Episode 786: When Dental Patients Use HIPAA for Leverage and Retaliation
![]() |
What happens when a disgruntled patient decides to weaponize HIPAA regulations against your dental practice? Can a simple billing dispute spiral into a federal investigation that costs hundreds of hours and devastates your reputation on social media?
Joining us is Dr. Karson L. Carpenter, President of Compliance Training Partners and an OSHA-approved trainer with over 25 years of experience designing educational programs for dental, medical, and veterinary facilities. Dr. Carpenter has guided numerous clients across the United States through OSHA and HIPAA inspections as well as the critical post-inspection process, making him uniquely qualified to discuss the realities of regulatory compliance in modern dental practice.
This episode examines a real case where a dental patient used HIPAA as leverage in a billing dispute, ultimately triggering an investigation by the Department of Health and Human Services Office of Civil Rights. Dr. Carpenter explains how patients can exploit vulnerabilities in practice compliance systems and turn regulatory agencies against dental offices. The discussion reveals the true cost of non-compliance—not just monetary fines, but hundreds of hours of doctor and staff time, reputation damage, and the psychological toll of regulatory scrutiny.
Episode Highlights:
- HIPAA investigations are typically patient-initiated and can stem from billing disputes rather than actual privacy violations, making proper documentation and training essential defensive measures. The Office of Civil Rights requests comprehensive evidence including written policies, training records, and security protocols regardless of the complaint's merit.
- Annual HIPAA training for all staff members, similar to OSHA requirements, provides crucial protection during investigations and should include policies on social media responses, secure communication protocols, and proper handling of patient record requests. Training documentation serves as primary evidence of compliance efforts during federal inspections.
- Social media responses to patient complaints require extreme caution, as any mention of specific treatments or patient details constitutes a HIPAA violation even when patients identify themselves. The safest response is a generic statement directing the patient to contact the office privately for resolution.
- Patient record requests must be fulfilled immediately regardless of unpaid copying fees, as delayed record release is the leading cause of HIPAA investigations in dental practices. Documentation should reflect that patients were informed of encryption risks when requesting records via unsecured email systems.
- Practices should designate a business office staff member as the HIPAA Privacy and Security Officer, separate from the clinical OSHA compliance officer, to manage audit checklists, training coordination, and communication with IT providers regarding security protocols and system updates.
Perfect for: General dentists, practice owners, office managers, and dental team members who need to understand HIPAA compliance requirements and protect their practices from regulatory weaponization by difficult patients.
Don't let a billing dispute turn into a federal investigation that could have been prevented with proper compliance documentation.
Transcript
specifically the Office of Civil Rights, and fined. What kind of monetary fines are we talking
about here? It could be $10,000 to $30,000. That's not going to shut you down.
But the hours, and I'm talking about hundreds of hours it's taken of doctor time,
of employee time, of this gut-wrenching work to get into compliance,
of... your reputation destroyed on social media, this is where the real cost is,
and I maintain that's far more than $10,000 to $30,000.
Welcome to Austin, Texas, and welcome to the Phil Klein Dental Podcast. Too many practices think of
HIPAA as just a form patients sign or a policy that's quote-unquote good enough.
But here's the reality. Patients can and do weaponize HIPAA. especially when there's a dispute over
services, copays, or balances owed. If you're not fully compliant, they can turn the tables and use
HIPAA and the Office of Civil Rights to come after your practice hard. In this episode,
we'll walk through a real case where a dental patient did exactly that, gaining the upper hand and
putting the practice on defense. It costs the office time, money, and reputation, all because of
preventable HIPAA mistakes. But don't worry, I'm not just here to scare you. We'll also break down
simple practical steps you can take to make sure your practice is protected and your team is fully
prepared. So don't be vulnerable. Don't give anyone that kind of leverage. Joining us today to shed
light on this topic is Dr. Karson Carpenter. He is the founder and CEO of Compliance Training
Partners, a company dedicated to helping dental practices stay compliant and navigate
investigations related to OSHA and HIPAA violations. Before we bring in our guest,
I do want to say that if you're enjoying these episodes and want to support the show, please follow
us on Apple Podcasts or Spotify. You'll be the first to know about our new releases and our entire
production team will really appreciate it. Dr. Carpenter, thanks for joining the show. Bill, it's
great to be back. Thank you for having me. So we're going to be talking about HIPAA now, and we've
talked about that in the past on previous episodes. This has a little unique twist to it, but
essentially it has to do with a patient. who ran into some disagreement with the actual practice
owner, and then it kind of accelerated and eventually blew up and resulted in a HIPAA inspection.
So tell us about that. One of the big differences between, say, a HIPAA inspection versus an OSHA
inspection is the fact that a HIPAA inspection, which is an inspection conducted by the Department
of Health and Human Services Office of Civil Rights, it's typically precipitated by a patient.
And the patient can use it, weaponize it, if you will, to make your life very difficult.
So who actually enforces HIPAA violations, number one? And number two, how arduous is it for,
in this case, a patient to report an office allegedly violating HIPAA?
HIPAA is actually, of course, the name of the regulation, the HIPAA Health Insurance Portability
and Accountability Act. And the agency that regulates it would be the Department of Health and
human services now under health and human services is office of civil rights and they're tasked
with enforcing hipaa regulations and in this case unfortunately for the doctor for the owner it's
pretty easy to go online and find out how to lodge such a complaint as a matter of fact and i'll
talk about it a little later they also lodge the complaint with the state dental board with the
state department of public health with the insurance company, the dental insurance company, but the
one that was most ugly was HIPAA. And it all started with a patient who was difficult to work with
in the first place. It was a large case. They were explained to very carefully what their charges
would be, what insurance would cover. And of course, when it got to the end, they didn't want to
pay their bill. So the main reason why somebody would complain to the HHS...
be for privacy issues, right? Violation of privacy issues with medical information.
Isn't that the gist of what HIPAA is about? You're correct. That's what it's all about, is
protecting the privacy and security of your protected health information. Right. So they could have
all the spats in the world between the patient and the dentist about who owes what and what was
supposed to be done and so forth. But if there's not a privacy, a legitimate privacy, issue,
then obviously they could weaponize it and use it any way they want. But how will that be a
sustainable complaint where it would have any legs if there was, in reality,
no real privacy violation? We'll be right back with our guest. But first, for many years now,
we've recognized that buffering local anesthetics can reduce injection pain, speed up onset,
and decrease the overall volume of anesthesia needed. However, the process of buffering has always
been complex, time-consuming, and expensive, until now. Introducing BufferPro,
a single-use, sterile, self-contained capsule that delivers 0.1 mLs of sodium bicarbonate into a
dental anesthetic cartridge, raising the solution's pH to near physiologic levels. No measuring,
no mixing, and no hassle. Join the growing number of dentists introducing BufferPro into their
practices. To learn more, visit septodontusa.com. Well, here's the problem.
In this case, I have no doubt from talking to the practice owners, I have no doubt that they seem
to be quality people, that the patient was not, that he, in this case,
did weaponize it. But here's the problem. Let me decide. I happen to have this inspection in front
of me. And here are some of the things the Department of Health and Human Services, Office of Civil
Rights, requested. Imagine your department, you're the Office of Civil Rights.
You get this complaint. You don't know if this is real or not. So what do you do? And I see this
all the time. First of all, they say, we want your written response to the allegation.
That makes sense. OK, we help guide them on how to write that. We want a copy of your HIPAA
policies. for privacy for security we want copies of your training records your annual training
records for hipaa for all staff members we want a copy of the actual training documents the things
that you covered who provided the training so you can see even if this office it had done
everything right in terms of the clinical the quality of the work how they treated the patient how
they build the patient They were not dishonest in any way. All of a sudden, you're vulnerable.
And in this case, it was a good office, but they didn't have these things. As it says here,
they wanted documentary evidence or assurance that your workforce members were provided training on
your policies regarding disclosure of protected health information, safeguarding protected health
information, social media, et cetera. And they specifically said, we would like copies of training.
sheets, training completion certificates, et cetera. Now, again, a quality office had done things
the right way in terms of how they treated the patient, but they didn't have these things and they
were in trouble. And how often do you need to do the HIPAA training for your staff? Well, unlike
OSHA, where they specifically state you must do it once a year, and of course, for all new
employees as part of onboarding, with HIPAA, it needs to be done for all employees.
It needs to be done as part of the onboarding. but after that if there any material changes could
you move it to a year and a half you could but what we find and what we advise our clients having
been through numerous hip inspections across the country do it once a year it doesn't take that
long you're talking about two hours out of everybody's life a year and when you have records of
training year after year showing that you're having annual training for all of your personnel that
makes an inspection go really well not only that Things change. Employees change.
I would say as a rule of thumb, do it at once a year like you do OSHA. In fact, do it about at the
same time. We would always set our calendar for January and do both. So what was the patient trying
to accomplish by reporting this office to the Health and Human Services Department? Was there an
argument about what this person owed the office or what services were promised and weren't
completed or were they dissatisfied with the shade of their veneer? You know, what precipitated?
this complaint. Because if it was solely for retribution or a vengeful act,
it's just incredibly unfair to use HHS for this purpose. You know, it is so unfair.
It's so upsetting because this isn't what any of us went to dental school expecting, right?
We just did not expect that. That being said, we're very vulnerable. in this case this patient
weaponized because they didn't want to pay their bill well you said insurance would cover
everything well they they have communication between them in the forms of form of email they had
treatment plan presentations that the patient signed but at the end of it phil it was all about the
fact that they didn't want to pay that much maybe they overextended themselves they thought they
would weaponize this and be able to walk away from this bill it was really all about money here.
So the game plan was to report HIPAA violations by this practice to HHS.
And then hopefully in order for this to go away, the doctor would say,
listen, you go your way. We'll go our way. You don't know us anything. We're going to forego the
balances that you owe this practice. And we just don't want to have any more trouble. Was that,
do you think that was the main objective of that complaint? Well, you know, the patient wasn't
subtle. They basically said, look, I've done all the research on Office of Civil Rights and HIPAA,
and I believe you have numerous HIPAA violations here. If you don't eliminate this copayment,
I'm going to report you to them. Simple as that. And how would they know that in reality that the
office was in violation as a patient? How would they know that if there was no privacy violation of
that patient? You know, I will tell you that they had a couple of things.
One, they had email communication between the patient and the office, and it wasn't on a secure
email system. There was some protected health information discussed. So there was one area that
this patient thought that they might have them. Another thing is that they had given a bad review
on social media. about this practice and the practice responded and they discussed things they
probably should not have. For example, if you simply say, when we did your crown,
you said, oh, right away, you've told the world that you've done a crown on that person.
It's very important, very important when it comes to social media. And I have a little sheet that
we use here. I'll mention in a minute, but it's really important that you not talk about anything
that would talk about the treatment that that patient has had. So the patient identified themselves
in the initial social media post. So everybody knew who that was.
So when the patient identifies themselves and then the doctor responds to it, you know, the doctor
is not saying who the patient is. The patient identified themselves. The doctor is just responding.
That's still a violation of privacy? It really is because it could be inferred that you see this
post. You can see the email of that person. I mean, no doubt,
Phil, this could be debatable, but as we always say, keep it simple.
Basically, every response to social media, to a social media complaint, it really needs to be taken
offline. It really needs to not be done on social media. And I really think it's important that we
remain professional, that we not talk anything about the treatment.
And to me, it's simply a statement like, please contact our office.
We'll be glad to see if we can resolve this complaint for you. It never makes any treatment.
So you can see this person had schooled themselves, probably even read the results of some other
HIPAA inspections, which are public domain information, and thought that he...
had them and in fact he did right he was making their life miserable in other words the patient
could bait the practice into saying things on social media and posting them and then it's self
-incriminating by what they do but it's still important to respond to the post to preserve the
reputation of the practice but the way to do that is the way you said it is to say we're very sorry
to hear that you're dissatisfied with that treat the treatment we did come into the office so we
can resolve it so at least they're responding to it but they're doing it in a way that's Exactly.
Very benign and non-incriminating. So following the submission of the complaint by the patient to
HHS, the doctor's office received a letter. Tell us about that. The doctor received this letter
with a complaint number on it, a reference number, said the following was alleged,
and again, requested all this information that unfortunately the practice didn't have. They didn't
have written policies for privacy, written policies for security.
records of training for all employees. They didn't have these things. So the problem is,
is they were not in compliance, even though they were doing the right thing in terms of how they
treated the patient. It's, you know what, Phil, it's like our dental record.
We know we did a great job, but we didn't write down what type of material and what type of
anesthetic we used. If it's not written down, if we don't have these policies, technically we're in
violation. Right. Yeah. If you don't document your autoclave activity, it's like you didn't
sterilize it. Exactly. Exactly. And you know something, this is something I've seen happen more and
more. So I'm always asking my colleagues, look, even if you don't think you have time,
even if you think this is overreach of government, it's not going to take you that much time. to go
through our audit checklist, see where you're in compliance, where you're not. Do these things.
Protect yourself. Don't be seen as vulnerable. I will tell you, I've been involved in a number of
complaints like this where almost the very same things were asked for. Imagine it's a practice
that's done training, that has a HIPAA compliance manual with written policies, and you send all of
these things that Office of Civil Rights requests, it goes away. For the most part,
The Department of Civil Rights under HHS is looking to see if the doctor's office is compliant with
HIPAA. They're not interested in probably most cases to get into the details of the back and forth,
he said, she said stuff. You know, maybe I'm wrong, Dr. Carpenter, but it seems to me the
Department of Health and Human Services has a lot of bigger fish to fry than adjudicate he said,
she said stuff in a dental practice in a small office. You're right. while they do want to know the
details of the particular complaint it's always prefaced by let's see your written policies let's
see your training let's make sure that you you've even covered the basics before we really get into
the weeds on this particular complaint and at that point film imagine how much better this could
have gone if they had all of these written policies to send them and addressing the specific
complaint they did have copies of the proposed treatment plan that the patient signed off on,
the proposed amount that they would owe, the proposed amount that insurance would owe, even a claim
that we cannot be responsible for amounts that the insurance company may not pay.
So on that end, they were covered, but they didn't have those basic HIPAA compliance items.
That's what got them into trouble. Yeah, and it got them into trouble because, number one, they're
dealing with the organization that oversees HIPAA compliance, like you mentioned,
and the credibility of that office goes down dramatically when you're contesting the complaints of
the patient, but then you don't have any of the HIPAA compliance documentation that they're asking
for. You've lost your credibility to some extent. So in the past, when you've seen this happen,
and you've been running compliance training partners for decades now, a very successful company,
hats off to you, Dr. Carpenter, for helping so many doctors over the years, not only in teaching,
but in working with them as a consultant to get them out of these kinds of issues. What have you
seen as far as success rate when someone is prepared? So the patient weaponizes HIPAA.
HIPAA investigates. They find that the doctor has all this documentation and they send it to him, I
guess, digitally, right? They'd probably want to send it to him digitally. Exactly. What do you see
as a success rate when that doctor is compliant? We'll be right back to our guests.
But first, a big shout out to GC America. A leader in dental materials, GC is all about minimally
invasive dentistry, preserving natural tooth structure and helping to keep it healthy long after
the restoration is placed. That's where glass onomer technology shines, and GC's new glass hybrid,
Equia Forte HT, fits right in. It chemically fuses with the tooth for strong,
long-lasting, aesthetic results. It's fast, packable, moisture tolerant, and requires no bonding
or conditioning. Plus, it delivers continuous fluoride protection.
See, here's the good news.
Very high success rate. I can't prove this, Phil, but having been involved with so many of these
across the country over the years, here's what I think. I think when Office of Civil Rights people
get these complaints, they must roll their eyes and say, oh, geez, another person doesn't want to
pay their bill. And they're just making it life miserable. We got more important things to worry
about than this, like, say, major medical centers where they just hacked in and stole 10,000
patient names. This is a little dental office in, you know, Livonia, Michigan. I think they'd like
it to go away. And what I see. is when people do have this documentation, it does go away.
I, again, I don't like to scare people. And I tell you that the people from Office of Civil Rights
actually seem to be reasonable and fair, but they expect us to have these basic items,
written policies, training, having set up a secure system with an IT. Not unreasonable requests at
all when you think about it. So given the fact that this office that was reported to the Office of
Civil Rights, does not have the proper HIPAA compliance in place, what are they looking at?
How do they rectify it? And what's the ramifications here? To tell you how ugly it is,
now that HIPAA is investigating them and they're having a problem, the patient actually posted on
social media. Well, this office is now under investigation by the Office of Civil Rights.
I mean, and you can't really respond. You can't. So now the patient has the upper hand.
Where does it go from here? Certainly there will be a fine. And again,
much like on a couple of the OSHA podcasts we've done together, I don't think this will be a life
-changing fine. It's not going to cause a bankruptcy. It could be $10,000 to $30,000.
That's not going to shut you down. But the hours, and I'm talking about hundreds of hours it's
taken of doctor time, of employee time, of this gut-wrenching,
work to get into compliance, of having your reputation destroyed on social media,
this is where the real cost is. And I maintain that's far more than $10,000 to $30,000.
I mean, it seems obvious to me, Dr. Carpenter, that if a patient posts something online, making the
community aware that that particular office is under investigation by HIPAA, that's retaliatory.
And that could be damaging, obviously, to future revenue. They could lose patients.
You know, you're going beyond the pale here with this, in my opinion.
At what point should the dentist consider hiring an attorney to protect that office from this kind
of online punishment? You know, it's hard to say. I think it could, in a case like this that gets
really ugly, always good, I think, to consult with an attorney. If it's a HIPAA investigation and
you're prepared, send them the material they're asking for. It quickly goes away. I just feel that
the difficulty here would be to try to do a cease and desist when you stop and think about it,
the patient isn't really doing anything illegal. They found a vulnerability.
They found an office that's simply being asked for these written documents. They don't have it.
They found an office that they baited and they responded by discussing protected health information
on social media. So they have the upper hand. So my feeling would be,
talk to an attorney but i don't know how much good it would do here i don't really see that the
patient in this case the patient isn't really doing anything illegal certainly it's unethical so
again protect yourself don't don't let this don't let this happen to you this one would have been
an easy one to go away i think it was clear that this patient was a bit imbalanced but you know
what They didn't have any of the documents that they needed. Worse yet, much like OSHA,
they must by law post this where all employees can see it and it's open for comment.
You often teach, Dr. Carpenter, that there should be an individual that's accountable in the office
and responsible for OSHA, for instance. And of course,
CDC guidelines is... along with this. Because again, OSHA can enforce CDC guidelines.
We know that. Do you think the same person should be responsible for HIPAA and having all that in
place? Or should that be someone different? Or does it matter? What's your opinion on that?
That's a great question. I'm glad you asked that. First of all, in OSHA, of course, there I always
favor a well-organized clinical person, somebody who understands the back office, you know, where
the chemicals are, where the disinfectants are, where the restorative materials are. So that's a
trusted assistant or hygienist. For HIPAA, I would choose a different person. They'll be both your
privacy and security officer. It's required by HIPAA regs that you have both. But in a small
business like our dental practices, unless you have over 100 employees, you have one,
I call it the HIPAA officer. They cover privacy and security. And assign it to someone who is a
business office person as opposed to a clinical person, somebody who works at the front desk,
possibly the office manager. And what they can do is they can use our audit checklist.
We're glad to provide that. It's available at our website. They can download the app and actually
go through a privacy, security, and general overall HIPAA checklist and find out where they're in
compliance and where they're not. And once again, this is not really that difficult. You'd be
surprised. It just means you need to get started. And I get started now to protect your business.
So I've talked to a lot of dentists on the show over the past eight years. It seems to me there's
quite a few dentists that previously ran larger practices that are looking to slim down.
They're, for whatever reason, they're changing their lifestyle and they don't want the aggravation
of a very large practice. And they want to do more precise dentistry the way they want to do it.
And it gives them more control. And part of that is reducing overhead via reducing HR.
And now having this requirement of having a HIPAA officer obviously conflicts with each other.
So for those practices, Dr. Carpenter, can you recommend a workaround where they don't need to hire
a specific HIPAA officer or overload their existing employees and they don't have that many with
that responsibility? That is one of the reasons why we have come out with our Comply product.
It's C-O-M-P-L-I. It's actually a compliance dashboard that also has electronic OSHA,
HIP, and infection control manuals. Now, still, you do need to fill in the blanks.
Somebody needs to fill in the blanks. What would I do, Phil, if I were that office and I were that
tight on employees? um this would be a perfect thing to maybe maybe a a child who you'd like to
employ to do this maybe um a spouse i will tell you that it wouldn't take that much time to Do the
checklist, fill in the blanks on something like this comply platform, and stay in compliance. We'll
be right back with our guest. But first, if you're on the lookout for a versatile material that
serves as both a protective liner for composites and is ideal for direct and indirect pulp capping,
let me introduce you to Theraquel LC from Bisco. Its unique hydrophilic resin-modified calcium
silicate formulation provides a strong, stable liner that reduces post-op sensitivity.
It's radiopaque and incredibly easy to apply. Once light-cured, Theracal LC is ready for use with
any bonding technique. What's even better, Theracal LC is non-soluble,
meaning it won't wash out over time. Plus, it promotes calcium release, which supports secondary
dentin bridge formation, and that's perfect for those tricky pulp exposures. When you're working
deep in a tooth prep, you want reliable protection for the dental pulpal complex. You want Theracal
LC, a top choice among independent evaluators and thousands of dental clinicians.
For more information on Bisco's full line of pulp protection products, head on over to Bisco.com.
One of the problems with pure AI for compliance is if you have an inspection,
if you get questioned, they don't want to talk to an outside consultant. They want to talk to
somebody in that business. Who's your compliance officer? Who's in charge of this? But I believe it
can be done quite efficiently today with some of the tools that we have. When you say child, you
mean someone over 18 years old, though. Exactly. You don't want some nine-year-old. doing this no
yeah no somebody an adult child somebody who's at least high school age just said hey how would you
how would you like a part-time job how would you like to become my hip compliance software i've
got all the tools here you don't have to be an expert it will show you the only thing you will have
to do is you'll have to work with our i.t because on the security end you're going to have to
query them about the firewalls that they've set up the patches that they put on the software but
again This stuff, they make it as if it's complicated. It's really not.
It just requires like anything else. Organization, having a plan, following it. Once you're in
compliance, it's not that hard to maintain it. You've been a consultant, Dr. Carpenter, for many
years for dental offices in the areas of OSHA, infection control, and HIPAA. Out of these three
areas, which one is of most interest to the dentist as far as getting your help? You know, I will
tell you that it's still OSHA. But the difference is OSHA and infection control almost pair those
together. It used to be that it was in our business, queries that came in about getting
information, probably 80-20 OSHA compared to HIPAA.
Now it's probably more like about 60-40. People realize they can't ignore HIPAA for a couple of
reasons. One, it's required to do this. The other thing is good HIPAA training leads to a decreased
chance of having a phishing attack, being hacked, being ransomed.
And we've all read how this has destroyed businesses. So HIPAA training protects your business.
People don't downplay it like they used to. They know how important it is. So as we get to the
bottom of this podcast, I do want to ask you this question. Assuming the dental office is compliant
with all the documentation, so if a HIPAA inspector came into the office, they would find nothing
wrong with the way the office is set up as far as the documentation that's required,
the training that's required for the staff, everything's up to par. So outside of that, what are
the most common types of situations that could occur in a dental practice between the practice and
the patient that would trigger a HIPAA violation? I'll be glad to. And I'm glad you asked that
question because like anything else, it seems that there's a real dominance of certain areas to
cause the most problems. And I will tell you that number one, absolutely, absolutely is not giving
up patient records. In all the inspections we've been involved with, number one is not giving up
patient records. Number two is when the patient has a dispute about the bill.
For those two reasons, they contact Health and Human Services. Now, this leads me to say,
if I were a young practitioner or somebody who said, you know, I've just been so busy, I haven't
done this, I heard this podcast, I need to do it, what would be the first thing I would do?
Training. But training will teach people in your office not to make those mistakes.
For example, if somebody wants their records, give them to them right away.
If you have a $25 record fee to copy the record and they don't pay it,
and a week goes by and you haven't received the $25, send them the records. I'm going to say that
75% of the hip inspections I've been involved with, the genesis is not giving up patient records.
What about the technology considerations that a dentist has to be aware of? For instance, a patient
wants an x-ray sent to them. Could a dentist just attach? an x-ray to their gmail and send it off
to the patient they can but they need to say to the patient if a patient says i'd like you to email
me email me my records we're glad to do that mrs jones but you don't have uh if you don't have
access to a secure encrypted email service you have to understand that there there is a risk are
you willing to accept that as long as you note in the record mrs jones requested that x-rays and
protected health information be emailed to her you can do that phil you can do it i'd much rather
have somebody i i really encourage you to get an encrypted email system send everyone um an
encrypted email when you're sending out records and always document that you've informed the
patient that there is a risk here. I assume the best way to do it is how they do it in the medical
side with a health portal. The patient gets a login and they could communicate with the doctor
through the portal and that's all encrypted and they can also pass lab tests through there and lab
results and x-rays. I assume that exists on the dental side as well.
Yes. And there are some encrypted email systems out there. I would talk to your IT that make it
easy for the person on the other end to receive it. In other words, there are systems that are so
difficult. We've all received those encrypted emails that we couldn't even open, right? You just
give up in frustration. But there are some great ones out there that you can actually send an
encrypted email to a patient. very easily, easy for them to open it on their end. Now, can we
control who's looking at the computer on their end? No, we can't control that, but we can make sure
that it's secure and encrypted in that pipeline between us and their computer.
The lesson learned here with the case that we were focusing on today in this episode with this
patient weaponizing HIPAA against the practice is that every practice needs to be,
as you say, up to speed, up to par, compliant with HIPAA. Through and through.
And then they don't have anything to worry about because if they legitimately documented everything
regarding the controversy that was going on between the patient and the practice regarding the
services rendered and the cost and the co-pays and all that stuff, if that's all documented and
they're up to speed on all their HIPAA compliance, the weaponizing of HIPAA and essentially
blackmailing the dentist will be ultimately unsuccessful. And now you can look at that patient in
the eye and say, look, you've signed this document. This is what you owe, knowing that you're not
vulnerable. Can you imagine being that doctor who says, oh no, I've got somebody who knows more
about HIPAA than I do. They're threatening me and they owe me $2,000 and they want me to write it
off. I guess you have to make that decision if it's worth it. My advice, let's get out of that
situation. because more and more patients are knowledgeable about this in fact if you google up i
even put it in my hipaa presentations my annual training if you google up health and human services
videos on hipaa compliance you will see these videos that tell patients exactly what their rights
are it's not hard to find out you know the large companies have regulatory divisions that protect
themselves against all sorts of things because they're worried about being sued. And we as dentists
are smaller operations. And, you know, we're not living in, you know, 1950 anymore.
People are more litigious today than they ever were. So, and the lawyers are part of that as well.
You're right, Phil. You're so right. And that's one of the reasons I enjoy doing these podcasts is,
you know, I practiced for many years. I think I practiced at a really good time. And so did you
when you practiced. But I really want to help. my young colleagues i want you to know you can be in
practice you don't have to work for a managed care company this is not that difficult to do just
get started maybe you spend maybe it takes a month to slowly work away but once you're there you
it's another business skill that you need to develop right you don't have to work for somebody You
didn't go to school to work for somebody. And don't let this, the things we talked about today,
scare you into doing that. You can do this. It's not difficult. Download the app,
go through the audit checklist, and I think you'll see it's very manageable. Yeah, and that app is
free on ComplianceTrainingPartners.com, correct? It is. Thank you so much,
Dr. Carpenter. Great discussion as usual. And let's hope that this office gets compliant.
This all goes away and they may pay a fine, but from now on going forward, there are positions so
that they don't have to worry about these kinds of things. Thanks so much and have a great evening.
Thank you, Phil. See you next time.
7/16/2026 - CE Credits: 0.5 CEU (Take Exam)
7/9/2026 - CE Credits: 0.5 CEU (Take Exam)
7/2/2026 - CE Credits: 0.5 CEU (Take Exam)
6/25/2026 - CE Credits: 0.5 CEU (Take Exam)
6/18/2026 - CE Credits: 0.5 CEU (Take Exam)
6/11/2026 - CE Credits: 0.5 CEU (Take Exam)
5/21/2026 - CE Credits: 0.5 CEU (Take Exam)
5/14/2026 - CE Credits: 0.5 CEU (Take Exam)
5/7/2026 - CE Credits: 0.5 CEU (Take Exam)
4/30/2026 - CE Credits: 0.5 CEU (Take Exam)
4/23/2026 - CE Credits: 0.5 CEU (Take Exam)
4/16/2026 - CE Credits: 0.5 CEU (Take Exam)
4/9/2026 - CE Credits: 0.5 CEU (Take Exam)
4/2/2026 - CE Credits: 0.5 CEU (Take Exam)
3/26/2026 - CE Credits: 0.5 CEU (Take Exam)
3/19/2026 - CE Credits: 0.5 CEU (Take Exam)
3/12/2026 - CE Credits: 0.5 CEU (Take Exam)
3/5/2026 - CE Credits: 0.5 CEU (Take Exam)
2/26/2026 - CE Credits: 0.5 CEU (Take Exam)
2/19/2026 - CE Credits: 0.5 CEU (Take Exam)
2/12/2026 - CE Credits: 0.5 CEU (Take Exam)
2/5/2026 - CE Credits: 0.5 CEU (Take Exam)
1/29/2026 - CE Credits: 0.5 CEU (Take Exam)
1/26/2026 - CE Credits: 0.5 CEU (Take Exam)
1/22/2026 - CE Credits: 0.5 CEU (Take Exam)
1/15/2026 - CE Credits: 0.25 CEU (Take Exam)
1/5/2026 - CE Credits: 0.25 CEU (Take Exam)
12/18/2025 - CE Credits: 0.25 CEU (Take Exam)
12/11/2025 - CE Credits: 0.25 CEU (Take Exam)
12/4/2025 - CE Credits: 0.5 CEU (Take Exam)
11/20/2025 - CE Credits: 0.5 CEU (Take Exam)
11/6/2025 - CE Credits: 0.5 CEU (Take Exam)
10/31/2025 - CE Credits: 0.5 CEU (Take Exam)
10/23/2025 - CE Credits: 0.5 CEU (Take Exam)
10/16/2025 - CE Credits: 0.5 CEU (Take Exam)
10/9/2025 - CE Credits: 0.25 CEU (Take Exam)
10/2/2025 - CE Credits: 0.5 CEU (Take Exam)
9/25/2025 - CE Credits: 0.5 CEU (Take Exam)
9/18/2025 - CE Credits: 0.5 CEU (Take Exam)
9/15/2025 - CE Credits: 0.25 CEU (Take Exam)
9/4/2025 - CE Credits: 0.5 CEU (Take Exam)
8/28/2025 - CE Credits: 0.25 CEU (Take Exam)
8/21/2025 - CE Credits: 0.25 CEU (Take Exam)
8/14/2025 - CE Credits: 0.25 CEU (Take Exam)
8/7/2025 - CE Credits: 0.25 CEU (Take Exam)
7/31/2025 - CE Credits: 0.25 CEU (Take Exam)
7/24/2025 - CE Credits: 0.25 CEU (Take Exam)
7/17/2025 - CE Credits: 0.25 CEU (Take Exam)
7/10/2025 - CE Credits: 0.5 CEU (Take Exam)
7/3/2025 - CE Credits: 0.25 CEU (Take Exam)
6/26/2025 - CE Credits: 0.5 CEU (Take Exam)
6/19/2025 - CE Credits: 0.5 CEU (Take Exam)
6/12/2025 - CE Credits: 0.25 CEU (Take Exam)
6/5/2025 - CE Credits: 0.25 CEU (Take Exam)
5/29/2025 - CE Credits: 0.5 CEU (Take Exam)
5/22/2025 - CE Credits: 0.5 CEU (Take Exam)
5/19/2025 - CE Credits: 0.5 CEU (Take Exam)
5/15/2025 - CE Credits: 0.25 CEU (Take Exam)
5/8/2025 - CE Credits: 0.25 CEU (Take Exam)
5/1/2025 - CE Credits: 0.25 CEU (Take Exam)
4/25/2025 - CE Credits: 0.25 CEU (Take Exam)
4/17/2025 - CE Credits: 0.25 CEU (Take Exam)
4/10/2025 - CE Credits: 0.5 CEU (Take Exam)
4/3/2025 - CE Credits: 0.25 CEU (Take Exam)
3/27/2025 - CE Credits: 0.5 CEU (Take Exam)
3/20/2025 - CE Credits: 0.5 CEU (Take Exam)
3/13/2025 - CE Credits: 0.25 CEU (Take Exam)
3/1/2025 - CE Credits: 0.25 CEU (Take Exam)
2/26/2025 - CE Credits: 0.25 CEU (Take Exam)
2/24/2025 - CE Credits: 0.5 CEU (Take Exam)
2/19/2025 - CE Credits: 0.5 CEU (Take Exam)
2/12/2025 - CE Credits: 0.25 CEU (Take Exam)
2/5/2025 - CE Credits: 0.5 CEU (Take Exam)
1/30/2025 - CE Credits: 0.5 CEU (Take Exam)
1/22/2025 - CE Credits: 0.25 CEU (Take Exam)
1/15/2025 - CE Credits: 0.5 CEU (Take Exam)
1/2/2025 - CE Credits: 0.25 CEU (Take Exam)
12/30/2024 - CE Credits: 0.5 CEU (Take Exam)
12/24/2024 - CE Credits: 0.25 CEU (Take Exam)
12/9/2024 - CE Credits: 0.25 CEU (Take Exam)
12/4/2024 - CE Credits: 0.25 CEU (Take Exam)
11/27/2024 - CE Credits: 0.25 CEU (Take Exam)
11/11/2024 - CE Credits: 0.25 CEU (Take Exam)
11/6/2024 - CE Credits: 0.25 CEU (Take Exam)
10/31/2024 - CE Credits: 0.25 CEU (Take Exam)
10/24/2024 - CE Credits: 0.25 CEU (Take Exam)
10/9/2024 - CE Credits: 0.25 CEU (Take Exam)
10/2/2024 - CE Credits: 0.5 CEU (Take Exam)
9/25/2024 - CE Credits: 0.25 CEU (Take Exam)
9/18/2024 - CE Credits: 0.25 CEU (Take Exam)
9/16/2024 - CE Credits: 0.25 CEU (Take Exam)
9/11/2024 - CE Credits: 0.25 CEU (Take Exam)
9/6/2024 - CE Credits: 0.5 CEU (Take Exam)
8/21/2024 - CE Credits: 0.5 CEU (Take Exam)
8/15/2024 - CE Credits: 0.25 CEU (Take Exam)
8/12/2024 - CE Credits: 0.25 CEU (Take Exam)
8/7/2024 - CE Credits: 0.25 CEU (Take Exam)
8/1/2024 - CE Credits: 0.25 CEU (Take Exam)
7/10/2024 - CE Credits: 0.25 CEU (Take Exam)
7/3/2024 - CE Credits: 0.25 CEU (Take Exam)
6/26/2024 - CE Credits: 0.25 CEU (Take Exam)
6/19/2024 - CE Credits: 0.25 CEU (Take Exam)
6/14/2024 - CE Credits: 0.25 CEU (Take Exam)
6/10/2024 - CE Credits: 0.25 CEU (Take Exam)
6/5/2024 - CE Credits: 0.25 CEU (Take Exam)
5/30/2024 - CE Credits: 0.5 CEU (Take Exam)
5/22/2024 - CE Credits: 0.25 CEU (Take Exam)
5/15/2024 - CE Credits: 0.25 CEU (Take Exam)
5/8/2024 - CE Credits: 0.25 CEU (Take Exam)
4/25/2024 - CE Credits: 0.25 CEU (Take Exam)
4/10/2024 - CE Credits: 0.25 CEU (Take Exam)
4/5/2024 - CE Credits: 0.25 CEU (Take Exam)
3/21/2024 - CE Credits: 0.25 CEU (Take Exam)
3/14/2024 - CE Credits: 0.25 CEU (Take Exam)
3/11/2024 - CE Credits: 0.25 CEU (Take Exam)
3/7/2024 - CE Credits: 0.25 CEU (Take Exam)
2/28/2024 - CE Credits: 0.5 CEU (Take Exam)
2/26/2024 - CE Credits: 0.25 CEU (Take Exam)
2/19/2024 - CE Credits: 0.25 CEU (Take Exam)
2/14/2024 - CE Credits: 0.25 CEU (Take Exam)
2/8/2024 - CE Credits: 0.25 CEU (Take Exam)
2/1/2024 - CE Credits: 0.25 CEU (Take Exam)
1/31/2024 - CE Credits: 0.25 CEU (Take Exam)
1/17/2024 - CE Credits: 0.25 CEU (Take Exam)
1/10/2024 - CE Credits: 0.25 CEU (Take Exam)
1/3/2024 - CE Credits: 0.25 CEU (Take Exam)
10/9/2023 - CE Credits: 0.25 CEU (Take Exam)
8/10/2023 - CE Credits: 0.25 CEU (Take Exam)
8/7/2023 - CE Credits: 0.25 CEU (Take Exam)
7/19/2023 - CE Credits: 0.25 CEU (Take Exam)
6/7/2023 - CE Credits: 0.25 CEU (Take Exam)
1/11/2023 - CE Credits: 0.25 CEU (Take Exam)
11/15/2022 - CE Credits: 0.25 CEU (Take Exam)
2/7/2022 - CE Credits: 0.5 CEU (Take Exam)




















