After amended its electronic medical record (EMR) database supplier, Key Dental Group asked its previous supplier, MOGO, the return its EMR database. Even though the end user license agreement (EULA) stated that all patient data must be handed over on termination of the agreement, MOGO has would not return the database.
MOGO advised to Key Dental Group, via its attorney, that the database would not be handed over. The Pembroke Pines dental practice claims that along with breaching the EULA, MOGO, as a HIPAA business associate, is in contravention of the Health Insurance Portability and Accountability Act.
All security breaches, including the unauthorized accessing of patients’ protected health information, requires notifications to be sent to impacted patients. Key Dental Group are not aware if the database has been accessed after the termination of the EULA, but since the KDG-MOGO database can no longer be accessed, reviewed, or safeguarded from unauthorized access, notifications were deemed necessary.
Key Dental Group, in a recent press release about the HIPAA incident, said “While Key Dental Group cannot definitively say that unauthorized access has or will occur to this database, given the apparent violations of various portions of HIPAA triggered by MOGO’s actions and the sensitivity of the information the database contains, Key Dental Group, PA is publicly notifying its patients at this time of this incident.”
All patients who had their personal health information – which includes names, addresses, dates of birth, medical histories, diagnoses/conditions, lab/test results, treatment information, medications, health insurance information, claims information, and the Social Security numbers of some Medicare/Medicaid patients – is stored on advised to monitor their accounts for any suggestion of identity theft and fraud.