Patient names and general financial information found in reports pertaining to payments and reimbursements by third-party insurers/payers were transmitted in an unauthorized manner from an official Atlanta dental practice e-mail account between September 10, 2019 through September 12, 2019. The transmission was made from an administrator e-mail account belonging to Buckhead Smile Center, PC, to a non-authorized personal Google e-mail account belonging to a former Practice employee.
Buckhead Smile Center, PC, is a general dentistry practice, located in Northwest Atlanta. It serves the geographic regions of Buckhead Village, North Tuxedo Park, Peachtree Hills, and Garden Hills.
Based on an investigation initiated by the Practice immediately upon the discovery of the unauthorized transmission on September 19, 2019, the transmittal made by the former employee occurred outside the course and scope of his employment responsibilities. However, at the time of transmission, the former employee was still working at the Practice in an administrative capacity, which enabled him the access needed to improperly transmit the patient information.
The Practice thoroughly reviewed every e-mail and attachment encompassed within the discovered unauthorized transmissions to identify all patients affected by this incident. The practice has taken all steps to rectify the unauthorized transmission, including notifying the affected individuals and reporting the incident to Federal and local law enforcement authorities.
Based on the investigation conducted by the Practice, there is no indication that any personal information was copied or used inappropriately. Additionally, the investigation showed that no other protected information, including but not limited to, specific treatment information, medical documentation, diagnosis, social security number, date of birth, home address, credit card information, etc., had been transmitted.
The security and confidentiality of patient information is of critical importance to Buckhead Smile Center, PC. The Practice remains committed to protecting the confidentiality and security of its patients’ information. While the Practice has a regular training and compliance program, it has since reinforced employee training on the Health Information Portability and Accountability Act (HIPAA) and privacy matters. Additionally, the Practice is reviewing current security and privacy measures and will make any appropriate improvements.
For patients that feel they may have been affected by this incident, it has established a designated toll-free number and email address where patients may direct their questions or concerns. Any questions pertaining to this incident may be directed by phone to 1(800)–997–1686 9:00 AM to 7:00 PM Eastern Time, or, alternatively, by e-mail to [email protected].