By Genni Burkhart
Recently, the American Dental Association (ADA), Federal Trade Commission (FTC), and local police departments across the U.S. have issued warnings regarding the latest telephone and online tracking scams targeting dental offices. As cons of this nature can be challenging to detect and identify, dental offices should stay aware and take proactive steps to prevent themselves from becoming unwitting victims.
Online Tracking Technology: Friend or Foe?
According to an alert released by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Federal Trade Commission, 130 hospital systems and telehealth providers were warned on July 20 that using online tracking technologies on their websites or mobile apps poses a security and privacy risk by disclosing sensitive patient information to third parties.
In the context of websites and mobile apps, third-party tracking technologies, such as Meta/Facebook Pixel and Google Analytics, collect and analyze information about users' interactions online. This information can then be sent directly to third-party developers.
The alert explained that tracking and collecting information about users can continue even after users leave the original website and navigate to another site, violating the Health Insurance Portability and Accountability Act (HIPAA).
The OCR published a bulletin last year highlighting the issues with online tracking related to online digital medical platforms (websites and apps) and the obligations of HIPAA-covered entities and business associates. As stated in the recent ADA News article by Stacie Crozier on July 25, "Companies not covered by HIPAA still have a responsibility to protect against the unauthorized disclosure of personal health information — even when a third party developed their website or mobile app."
Furthermore, the FTC has acted against companies, even those not covered by HIPAA, who've allowed unauthorized disclosure of personal health information, even when a third party develops their website or mobile app. The FTC has warned companies that use tracking technologies on their websites and apps to transmit health information. Under the FTC's Health Breach Notification Rule, the unauthorized disclosure of such information may violate the FTC Act.
For dental professionals, it's crucial to pay attention to issues regarding online tracking technology as many practices use third parties and apps for reaching patients and meeting their needs, including teledentistry services.
Does Your Practice Need A Phone Scam Refresh?
While telephone scams are nothing new, technology has made their deceptive tactics more sophisticated.
For example, scammers can now "mask" their phone numbers to appear legitimate.
In California, scammers are impersonating California Dental Board officials and contacting dental offices, claiming their licenses have been suspended due to "suspicious drug activity." The perpetrators then demand personal information and payment to resolve the issue immediately.
The California Dental Association (CDA) released on July 13, warning dental professionals to be aware of this latest phone scam and never give personal information over the phone or payment. Dentists should also be knowledgeable that these scammers can falsely make their phone numbers appear as dental board numbers on caller IDs, so if a call like this is received, dentists and their staff are advised to reach the board directly by phone or email, as an official investigation would always be conducted beforehand.
The same "phone spoofing" is happening in Iowa, where officials warn dental offices against a phone scam that appears to come from the Iowa Dental Board.
The perpetrators of this scam are demanding dental offices provide sensitive banking information and payment through tactics designed to alarm and scare. The Iowa Dental Board advises immediately hanging up and calling the Board office directly.
In Tennessee, dentists are the target of scammers calling claiming to be from the Drug Enforcement Administration (DEA).
In May, the state's attorney general warned medical professionals, including dentists, that scams are attempting to extort money or steal personal information from medical professionals. Again, phone spoofing is used to mask the caller ID so it appears to be from a legitimate source, such as the DEA.
The perpetrators of these scams also target dental offices for their National Provider Identifier (NPI) information, where at least one office was a victim, and their NPI was stolen and used for the large-scale purchases of drugs, including oxycodone.
Pay Up or Go to Jail
There's also been a recent rise in phone scams targeting medical professionals in Pennsylvania, according to a warning issued by the Cranberry Township police department in June of this year.
Several doctors and dentists in this region have reported being targeted by criminals impersonating Cranberry Township police investigators. The "pay now or go to jail scam" is nothing new. However, dozens of medical doctors and dentists have been targeted in the region and in Ohio, where one doctor handed over more than $1,000 after the caller falsely claimed they had a warrant for their arrest and ordered the victim to pay up or go to jail.
These scammers ask physicians to transfer money through prepaid gift cards or Greendot, which is notably untraceable. Officials have stated they wouldn't contact people over the phone and demand payment. It's advised to pay particular attention to this and the request to use third-party apps that leave no payment trace.
As technology evolves, so do the ways one can be duped and misled. With the proliferation of digital tools, protecting patients and adhering to HIPAA regulations is crucial. Intended or not, violating patient privacy can come with heavy consequences. Dental practices and staff must be aware of risks and stay updated on security measures. Training on technology safety and security should be provided for all staff regularly, with audits conducted to ensure HIPAA compliance.
The phone is still one of our most vital communication tools. And with that, criminals continue to use it to deceive unsuspecting victims into giving up private banking or, worse yet, crucial NPI information.
Thankfully, the more you know, the better you and your staff understand the latest tricks, such as "spoofing." As a result, you'll be better prepared to hang up the phone and contact the authorities directly if you encounter this kind of fraud.
If you're not yet subscribed to receive the Incisor newsletter, filled with cutting-edge dental news sent directly to your inbox twice a month, you can do so here.
Author: With over 13 years as a published journalist, editor, and writer Genni Burkhart's career has spanned politics, healthcare, law, business finance, technology, and news. She resides in Northern Colorado, where she works as the Editor in Chief of the Incisor at DOCS Education.