Building a HIPAA Compliance Program as a Dental Office Manager
Article Summary Identifying protected health information specific to dental practice covers radiographic images, periodontal charting, and lab referral records. The HIPAA Security Risk Analysis for a dental office accounts for imaging workstations, chairside computers, and open treatment layouts. Business Associate relationships unique to dental practices include laboratories, referral specialists, and insurance clearinghouses. Policies and the Notice of Privacy Practices address online review responses and marketing use of patient photographs. Compliance elements a Dental Office Manager should maintain include the risk analysis, signed agreements, and role based training records. Staff training in a multi role dental office covers the overlapping front desk, clinical, and billing duties one employee may hold. Front desk and scheduling privacy practices address sign in sheets, treatment boards, and open counter cost discussions. Keeping the program current depends on periodic review of the risk analysis, agreements, and training as staff change. Dental Office Manager Running HIPAA...
Greater Rochester Independent Practice Association Settles MOVEit Data Breach Litigation
A settlement has been agreed to resolve claims against Greater Rochester Independent Practice Association (GRIPA) arising from the May 2023 data breach involving Progress Software’s MOVEit file transfer solution. In May 2023, the Russian-speaking hacking group CL0p mass exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer file transfer solution. Cl0p exploited the vulnerability to attack an estimated 2,700 companies that used the software, exfiltrated sensitive data, and then demanded payment to prevent the publication of the stolen data. Globally, almost 96 million individuals were affected. Cl0p proceeded to leak large amounts of data on the dark web when its ransom demands were not met. In the United States, well over 100 class action lawsuits were filed against Progress Software and more than 100 client organizations over the attack and data breach. The plaintiffs alleged that the data breach could have been prevented by implementing industry-standard cybersecurity measures and protocols, such as software to detect suspicious activity, auditing the platform...
Serviceaide Pays $1.8 Million to Settle Data Breach Litigation
Serviceaide, Inc., a provider of AI-powered solutions to boost productivity and enhance service delivery, has agreed to pay $1.8 million to settle a lawsuit stemming from a 2024 data breach that exposed the protected health information of patients of its client, Catholic Health. Catholic Health is a Buffalo, NY-based non-profit healthcare system serving patients in Western New York through its hospitals, nursing homes, home care agencies, and physician practices. Catholic Health contracted with Serviceaide, and the provision of the contracted services required access to patient data. On or around November 15, 2024, Serviceaide identified unauthorized access to its systems. The forensic investigation confirmed that an unauthorized third party had access to its network from September 19, 2024, to November 5, 2024. Servieaide determined that a database containing the records of approximately 483,000 Catholic Health patients was potentially accessed or obtained. The database contained names, dates of birth, Social Security numbers, medical/health information, treatment information,...
Verizon Releases Inaugural Breach Impact Study
Verizon Business has released the findings from its inaugural Breach Impact Study, which focuses on the financial impact of data breaches. The BIS report is from the same authoring team as the Verizon Data Breach Investigations Report and was produced in partnership with CyberAcuView. The report is based on an analysis of around 70,000 U.S. cyber insurance claims, including 38,000 claims where the policies paid out. The data spans from January 2019 to October 2025. In contrast to many data breach cost reports, the report is based on median claim amounts rather than averages, which are susceptible to skewing. In 2019, the median financial impact was around $60,000, rising by 80% to $110,000 in 2025, with data breach costs outpacing inflation, which was around 23% over the period of the study. More than half of paid-out claims exceeded $83,000, with 10% having an impact of $920,000 or more. The most extreme 2.5% of cases exceeded $5 million in losses. The report shows that data breach costs almost doubled between 2019 and 2025, with business interruption the single largest loss...
HHS Provides Update on its Artificial Intelligence RFI
The Department of Health and Human Services (HHS) has provided an update on how it plans to accelerate the adoption of artificial intelligence (AI) in clinical care settings. AI has tremendous potential for improving efficiency in healthcare, achieving better patient outcomes, and lowering healthcare costs for Americans; however, there are risks associated with AI implementation in healthcare. The HHS issued a Request for Information (RFI) in December 2025 on how AI tools can be used to deflate healthcare costs, as part of the Make America Healthy Again initiative. HHS Secretary Robert F. Kennedy Jr. sought broad public input on how the HHS could use its regulatory, reimbursement, and research & development levers to enable AI adoption to propel the U.S. healthcare system forward. The HHS sought information on how digital health and software regulatory frameworks should evolve to account for AI-driven tools while maintaining patient safety; whether reimbursement structures could be simplified and better aligned to support the use of efficient, deflationary technologies; and...



