Key Dental Group, a dental clinic in Pembroke Pines, FL, is advising clients of an alleged HIPAA violation that could may result in the unauthorized accessing of patients’ protected health information (PHI).
After amending its electronic medical record (EMR) database supplier, Key Dental Group requested its previous vendor, MOGO, the return its EMR database. Even though the end user license agreement (EULA) stipulated that all patient data must be given back on termination of the agreement, MOGO has refused to return the database.
MOGO contacted to Key Dental Group, via its attorney, that the database would not be given back. The Pembroke Pines dental clinic claims that in addition to breaching the EULA, MOGO, as a HIPAA business associate, is breaching of the Health Insurance Portability and Accountability Act.
Any security breach, such as the unauthorized accessing of patients’ protected health information, requires alerts to be sent to impacted patients. Key Dental Group cannot say whether the database has been accessed after the termination of the EULA, but since the KDG-MOGO database can no longer be accessed, reviewed, or protected from unauthorized access, alerts were deemed necessary.
Key Dental Group in a recent press release about the HIPAA incident said: “While Key Dental Group cannot definitively say that unauthorized access has or will occur to this database, given the apparent violations of various portions of HIPAA triggered by MOGO’s actions and the sensitivity of the information the database contains, Key Dental Group, PA is publicly notifying its patients at this time of this incident.”
All patients whose PHI – which incorporates names, addresses, dates of birth, medical histories, diagnoses/conditions, lab/test results, treatment information, medications, health insurance data, claims information, and the Social Security numbers of some Medicare/Medicaid patients – is held on the database have been told to be aware of the possibility of identity theft and fraud.