Key Dental Group Alerts Patients About Potential HIPAA Violation

Share this article on:

Key Dental Group, a dental practice in Pembroke Pines, FL, is informing patients of an alleged HIPAA violation that could potentially result in the unauthorized accessing of patients’ protected health information (PHI).

After changing its electronic medical record (EMR) database provider, Key Dental Group requested its former vendor, MOGO, the return its EMR database. Even though the end user license agreement (EULA) stated that all patient data must be returned on termination of the agreement, MOGO has refused to return the database.

MOGO communicated to Key Dental Group, via its attorney, that the database would not be returned. The Pembroke Pines dental practice alleges that in addition to violating the EULA, MOGO, as a HIPAA business associate, is in violation of the Health Insurance Portability and Accountability Act.

Any security breach, such as the unauthorized accessing of patients’ protected health information, requires notifications to be sent to affected patients. Key Dental Group cannot say whether the database has been accessed after the termination of the EULA, but since the KDG-MOGO database can no longer be accessed, monitored, or protected from unauthorized access, notifications were deemed necessary.

“While Key Dental Group cannot definitively say that unauthorized access has or will occur to this database, given the apparent violations of various portions of HIPAA triggered by MOGO’s actions and the sensitivity of the information the database contains, Key Dental Group, PA is publicly notifying its patients at this time of this incident,” wrote Key Dental Group in a recent press release about the HIPAA incident.

All patients whose PHI – which includes names, addresses, dates of birth, medical histories, diagnoses/conditions, lab/test results, treatment information, medications, health insurance information, claims information, and the Social Security numbers of some Medicare/Medicaid patients – is present in the database have been told to be alert to the possibility of identity theft and fraud.

Author: HIPAA Journal

Share This Post On