not want that responsibility and such advice from an ADA leader is simply not consistent with the mission of the ADA.]
In closing, I have to ask why Dr. Ahlstrom would make up all this stuff. It is like he told the NCVHS what he thought they wanted to hear. Why couldn’t he just tell the truth? HIPAA offers no benefit to dental patients. In fact, the mandate endangers their welfare, making it unethical for a dentist to become a covered entity, even if encouraged to do so by the American Dental Association.
Someone really needs to step up and publicly defend HIPAA now. It is becoming a national embarrassment.
For each presidential candidate who has blatantly promised miracles from interoperable electronic health records which they knew nothing about, I would advise them to not say much at all about them right now. Especially this close to November. Darrell Pruitt DDS
ADA defends patients’ welfare
On January 24th, an article written by Arlene Furlong, was posted on the ADA News Online. Our ADA leaders are standing up for our patients – protecting them from insurance harm. http://www.ada.org/prof/resources/pubs/adanews/adanewsarticle.asp?articleid=2855
The article describes how Dr. John Luther, Senior Vice President, Dental Practice/Professional Affairs in the ADA, caught an organized group of insurance companies red-handed conspiring to hijack the term “Evidence Based Dentistry” in order to deceptively promote their cost control efforts as quality control – carelessly harming their clients. Hardened dentists like Dr. Luther have always known that dental insurance companies regularly lie to their clients. Dental insurance is a sleazy business. I found it earthly entertaining to watch Dr. Luther kick their butts a bit. He’s my new hero.
“It is our opinion that this group is overweighed with individuals possessing insurance and finance backgrounds, and has no one with knowledge of evidence-based research and methods.” – John R. Luther, D.D.S., in a letter to AHIP in a Dec. 20, 2007 http://www.ada.org/prof/resources/pubs/adanews/images/080121_weitzner_letter.pdf
I think the ADA should sponsor research to study the importance of “dental homes” and the benefits from long term relationships with dental teams that patients prefer, rather than insurers. I could be wrong about the importance of continuity of care. Research could possibly show that patients, who go from dentist to dentist – depending on provider lists, may actually receive fewer fillings in their lifetimes than patients who stay with the same dentist for decades. I think dental insurance companies already have all the information one needs in order to do an exhaustive and definitive study of the issue. Do you think they might share that information with Dr. Luther if they were told that the research would possibly benefit the overall health of their managed care clients as well as all Americans? That, friends, would make for a worthwhile EBD study. Darrell Pruitt DDS
Lumineers – Good or Bad?
I saw some very nice Lumineers (by Den-mat) at the Southwest Dental Conference last week. I have never tried them, but I am considering it.
Do they pop off as often as veneers? Since Lumineers require no preparation, how much can one lengthen incisors before interference dislodges the restorations and/or causes myofascial pain? Darrell Pruitt DDS