Skip to main content
Toggle Menu of ADA WebSites
ADA Websites
Partnerships and Commissions
Toggle Search Area
Toggle Menu
e-mail Print Share

Indiana dentist is first sued by state for violating HIPAA

March 02, 2015

By Kelly Soderlund

Kokomo, Ind. — An Indiana dentist has agreed to pay a $12,000 settlement for allegedly mishandling patient records and is the first person sued by the state for violating the Health Insurance Portability and Accountability Act.

Dr. Joseph Beck, who practiced at the Comfort Dental clinic, was sued for mishandling records containing sensitive information of more than 5,600 patients, according to a statement from the Office of the Indiana Attorney General. 

In March 2013, Dr. Beck hired a private company called Just the Connection Inc. to retrieve and dispose of his patient records, which included names, medical records, phone numbers, birth dates, Social Security numbers, insurance cards, insurance information and state ID numbers, according to the Indiana AG’s office. Less than a week later, more than 60 boxes of patient records from Dr. Beck’s clinic were found discarded in an Indianapolis dumpster, containing records from 2002-07. The attorney general’s office recovered the files and fielded inquiries from individuals who were concerned that their records might be at risk. No identity theft was identified or reported.

“In an era when online data breaches are top of mind, we may forget that hard-copy paper files, especially in a medical context, can contain highly sensitive information that is ripe for identity theft or other crimes,” Indiana Attorney General Greg Zoeller said. “This file dump was an egregious violation of patient privacy and safety.”

In December 2011, the Indiana Board of Dentistry permanently revoked Dr. Beck’s license to practice dentistry, following an investigation by the attorney general’s office that cited fraudulent billing and negligence.

The ADA Practical Guide to HIPAA Compliance has tools to help dentists comply with the law. The kit — $300 for members and $450 retail — includes sample policies and procedures; a revised sample business associate agreement; a revised sample of a notice of privacy practices; a glossary of key terms; and a CD-ROM to help tailor the content to a specific practice.

The kit also includes the ADA Practical Guide to HIPAA Training — a two level CD-ROM training program. Visit to order these products.