- Memory Disorders
- Multiple Sclerosis
- Neuromuscular Disorders
Frequently Asked Questions
Regarding May 13, 2013 Emailed List from Dent Neurologic Institute
Updated May 29, 2013
1. Was any financial or medical record information on the list?
No financial data or information about your medical condition is included on the list. It does contain the names of a subset of Dent patients, plus the following information:
- Street address and email address;
- Patient’s referring and/or primary care physician(s) and their specialty(ies). (Dent Physician names were not listed.);
- Whether patient is an active or inactive patient;
- Miscellaneous scheduling information, including the date of patient’s last appointment and an internal scheduling code.
2. What information is on the list that could increase my risk for identity theft or credit card fraud?
State regulations indicate that the potential for financial harm requires electronic distribution of name and address, plus other identifier information such as social security number, driver’s license identification number, or patient account number. As stated above, none of this additional identifier information is contained on the list.
3. How can I find out if my name is on the list?
For your convenience, please call us at 716-250-2000 during business hours. You may also reach us at 716-558-3534 after hours. If asked to leave a message, please be sure to include your name, questions/concerns, and phone number. We will call you back within 24 hours.
4. Is this list being given to outside vendors or other affiliates?
Absolutely not. The only reason this list was generated was for the sole purpose of mailing or emailing non-confidential updates to Dent patients and/or their providers about Dent-related programs and services. No such list has ever, or will ever, be given or sold for the purpose of third-party marketing.
5. What was the intent of the email?
The email was supposed to contain a letter, not a spreadsheet. The letter was being sent because some patients were confused about Dent’s recently announced affiliation with the Catholic Medical Partners. It clarified that Dent has affiliations with all local providers and payers, so patients have no need to worry about access to Dent providers if they are not affiliated with CMP.
6. What went wrong?
Dent stores all patient data in a modern, secure Electronic Medical Record (EMR) System. An experienced and authorized employee downloaded limited information from this system to create the list, which was used to identify patients that have email addresses and should receive the clarifying letter. The list was placed in a secure folder, accessible only to authorized personnel, along with the electronic copy of the letter to be sent. As previously explained, the letter did not contain any private health information. Emails were sent in batches of 250 with the letter attached. In two batches the email addresses of the 250 recipients were visible, and in one of these two batches the list was attached rather than the letter. This occurred at approximately 4 p.m. on Monday, May 13, 2013.
7. What actions were taken immediately?
The person that made the error immediately contacted the IT department and Dent’s privacy officer. Dent administration immediately pulled together an action team. The first and most important action was to minimize the opportunity for further distribution of the list. Within 3-4 hours, all recipients had been contacted.
8. What is the likelihood that this list will end up in the public?
After speaking with outside consultants, we believe it is unlikely. There were only 216 recipients of the email containing the list (34 of the 250 were undelivered). We trust recipients would not violate the law and intentionally redistribute this list. While we are aware that at least one patient forwarded the list to WGRZ-TV, with noble intentions, Channel 2 has confirmed they have deleted the list.
9. Is this a privacy breach requiring state or federal agency notification?
Dent notified the U.S. Department of Health and Human Services within 24 hours of the event. It does not appear that a report to the State of New York is required because the list did not include information that could result in financial harm.
10. Why did I find out about this from the media before Dent notified me?
Channel 2 was notified by a recipient of the mistaken list at virtually the same time Dent administration found out, and virtually minutes after the event. Dent’s CEO spoke openly with Channel 2. All recipients of the list were called within 3-4 hours. Dent also issued a subsequent press release, and a website and Facebook posting within 24 hours of the event.
11. What is being done to prevent this from happening again?
A full investigation is ongoing, and any new information will be acted on accordingly. It has been determined this was human error, made possible by initiating a mass email communication outside our secure patient portal. Dent is taking this opportunity to fully review related policies, procedures and training with the assistance of outside experts.
Please realize that Dent has been in the healthcare business for 50 years and has securely handled private information for millions of transactions. We have never had an event like this occur. Our privacy and security training is extensive. The Electronic Medical Record system used to store your personal data is extremely secure, and communication among your healthcare providers is coordinated within this secure environment. To prevent against an inadvertent bypass of this secure environment, additional e-mail distribution security features have been implemented, and future electronic patient communication will be conducted exclusively through our secure patient portal system.
12. Even though no financial information was disclosed, I am still worried. What can I do to protect myself?
Please be assured that no data was released that would expose you to financial harm. As a general recommendation, though, it is always wise to closely monitor your financial accounts and periodically check your credit report. Your financial institution can help you with specific concerns or further questions. While there is no evidence that your e-mail address has been compromised, it would seem prudent to take precautions to avoid receipt of any potentially unwanted e-mails or those containing malicious software by regularly updating virus checking software and SPAM filtering software on your computer systems.
13. How can I stay informed?
Informational letters are being sent to all those on the list. We will continue to post updates on our home page at www.DentInstitute.com. If you have other questions, you may submit them through our web site (http://www.dentinstitute.com/contact-us/) or call us at 716-250-2000 during business hours, or 716-558-3534 after hours.
About Dent Neurologic Institute
The DENT Institute is a private practice group focused on neurologic specialties and state-of-the-art neurodiagnostics. We provide comprehensive and compassionate patient care, with a team of professionals committed to showing our patients the same respect for human dignity and kindness that we would seek for our own families and loved ones.
For five decades, our objective has been to provide the highest quality care for individuals in the Western New York region and beyond. Staying on the forefront of neurological advances, utilizing the latest technology and maintaining valuable partnerships with other specialized clinicians ensures that when you come to DENT you’re getting the best care possible.
News & Events
Concussion Symposium Saturday, October 13, 2012 Ralph Wilson Field House - DENT Neurologic Institute will offer The First Annual Concussion Symposium to the WNY Community. A...