Dentist Fined $12,000 for HIPAA Breach caused by a business associate

 It is not just electronic patient records that need to be protected but also paper records.  And you don’t have to worry only about your staff but also your business associates.  Not only do you need a written business associate agreement defining the terms of their compliance activities you need to follow up and make sure they are living up to the agreement.  The surest method is to ask them for a copy of their most recent HIPAA risk assessment not a HIPAA Checklist but an actual HIPAA risk assessment done to the NIST standards.  

By the way, what is the date of your most recent HIPAA risk assessment?  Periodic risk assessments followed up by a gap analysis of your risks and a plan to remediate those risks is a HIPAA requirement.  Not only for you but also for your business associates.

Remember, in my last blog I talked about a study that showed that 65% of patients would consider leaving a practice that had a HIPAA breach.  That makes the $12,000 look puny by comparison.
 I don’t know the size of Dr. Beck’s practice but if it is a small practice they could get HIPAA compliant, stay compliant and prove compliance for as little as $19.95 per month.  Take a look at or shoot me an email at 

Add Your Comments

(not published)

Reader Comments



From: Alex Bisset, 04/11/15 07:30 PM

This is why I used Logicworks' HIPPA Compliance cloud hosting services. The have helped me become HIPAA compliant. Plus they are a very secure and reliable company that has over 10 years in hosting. You can check them out at