Live Chat
Washington State Dental Association

CyberSecurity for Dental Practices

Contact Washington Dentists’ Insurance Agency to learn more about this important coverage for your practice at 800-282-9342 or by email at

Dental offices hold many pieces of personal information about their patients such as health history, birthdates and social security numbers. Threat of this information being stolen and misused either by a disgruntled employee or by an outside source is a concern that many dentists have not fully addressed. With new laws protecting patient privacy, theft of personal information from your dental office, written or electronic, creates liability for you. A theft involving patient information may involve legal consultation, public notification in the local media, and personal contact to patients whose information has been compromised. Not to mention the inevitability of a formal OCR investigation, as well as the expenses of possible lawsuits and state and federal fines.

Health Insurance Portability and Accountability Act (HIPAA) law requires all health care providers to safeguard the privacy of patient information. It also requires them to implement required security measures to protect patient health information from computer hackers, employee abuse, untrained personnel mishandling, burglary, etc. The 2009 HITECH Act significantly strengthened many aspects of the HIPAA security rules including the penalties that the Department of Health and Human Services could impose for violations of HIPAA rules. A new Civil Monetary Penalty System makes monetary penalties mandatory for violations involving “willful neglect” ranging from a $100 fine a minor infraction to $50,000 for not correcting a known violation.
In addition to potential federal fines and penalties, you could also face other consequences for failing to protect patient information. You could be required to pay state fines in addition to the federal penalties and you have the possibility of being sued by the patients whose information was exposed. Even if patient lawsuits have no merit, you would still incur the cost of the legal fees for defense of each lawsuit and legal services would also be required to be in compliance with HIPAA and state regulations. You may also incur costs associated with forensics and investigation just to determine the full scope of the problem and how many patients are affected.

You would also be required to notify all patients whose information was stolen. The scope is not limited just to local residents or current patients. You would be required to determine, with certainty, each individual record which was exposed and contact each person in writing. If a breach involving sensitive information involves every patient your practice has ever seen, for most, this can be thousands of people you are required to notify, in writing, and provide a toll free number to all patients affected by the theft and there is usually a time limit in which to do so. This could mean having to track down the address of every inactive patient in an extremely short amount of time. You would also need to staff a call center for patients to call if they have questions or need help and you would be required to pay for credit monitoring for your patients if the information breach was financial. Finally, if your breach involves more than 500 people, you are legally mandated to notify the media about your incident; triggering attention from regulators, privacy rights groups and advocates, and threatening your reputation in the community.
In all, these costs average around $214 per compromised record. That could be thousands of dollars, and hundreds of hours of time, depending on the number of patients that were affected. Cybersecurity protection relieves you of the financial and time burdens that an information theft may cause your practice. Cybersecurity protection covers the cost of investigating a theft, the state and federal fines and penalties, lawsuits and legal fees.
It would also assist you in offsetting costs associated with creating the call center for affected patients and in sending written notifications. As more dental offices move to digital records and conduct more business and transferring of data online, the more essential Cybersecurity protection becomes. Contact Washington Dentists’ Insurance Agency to learn more about this important coverage for your practice at 800-282-9342 or by email at


Posted: / Last Updated: