Dental offices hold many pieces of personal information about their patients such as health history, birthdates and social security numbers. Threat of this information being stolen and misused either by a disgruntled employee or by an outside source is a concern that many dentists have not fully addressed. With new laws protecting patient privacy, theft of personal information from your dental office, written or electronic, creates liability for you. A theft involving patient information may involve legal consultation, public notification in the local media, and personal contact to patients whose information has been compromised. Not to mention the inevitability of a formal OCR investigation, as well as the expenses of possible lawsuits and state and federal fines.
You would also be required to notify all patients whose information was stolen. The scope is not limited just to local residents or current patients. You would be required to determine, with certainty, each individual record which was exposed and contact each person in writing. If a breach involving sensitive information involves every patient your practice has ever seen, for most, this can be thousands of people you are required to notify, in writing, and provide a toll free number to all patients affected by the theft and there is usually a time limit in which to do so. This could mean having to track down the address of every inactive patient in an extremely short amount of time. You would also need to staff a call center for patients to call if they have questions or need help and you would be required to pay for credit monitoring for your patients if the information breach was financial. Finally, if your breach involves more than 500 people, you are legally mandated to notify the media about your incident; triggering attention from regulators, privacy rights groups and advocates, and threatening your reputation in the community.