Help with HIPAA Compliance
Help with HIPAA Compliance
Helping you understand the complexities of compliance under the HIPAA Security and Privacy Rules. Our team of experts in regulatory compliance can answer any questions you may.
Colington Consulting

Indiana Dentist Fined by State for HIPAA Violations

Indiana Dentist Fined by State for HIPAA Violations

1/10/2015 7:14:32 AM   |   Comments: 0   |   Views: 1028

According to an article published in the Kokomo (Indiana) Tribune, a former Kokomo dentist, Joseph Beck, “agreed to pay the state $12,000 for disposing of patient files in an Indianapolis dumpster, the Attorney General’s Office (recently) reported. The Attorney General’s Office sued Beck for failing to protect personal information and for improperly disposing of records containing personal information of Indiana residents, which violates state privacy laws as well as the federal Health Insurance Portability and Accountability Act (HIPAA).” 

What is significant is, “This is the first time Indiana has sued for a violation of HIPAA.” The article went on to say, “More than 60 boxes of patient records from Beck’s former Comfort Dental clinic in Kokomo were found discarded in an Indianapolis dumpster in March of 2013. The files contained records from 2002-2007.” Not only are the Feds involved with compliance oversight, but now the states have an active interest, especially when civil monetary penalties can be imposed. States may view this as a way to step up their game when it comes to conducting audits, investigations and prosecutions for HIPAA compliance. With more and more data breaches occurring, it makes perfect sense for this course of action. 

The Office for Civil Rights (OCR), which enforces Federal regulations and compliance for HIPAA, has been conducting training for State Attorneys General (AGs). OCR developed HIPAA enforcement training to state AGs and their staff on how to use this authority to enforce the HIPAA Privacy and Security Rules. The training course provides assistance on how to investigate HIPAA violations. But more importantly, the training shows AGs how to seek civil damages for HIPAA violations that affect residents of their respective states. 

With this recent case in Indiana, the dentist “hired a private company, Just the Connection, Inc. to retrieve and dispose of his patient records, which included names, medical records, phone numbers, birth dates, Social Security numbers, insurance cards, insurance information and state ID numbers.” It is unclear if Beck had a Business Associate Agreement (BAA) in place with the private company to properly dispose of the records. The BAA would have been required in this case.

As a covered entity, this story reinforces the need not only to have a BAA in place with any vendor who is accessing your protected health information, but also make sure your own HIPAA policies and procedures cover proper record disposal. Any BAA must require that a business implement the proper safeguards to prevent unauthorized use or disclosure of protected health information (PHI) not only for electronic records, but also for any paper records or charts. This is especially critical for the document destruction process for PHI.

Although smaller state civil settlements are not on par with the millions OCR seeks during a resolution agreement, it does allow the states to become more engaged in investigating these types of breaches. Just more one reason to be HIPAA compliant. 

More Like This

Total Blog Activity

Total Bloggers
Total Blog Posts
Total Podcasts
Total Videos


Townie Perks

Townie® Poll

Do you allow parents into the operatory?

Site Help

Sally Gross, Member Services
Phone: +1-480-445-9710

Follow Dentaltown

Mobile App



9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 · Phone: +1-480-598-0001 · Fax: +1-480-598-3450
©1999-2019 Dentaltown, L.L.C., a division of Farran Media, L.L.C. · All Rights Reserved