You might have a reportable breach! RE: Yahoo! breach

I have sent emails, posted on our blog and begged our guest speakers to address this email concern. Some listened, some didn’t. And now, some will lose sleep, stress out and possibly be on the hook for a major HIPAA breach. Let’s talk about the YAHOO! breach.

Son of a breach!

One of the largest data breaches ever reported comes from Yahoo! this week over a breach that happened in 2014. They are expected to confirm 500 million users’ data was accessed in 2014. This access compromised even encrypted password and security questions. This is really bad news for many Dentists.

What does that mean to you, a Dentist? Actually a lot if you are using a Yahoo! email account to connect with your patients. If you sent PHI (Protected Health Information) through a Yahoo! account, you may have a reportable breach under HIPAA.

(If you don’t have Yahoo! but you are using another free service like Hotmail, gmail or aol, don’t stop reading…..there is a message for you here)

What do you do? If you used Yahoo! to communicate with your patients in 2014 or since 2014, you are required to do a HIPAA Risk Assessment to determine what your exposure is in this situation.

You will need to determine if your account was one of the hacked accounts. You will need to determine how much PHI was sent over the hacked account and how it will affect your patients. There is a very specific protocol to follow.

YAHOO! breach causes pain for providers

YAHOO! breach causes pain for providers

NOTE: OCR knows about this breach. DO NOT, I repeat, DO NOT ignore this, or sweep it under the rug. You must deal with this. The clock starts today. You have 60 days to investigate and report if needed.

WARNING: The following information may be offensive and painful. I recommend donning the steel toed boots, because some toes are about to be stepped on! If you have been following us, you know we have given plenty of warning about this situation in the past.

If you are using a professional email account with proper encryption, you can stop reading and go about your day knowing you are protecting your patients’ privacy and your practice.

Big Fines for Little Breaches

IF you use a FREE email service like YAHOO!, gmail, Hotmail, sbcglobal, aol, etc, you need to start taking HIPAA seriously. You ARE NOT HIPAA COMPLIANT! Stop being cheap and pay for your email. We use google apps (they are HIPAA compliant and have provided us a Business Associate Agreement to prove it). We pay $5/month per user. We also use an additional service called virtru that encrypts sensitive information which is only a couple bucks a month. In other words- HIPAA security is affordable. Paying $1.5 million fines is not.

If you find yourself in the position of stress due to being a Yahoo! user, and you need help, my team is here to help you. We care about you and your practice. That’s why we are here standing the gap and sometimes offering you a harsh bit of advice. Not sure how to navigate this mess, give us a call and we will give you some support.  817-755-0035

HIPAA Made Simple Part I

HIPAA Made Simple Part II

Dental Compliance Specialists, LLC is the Premier Dental Health Compliance and Quality Assurance provider in the country. We help Dentists develop and maintain compliance programs with the goal of keeping them out of the regulatory limelight. We have in-office and virtual programs all catered to the Provider’s specific needs. Dental Healthcare Compliance includes: DEA, ICE/Homeland Security, OIG, OSHA, HIPAA, Infection Control, Auditing and Monitoring, Record Auditing, employee training, Radiology Compliance, Medicaid Compliance and more…It’s not just about OSHA anymore!