VICARIOUS LIABILITY OF DENTAL STAFF MEMBERS

In today’s legal environment, a owner of a dental practice may be vicariously liable for the errors and omissions of staff members. As a general rule, the risks are clinical in nature, however, a substantial amount of   errors or omissions occur as a result of miscommunication. In matters of alleged patient miscommunication, a patient alleges that they were told the wrong clinical information, or were never told the correct clinical information at all.

Although, claims arising from a dentist’s vicarious liability for the clinical error or omission of a staff member may not be very common, dental malpractice claims arise from a patient’s dissatisfaction with staff member interaction. A dental practice owner can manage the risks of staff members by hiring qualified individuals, who can project the desired image of the practice, are well trained, and communicate in a clear manner.

RANSOMWARE – CYBER SECURITY BREACHES IN DENTAL OFFICES: What You Must Know TODAY

Dental offices are now being hit with Ransomware (cyber blackmail). If you own or work in a dental practice, you need to know what Ransomware is, and the ramifications of this serious security breach. You should learn more about mac security software if you are interested in safeguarding the future of your dental practice.
Ransomware Trojans are a type of cyberware that is designed to extort money from a dental office. Often, Ransomware will demand a “ransom” payment in order to release the hijacked dental office software.

The hijacking of dental office software can include:

  • Encrypting data and software that is used by a dental practice (Eagle Soft or Dentrix) – so that the dental office can no longer have access any type of patient information
  • Blocking normal access to the entire dental office software

How Ransomware Enters Dental Office Computers

The most common ways in which Ransomware is installed are:

  • Via phishing emails, or
  • As a result of visiting a website that contains a malicious program

After the Ransomware has infiltrated a particular computer or network, they leave a ransom message on the computer screen that demands the payment of BitCon Currency in order to decrypt the files or restore the system to its normal function. In most cases, the ransom message will appear when the user restarts their computer after the entire infiltration has taken place.

In order to keep on top of the latest cybersecurity breaches, we have taken the intuitive to consult with cybersecurity forensic experts, in order to assist our dental clients, both before the breach occurs [for preventive measures] and after a breach occurs [to determine the extent of the damages]. Of course, independent dental practices can always look to protect their offices by reaching out to some IT services Calgary area or somewhere more local to their dental office. By reaching out to IT professionals, they can reduce the chances of their business being hit by this Ransomware.

If a dental office is infected with Ransomware, a practice could suffer a massive security breach, and be subject to huge HIPAA fines [$100.00 to $50,000.00 per violation, as well as $250,000.00 in criminal fines].

Cyber Security for Dental Practices  

The provision of healthcare is changing at a rapid pace as healthcare providers endeavor to maintain maximum efficiency while navigating the technology rich climate. As a result of the reliance on electronic data, Healthcare Software, dental offices have become vulnerable to cyber security threats. The growing volume and sophistication of cyber-attacks suggest that dental practices will have to grow increasingly vigilant to ward off these threats. A breach of cyber security will inevitably lead to significant expenses, both financial and reputational, which can wreak havoc on a dental practice.

Many dentists believe that cyber criminals are not a threat to their small dental offices. However, when choosing between a large corporation or bank with security teams and firewalls preventing access to databases and a dental office with no firewall or security team, the dental practice will be the chosen target. In fact, many hackers specifically target small dental offices because they believe that the small business may not have the resources for sophisticated security devices and do not enforce employee security policies.

Dental practices are an increasing target for cyber criminals. These offices hold a vast amount of data, including names, health history, addresses, birthdates, social security numbers, and even banking information of hundreds, if not thousands, of patients. The threat of this information being stolen by a staff member or a cyber-criminal is great, and dental practice owners must address this concern before a theft creates a legal nightmare for the dental practice.

Healthcare organizations make up roughly 33% of all data security breaches across all industries and the healthcare industry is the most breached industry in the United States. According to the US Department of Health and Human Services, almost 21,000,000 health records have been compromised since September 2009. It has been shown that human error causes the majority of personal health information data breaches, and that actions of healthcare employees cause 3 times as many breaches as external attacks. This being the case, the question has to be asked: have you thought about looking into managed security services? This solution will manage threats and protect your customers’ data.

The most common causes of data breaches in healthcare organizations are theft, hacking, unauthorized access or disclosure, lost records and devices, and improper disposal of records. A significant proportion of healthcare breaches are a result of lost or stolen mobile devices, tablets and laptops. In addition, security breaches are not solely inflicted upon the large HMOs, as more than half of all organizations that suffer from security breaches have fewer than 1,000 employees.

The Health Insurance Portability and Accountability Act requires healthcare providers to maintain the privacy of patient health information and to take security measures to protect this information from abuse by staff members, hackers, and thieves. The penalties imposed upon health care providers for HIPAA violations are great. The monetary penalties can range from a fine of $100 to a fine of $50,000 per violation, with a $1,500,000 maximum annual penalty. In addition to the federal penalties, dentists may face penalties imposed at the state level as well as lawsuits filed by disgruntled patients whose health information has been compromised.

It is crucial for dentists to take steps to ensure that their practice is in compliance with HIPAA provisions regarding computer security. Because the majority of data security breaches occur when staff members fail to follow office procedures or exercise poor judgment, the location of computers in the dental office is key. All computers should be placed in areas where the computer screens are not visible to patients and visitors, and encrypted passwords should protect access to each computer. Passwords should contain mixed-case letters and include numbers or symbols and should be changed regularly. In addition, passwords should not be written down under keyboards or kept on desks or surfaces where the public may be able to access them. Dentists should ensure that all staff members understand the importance of maintaining the privacy of patient health information.

Every dental practice should have a policy that includes steps for safeguarding patient information and educate staff members as to how to comply with the office policy. A strict Internet and computer use policy should be enforced that prohibits staff members from checking personal e-mail accounts or visiting Internet sites that aren’t work-related. It is also important that dentists ensure that all firewalls, operating systems, hardware and software devices are up to date, strong and secure and that wireless networks are shielded from public view. Antivirus software should be installed on every computer, kept updated, and checked regularly.

When accessing office data remotely, dentists should use only trusted Wi-Fi hot spots and never use shared computers. Smartphones and tablets should be password protected to prevent easy access to patient information in case the device is lost or stolen. In addition, all hard copies of documents with patient information should be shredded. Finally, to ensure that your dental practice is HIPAA compliant, data transmitted to payers, health plans, labs and other healthcare providers may need to be encrypted to ensure that a hacker will not have access to this data.

Because dental practices are subject to heightened government enforcement and the scope of fines and penalties for data breaches have increased, many dental practices have relied on cyber insurance for protection in the event of a breach of cyber security. These insurance policies cover the cost of investigating a theft, compensate the insured for all state and federal fines and penalties imposed, and fund all related lawsuits and legal fees, thus relieving dentists of the financial and time burdens imposed as a result of the breach in security.

It would be prudent for all dentists to invest in data security and in the proper training of staff members as to acceptable use of office computers. If plans and policies are put in place proactively and steps are followed to ensure HIPAA security compliance, a dental practice should be able to prevent the significant cost and headache involved in responding to a cyber-breach. It wouldn’t be a bad idea to consider Azure monitoring tools to keep better track of your practices network traffic.

If a security breach in a dental office does occur, it is imperative that appropriate action is taken immediately, which includes determining how the breach occurred, and the extent of the security breach. In addition, if a security breach does occur, the owner of a dental practice must be very careful whom they initially contact and provide information to. Any improper or accidental disclosure to a third-party other than legal counsel for the dental practice owner may be subject to the rules of discovery if litigation occurs, which could increase the liability exposure of the practice owner. Having an ISMS system that is fully compliant with ISO 27001 ISMS will significantly reduce the chance of information breaches.

Stuart J. Oberman, Esq handles a wide range of legal issues for the dental profession including cyber security breaches, employment law, practice sales, OSHA, and HIPAA compliance, real estate transactions, lease agreements, noncompete agreements, dental board complaints, and professional corporations.

For questions or comments regarding this article please call (770) 554-1400 or visit www.obermanlaw.com

Labor Law Update for Dentists

As of April 30, 2012, most private sector employers will be required to post a notice advising employees of their rights under the National Labor Relations Act. This requirement applies to a variety of entities with a gross annual volume of at least $250,000.00. The poster is available for free at https://www.nlrb.gov/poster or by calling (202) 273-0064.

In addition to the NLRA poster, the U.S. government requires the posting of these workplace posters: 1) Employee Polygraph Protection, 2) Equal Employment Opportunity, 3) Fair Labor Standards Act, 4) Job Safety and Health Protection, 5) Rights Under the Family and Medical Leave Act (for employers of 50 or more individuals), and 6) Uniformed Services Employment and Reemployment Rights Act. You can obtain them for free from the U.S. Department of Labor Web site www.dol.gov/compliance/topics/oster.htm.

Social Media and the Dental Practice

The online world is growing. Facebook now boasts a “population” larger than the United States. Thousands of dentists are currently taking advantage of all types of social media. Why wouldn’t an Ortodoncista (orthodontist to those who don’t understand Spanish) want to show off their work on social media? It is important to take a brief look at some important issues and areas of concern for dental professionals using or considering the use of social media to build and promote their public, patient, and employee relationships.

Public Relations

The advantages of a strong social media presence are clear. Information may be shared with colleagues to sustain camaraderie, with patients to strengthen dentist-patient relationships, and with the public to bolster your reputation. It is vitally important to consult with your legal advisers early and often when bringing your professional presence to an online forum.

Patient Relations

If content on your social media page is also medical in nature, depending on the forum, the Health Information Portability and Accounting Act (HIPAA) may be implicated.

Members of the dental profession should adhere to the following guidelines:

(a) Dentists should be cognizant of standards of patient privacy and confidentiality that must be maintained in all environments, including online.

(b) When using the Internet for social networking, dentists should use privacy settings to safeguard personal information and content to the extent possible.

(c) If dentists interact with patients on the Internet, dentists must maintain appropriate boundaries of the patient-dentist relationship.

(d) To maintain appropriate professional boundaries dentists should consider separating personal and professional content online.

(e) Dentists must recognize that actions online and content posted may negatively affect their reputations among patients and colleagues, and may have consequences for their professional careers (particularly for dentists-in-training and dental students), and can undermine public trust in the dental profession.

When dental professionals provide a social media forum for patient feedback, they risk running afoul of HIPAA rules and regulations. Prior to building a social media presence, it is important to develop policies and procedures designed to guide appropriate use of the relevant forum. A few key points follow:

Under the Health Information Technology for Economic and Clinic Health Act (HITECH Act), there are substantial penalties and fines that may be assessed for HIPAA violations that occur during social media exchanges. Under the HITECH Act, fines range from $100.00 to $100,000.00.

Be clear with a disclaimer that patient information is personal and should never be shared via the Internet. Inform participants that any posting that appears to be a violation of this policy will be removed.

Employee Relations

It is important to keep your employees from becoming lax about privacy rules when it comes to social media.

Education is always the first line of defense when it comes to privacy and security safeguards. Make sure all employees are trained and up to date about the privacy and security rules and be sure to disseminate a written company policy outlining permissible and impermissible actions. Make social media training a part of your HIPAA compliance program.

Social media is a powerful tool for expanding a dental practice, but be aware of the potential complications. Always consult your legal adviser before branching out into online forums.

Protecting the Value of Your Practice:
 Non-Compete and Trade Secret Agreements

Practice owners are often concerned about how to best protect their patient base when an associate leaves the practice. There are two methods of preventing this type of devastation to a practice, which are: (1) non-compete agreements and (2) trade secret agreements.  Both of these types of agreements should be incorporated into an associate’s employment agreement.
Non-Compete Agreements
A non-compete agreement allows the owner of a practice to limit a former associate from starting his or her own practice as well as prohibit an associate from working for a competitor.  The owner of a practice should always consult with their attorney before entering into any type of non-compete agreement.
Trade Secrets
A trade secrets provision in an associate’s employment contract will also help protect confidential information of a practice.  A trade secrets provision should provide that all patients and their confidential information are trade secrets of the practice, and sanctions will be enforced against any associate or employee who attempts to use this confidential information for their own personal gain.
The owners of a practice must be familiar with non-compete and trade secrets agreements.  All associates should be required to sign a non-compete and a trade secrets agreement at the beginning of their employment.
Without a proper non-compete and trade secrets agreement, either prepared separately or incorporated into an associate’s contract, the owner of a practice has substantial financial risk.

Five Potential Legal Risks Associated with Groupon

With the explosion of social media and online marketing, members of the dental community must be aware of the risks associated with new marketing approaches. Moreover, with marketing services for dental practices soaring in popularity, it is crucial that dental industry professionals are aware of the legal side of promoting their products and services to a wider audience. Accordingly, while dental practices have successfully utilized the services of Groupon to attract new patients, there are growing concerns regarding this type of marketing. The American Dental Association has recently published its opinion on the Groupon issue. Before a dentist participates in a Groupon marketing campaign, they must be aware of potential ramifications.

1: Fee-Splitting
A dentist utilizing Groupon to offer discounts to new and current patients will split a portion of the revenue generated from the promotion with Groupon. Many states have regulations that prohibit fee splitting between a dentist and a third party. A violation of the state regulations could result in the dentist facing censure and reprimand, fines, suspension, and even license revocation.

2: Federal Anti-Kickback Statute
The federal anti-kickback statute, 42 U.S.C. § 1320a-7b(b) generally prohibits a dentist from offering or paying remuneration to induce a person to refer a patient that may be eligible for services under a federal health care program, including Medicare or Medicaid. A dentist violating federal law could be charged with a felony and subject to fines, imprisonment, and exclusion from federal health care programs.

3: Most Favored Nations Clause
The terms of a dentist’s contract with third party payors [insurance carriers] may pose problems with the offer and award of Groupon’s discounts to patients. Many insurance contracts provide that the dentist must provide the insurer with the best price that the dentist charges for a particular service (a “most favored nations” clause). Providing a discounted rate to Groupon customers may breach the most favored nation provision in an insurance contract. As a result, the dentist may be required to offer the same discount to the insurer’s patients.

4: ADA Ethical Rules
According to the American Dental Association Principles of Ethics and Code of Professional Conduct Section 4.E. Rebates and Split Fees, dentists “shall not accept or tender ‘rebates’ or ‘split fees'”.

5: Dental Boards
Most dental boards provide that a dentist “shall not give rebates or split fees with a referral source”.

Before a dentist enters into or makes a starts any type of marketing campaign (or social media campaign), they should seek legal advice as to the application of state and federal laws, the most favored nations clause, ADA Ethical rules and Dental Board rules. While the marketing of any dental practice is important, an ill-advised marketing campaign could result in a dentist being censured, reprimanded, fined, suspended, and lose their license.

Oral Cancer: Risk Management Considerations

Due to the increasing public concern regarding oral cancer, it is important for dentists to be aware of proper patient assessment and documentation procedures so that they may provide timely and proper treatment to their patients. In some cases, it can be a false alarm, such as a cold sore being mistaken for an infection, etc. If this is the case then treatment can be found online at https://quantumhealth.com/shop/category/oral-care. However, a thorough investigation is important in these matters to rule anything else out.

The U.S. Department of Health and Human Services states that oral pharyngeal cancers affect around 30,000 people per year in the United States, with around 8,000 of those cases resulting in death. A good deal of malpractice claims against dentists in the United States involves oral cancer cases.

For every dental practice, correct patient assessment is the first step in minimizing any risk to future legal entanglements. When assessing a patient and planning a treatment strategy, dentists should first carefully review the patient’s medical history to note any predisposing oral cancer factors. Next, a comprehensive oral evaluation should be completed.

This full examination should be followed with a review of oral radiographic images in order to note any potential abnormalities in the bones and dentition of the patient.

Properly documenting the patient assessment is just as important as accurately assessing the patient. In order to satisfy the basic standard of care, all dentists are required to perform these evaluations and note all the results from the examination in the patient’s permanent record.

In cancer cases, it is crucial that a treating dentist contact the patient’s oncologist to determine if any special precautions should be taken for the patient before and after undergoing medical treatment, such as chemotherapy. It is also essential that the medical history dictated in the patient’s record include information regarding whether or not the patient has undergone such medical treatment.

Dentists must carefully follow all procedures in the practice in order to help them avoid legal pitfalls. Properly assessing and examining the patient and documenting the patient’s record will not only keep the dentist out of legal trouble, but it will also provide the patient with positive dental care service.

1 5 6 7