Key Dental Group in Pembroke Pines, FL is notifying patients about a possible HIPAA violation that could result in the unauthorized accessing of their protected health information (PHI).
Key Dental Group recently changed its electronic medical record (EMR) database provider. However, the former vendor, MOGO, failed to return Key Dental Group’s EMR database. According to the end user license agreement (EULA), MOGO should have returned all patient data when the agreement was terminated.
MOGO informed Key Dental Group, through its lawyer, that the database will not be returned. The Pembroke Pines dental practice claims that MOGO has violated the EULA and the Health Insurance Portability and Accountability Act.
When a data security breach occurs, HIPAA-covered entities must issue notifications to affected patients. While unauthorized accessing of data may not have occurred, Key Dental Group is no longer able to monitor or protect the KDG-MOGO database from unauthorized access. Therefore, it was deemed necessary to send notifications.
The patients’ PHI contained in the database includes names, addresses, birth dates, medical histories, laboratory/test results, diagnoses/conditions, treatment data, prescribed medicines, medical insurance data, claims data, and the Social Security numbers of Medicare/Medicaid patients. All affected patients were told to be alert to the risk of identity theft and fraud.