Fines

Million Dollar HIPAA Settlement
Fines, HIPAA

OCR Announces $1,000,000 Settlement With Aetna for Multiple HIPAA breaches

October 28, 2020 Comments Off on OCR Announces $1,000,000 Settlement With Aetna for Multiple HIPAA breaches

October 28, 2020 Thought we’d be able to skate through the rest of October without another HIPAA fine? Not so fast. The Office for Civil Rights (OCR) just announced another $1,000,000 settlement to add to October’s tab, settling with Aetna on not one, not two, but three separate HIPAA violations.  Aetna Life Insurance Company, as well as the affiliated covered entity (Aetna), agreed to a million-dollar payout in addition to a two year corrective action plan as a result of multiple HIPAA incidents experienced back in 2017.  The first violation occurred in April 2017, after Aetna discovered that two web services used to display plan-related documents to their members did not have the necessary login protections and were accessible through regular internet search engines. Aetna’s report noted that the incident exposed the protected health information (PHI) of over 5,000 individuals.  Violation number two came just a few months later in July, when Aetna received complaints that sensitive health information was made visible through benefit notice mailers. The 11,887 affected individuals’ medication information could be seen through the window of the envelope below the member’s name and address, clearly exposing their PHI to anyone who happened across the mailings.  Last but not least, the third violation occurred in September 2017, after a similar mailer was sent to 1,600 individuals displaying the name and logo of a research study on atrial fibrillation (irregular heartbeat) that some members were participating in. Because the logo on the envelope clearly conveyed the type of study the recipients were a part of, it was automatically an impermissible disclosure of PHI. Three HIPAA violations in one year is already enough to get you on the OCR’s bad side, but after further investigation, they found other aspects of Aetna’s HIPAA compliance program missing, including:  2017 was certainly a bad year for Aetna, and 2020 has now been a very bad year for all covered entities – practices, insurance companies and business associates alike – without a complete HIPAA compliance program in place. This latest settlement brings this year’s total to a whopping $13,186,500 – almost a million dollars over last year’s total fines, with 2 months still left on the clock in 2020.  We know you’re sick of hearing us harp on the importance of being compliant before an incident happens (seriously, we’re turning into our own mothers) but in the OCR Director, Roger Severino’s own words, “Aetna’s failure to follow the HIPAA Rules resulted in three breaches in a six-month period, leading to this million dollar settlement.” 

2020 HIPAA Fines
Fines, HIPAA

State HIPAA Fines Add to Growing 2020 Fine Totals

October 23, 2020 Comments Off on State HIPAA Fines Add to Growing 2020 Fine Totals

October 23, 2020 The Office for Civil Rights (OCR) has left practices taking hit after hit after hit when it comes to HIPAA fines this year, but two recent multi-state HIPAA fines have added just as many $$$ to this year’s enforcement totals. While the OCR certainly makes headlines, state enforcement and state-specific HIPAA regulations are just as important to adhere to as federal laws. In fact, depending on the incident and patients affected, many states require their attorney general be notified of a breach and have the option to pursue the HIPAA violation in addition to the investigation at the federal level.  Driving the point home for us, two healthcare organizations found themselves emptying their pockets for a second time in the past few weeks – agreeing to multi-million dollar settlements with multiple states for HIPAA violations already settled with the OCR. These fines are the latest in over $66 million collected by states as part of HIPAA enforcement actions.  Anthem, Inc.  The health insurance provider Anthem went one round with the HIPAA police in 2018, and suffered their first loss against the Office for Civil Rights (OCR) with a $16 million settlement relating to a breach that exposed almost 79 million patients records back in 2014. The results of round 2 have just come in, and it’s a K.O. – Anthem, Inc. has just settled with 43-states and California relating to the same HIPAA breach, with a whopping $48.2 million in total fines.  If you aren’t able to recite every HIPAA fine from memory (it’s ok, we’re probably the only ones that would win that trivia contest) the original incident resulted from a cyberattack that exposed almost 79 million individuals records. OCR investigation revealed Anthem was missing an enterprise-wide security risk analysis, various technical safeguards, and the proper response to suspected or known security incidents – resulting in the first place trophy for largest HIPAA settlement ever. Community Health System (CHS) Just last month, the OCR settled a $2.3 million fine with a business associate, Community Health System (CHS), who exposed 6.1 million patients records as a result of another 2014 cyber attack. While most of us wish we could fast forward to 2021 and escape 2020, we’re sure CHS probably feels that way more than anyone after the announcement of another $5 million added to their tab in a 28-state settlement of the same incident. These recent fines are starting to feel like deja-vu, so here’s more on the announcement to help jog your memory. Not surprisingly, in their investigation the OCR found CHS was missing a security risk analysis, had no proper security incident procedures in place, and failed to implement necessary access controls.   While the breaches themselves may be old news, the latest settlements are a fresh reminder of how healthcare practices must take notice of state HIPAA enforcement. Both state fines mentioned above, though split among all the states listed in each settlement, actually totalled more than the amount the OCR fined each organization.  Having a complete HIPAA compliance program with necessary safeguards in place will not only reduce your risk of being targeted by a hacker, as was the case in both these incidents, but will also keep your chances of federal and state-level fines to a minimum. Federal HIPAA requirements certainly put enough on your plate, but having a HIPAA partner that can provide all your state-specific HIPAA requirements for you makes complying that much easier – and helps avoid costly state audits. 

HIPAA Right of Access Investigation
Fines, HIPAA

OCR Settles Ninth HIPAA Right of Access Investigation

October 9, 2020 Comments Off on OCR Settles Ninth HIPAA Right of Access Investigation

October 9, 2020 The OCR has proven they keep their promises (unlike that former friend we all know), taking only two days to fulfill their recent pledge of continued right of access enforcement and announcing yet another HIPAA fine. For those of you counting, that’s 7 right of access fines in less than a month – so take the hint, and pay attention to what your practice should be doing when it comes to patient right of access. This time, the fine goes to NY Spine Medicine (NY Spine), a New York based neurology and pain management medical practice, who was hit with a $100,000 fine and two year corrective action plan for failing to provide records to a patient in 2019. After making multiple requests beginning in June 2019, NY Spine failed to provide diagnostic film records to a patient, only providing the records in October 2020 after OCR investigation. Important to note about this case is that NY Spine did provide some records to the patient, but not the ones she had actually requested – making this still a right of access violation.  As OCR Director Roger Severino put it, “no one should have to wait over a year to get copies of their medical records. HIPAA entitles patients to timely access to their records and we will continue our stepped up enforcement of the right of access until covered entities get the message.”  If you’re a covered entity of any kind, now would be the right time to say ’message received’. If the OCR’s words aren’t enough, take a look at the stats: If you need a refresher, read up on the five right of access fines announced in September or this Wednesday’s $160,000 right of access fine.  What should your practice be doing right now? First, don’t panic. Second, if you think you might not be up to snuff on patient right of access, we have the inside scoop on how to get compliant and update your policies and know-how (wink wink). Just sign up for an educational webinar to learn what steps you can take right away to prevent being the next enforcement victim. 

HIPAA Settlement Patient Right of Access
Fines, HIPAA

OCR Levies 8th Patient Right of Access Fine, $160,000 Settlement Reached with St. Joseph’s Hospital and Medical Center

October 7, 2020 Comments Off on OCR Levies 8th Patient Right of Access Fine, $160,000 Settlement Reached with St. Joseph’s Hospital and Medical Center

October 7, 2020 The Office for Civil Rights (OCR) has officially kept their foot on the gas heading into October, announcing their 8th HIPAA right of access fine and adding to a string of nine total HIPAA fines announced since September 15th. Five of those recent fines also centered on providing patients appropriate access to their records, an initiative the OCR pledged to enforce in 2019. The latest practice left in the OCR’s dust is St. Joseph’s Hospital and Medical Center (SJHMC), an acute care hospital with several hospital-based clinics providing a variety of health services out of Phoenix, Arizona. SJHMC was slapped with a $160,000 fine, along with a 2-year corrective action plan to settle their potential HIPAA violation.  Continuing the patient right of access violation trend, SJHMC failed to provide patient records requested by a patient’s personal representative within any sort of a reasonable timeframe, and certainly not within HIPAA-mandated and state-specific deadlines. OCR involvement began in April 2018, when a complaint was received from an SJHMC patient’s mother stating that since January of 2018 she made various requests for a copy of her son’s medical records that SJHMC had failed to fulfill. While the hospital provided partial records, they failed to produce the full records requested despite follow-ups made by the mother in March, April, and May of 2018. The records were only provided a long 22 months later, in December 2019, after the OCR got involved to investigate the complaint. The deadline to provide patient records after a request in Arizona is 30 days.   If you haven’t realized the enforcement trend yet, the OCR made it pretty clear in their statement announcing the fine. “It shouldn’t take a federal investigation to secure access to patient medical records, but too often that’s what it takes when health care providers don’t take their HIPAA obligations seriously,” OCR Director Roger Severino stated, “OCR has many rights of access investigations open across the country, and will continue to vigorously enforce this right to better empower patients.”  Not only did OCR Director Roger Severino call out practices who aren’t actively focusing on their HIPAA compliance program, he emphasized that there is more to come related to patient right of access. This fine, along with the many others announced in recent weeks, emphasizes just how important a HIPAA compliance program is and having the right policies in place to fulfill all aspects of HIPAA compliance – including meeting patient’s access requests.    

Business Associate Exposes 6 Million Records
Business Associates, Fines, HIPAA

OCR Drops Another HIPAA Fine, Business Associate Exposes 6 Million Records

September 23, 2020 Comments Off on OCR Drops Another HIPAA Fine, Business Associate Exposes 6 Million Records

September 23, 2020 The Office for Civil Rights has been dropping fines left and right in the last week, releasing their 7th (and largest) HIPAA settlement earlier today and bringing their running total to seven fines in just 8 days. The latest violation came with a hefty payout of $2.3 million as well as an extensive 2-year corrective action plan – and not to mention a whole lot of apology letters to write.  The lucky winner of the latest HIPAA settlement is CHSPSC LLC, a business associate who serves a number of hospitals and clinics owned by Community Health Systems, Inc out of Tennessee. You may be thinking, “well no biggie, I’m a covered entity not a business associate so that wouldn’t be me,” but the 6 million+ patients affected and the reasons the OCR gave for levying a fine would beg to differ. Just like any covered entity might be, this business associate was the victim of a cyberattack that even after alarms were raised went unmitigated for months. As if that wasn’t enough, the OCR investigation discovered long standing non-compliance with the HIPAA Security Rule ultimately landing the business associate at the top of the most expensive 2020 fines list. On April 10, 2014, CHSPSC’s information system was infiltrated by a threat group that went unnoticed until the company was notified by the FBI 8 days later. The hackers continued to have a field-day, accessing the sensitive data for 4 months after the initial attack. CHSPSC’s continued disregard for implementing the necessary security protections required by HIPAA even AFTER receiving federal notice was described by OCR Director, Roger Severino, as “inexcusable”. The cyberattack affected 237 different covered entities served by CHSPSC and withdrew the PHI of 6,121,158 individuals including everything from names and birthdays to emergency contact information and social security numbers.  As if over 6 million patients records being taken wasn’t bad enough, an OCR investigation into the business associate found several gaps in their compliance program including:  It doesn’t matter whether you’re a healthcare provider, business associate, or just the average joe – falling victim to a cyberattack is fair game. Because business associates require the same HIPAA safeguard requirements as covered entities, no matter who gets hacked the OCR is looking for the same requirements and can hand out the same fines for either type of health related entity.  For providers especially, entrusting your patients sensitive data to your business associates comes with added risks. In this case, 237 covered entities had to find that out the hard way. While there’s no way to be 100% in the clear from things like cyber attacks, having the proper business associate agreements in place at least takes the liability of an incident off your practice’s hands. If you had been one of those 237 entities affected here, lack of an agreement could have put your practice on the same chopping block as CHSPSC. 

$1.5 million HIPAA Fine
Cybersecurity, Fines, HIPAA

OCR Announces $1.5 Million Dollar Settlement for Systemic Non-compliance after a Hacking Incident Sparked Investigation

September 21, 2020 Comments Off on OCR Announces $1.5 Million Dollar Settlement for Systemic Non-compliance after a Hacking Incident Sparked Investigation

September 21, 2020 The OCR is certainly seeing $$$ this September. On top of the record five fines announced last week, the Office for Civil Rights (OCR) has just announced the latest settlement of a whopping $1,500,000 fine and 2-year corrective action plan for an orthopedic clinic out of Georgia. Athens Orthopedic Clinic found themselves in the HIPAA violation hot seat after a hacking incident sparked an OCR investigation beginning in 2016. The OCR found Athens Orthopedic had longstanding noncompliance with HIPAA rules, especially required technical safeguards, that led to the breach incident.   On June 26, 2016, the orthopedic clinic was notified that their database of patient records had been posted online for sale. Two days later, a hacker contacted the clinic demanding money in return for the stolen database. After investigation, Athens Orthopedic determined that the hacker was able to gain access through a vendor’s credentials on June 14, 2016, and the hacker continued to access protected health information (PHI) for a month after the initial breach. On July 29, 2016, Athens Orthopedic filed a breach report with the OCR noting all of the sensitive PHI that had been hacked: names, dates of birth, social security numbers, and other personal medical information of the 208,557 patients affected. The breach initiated a full-scale investigation into the clinic’s HIPAA program, where the OCR discovered a laundry list of key compliance elements that the practice was missing: Cyber threats are an ongoing and rising threat to the healthcare industry. When practices lack the proper safeguards to secure their patients’ PHI, they put themselves at the top of hackers ‘easy target’ list (would your practice be posted if such a list existed?). Along with the fine, OCR Director Roger Severino emphasized that “Hacking is the number one source of large healthcare data breaches. Healthcare providers that fail to follow the HIPAA Security Rule make their patients’ health data a tempting target for hackers.” So how do you ‘hack proof’ your business? Well, you probably can’t completely prevent a hack given how quickly hackers adapt to new security measures, but your practice CAN go a long way to avoid being targeted (and getting slapped with a HIPAA fine) by ensuring your HIPAA compliance program – especially your technical safeguards – is up to scratch.

5 HIPAA Settlements at Once
Fines, HIPAA

OCR Announces Historic 5 HIPAA Settlements at Once

September 15, 2020 Comments Off on OCR Announces Historic 5 HIPAA Settlements at Once

September 15, 2020 Earlier today the Office for Civil Rights (OCR) announced five HIPAA settlements (yes, you heard that right, five) breaking the record for total HIPAA settlements in one day.  Since 2019 the OCR has honed in on their HIPAA Right of Access Initiative, prioritizing patient’s ability to access their medical records in a timely manner. These five settlements bring the total to seven access related enforcement actions – so if you need any hints on what to make sure your practice is looking out for, this is it.    1. Housing Works Inc. This $38,000 fine resulted from a complaint received by the OCR last July alleging that Housing Works Inc., a New York City based non-profit organization, failed to provide the complainant with a copy of their medical records. The OCR received a second complaint a month later stating that the practice still hadn’t provided the patient with record access (strike number two) which ultimately led to a hefty fine along with a corrective action plan.   2. All Inclusive Medical Service, Inc. This Carmichael, CA based medical practice agreed to a $15,000 fine and corrective action plan after the OCR received a complaint in April 2018 that the practice had denied patient access to inspect and receive a copy of her records in January 2018. Only after the OCR’s investigation was the patient given access to her records – 32 months (almost three years) after she had initially requested.   3. Beth Israel Lahey Health Behavioral Services (BILHBS) This whopping $70,000 HIPAA settlement came from a complaint alleging that the behavioral health corporation failed to respond to a request from a personal representative seeking access to her father’s medical records in February 2019. The OCR investigation found that BILHBS failed to complete the request which meant a costly violation of HIPAA Right of Access.  4. Wise Psychiatry, PC This Psychiatry Practice based in Colorado agreed to a $10,000 settlement along with a corrective action plan after the OCR received a patient right of access complaint related to not providing a personal representative with access to their minor son’s medical records in February of 2018. The OCR provided the practice with technical assistance and closed the complaint just a few months later, but Wise Psychiatry found themselves back on the OCR’s radar in October 2018 when a second complaint from the same individual was filed noting records still had not been received. It wasn’t until May 2019 that the patient records were finally provided.  5. King MD Last but not least (actually, we take that back, this is the smallest HIPAA fine to date), Patricia King MD & Associates – a psychiatric care provider in Chesapeake, Virginia – agreed to pay a $3,500 fine along with adopting a corrective action plan to settle a potential HIPAA right of access violation. In October of 2018, the OCR received a complaint that the practice had failed to respond to an individual’s request to record access in August 2018. After the OCR provided them with technical assistance the complaint was closed. However, in February 2019, the OCR received a second complaint stating that King MD had still failed to provide the same patient with proper access and as a result, the practice was hit with a violation.   The main takeaways? Well if it isn’t already obvious, providing patients with timely access to their medical records is extremely important and is something that is commonly missed by practices. While Patient Right of Access is an enforcement priority for the OCR, that doesn’t mean it’s the only thing you have to watch out for. OCR Director Roger Severino emphasized in the announcement that, “Today’s announcement is about empowering patients and holding health care providers accountable for failing to take their HIPAA obligations seriously enough.”  If you needed any more reason to get HIPAA compliance to the top of your priority list – 5 violation settlements announced all in one day should do the trick.      

What is a HIPAA Corrective Action Plan?
Audits, Fines, HIPAA

What is a ‘Corrective Action Plan’?

September 9, 2020 Comments Off on What is a ‘Corrective Action Plan’?

September 9, 2020 HIPAA Settlements are more than just $$$ If you’re like most practices, you might just see $$$ when a HIPAA fine makes the news. And yeah – million dollar fines are no joke. But a HIPAA violation settlement is more than just a dollar sign, and often includes something called a ‘corrective action plan’.  This corrective action plan, or CAP, is basically equivalent to ‘you messed up, here’s two years of administrative paperwork to fix your issues and think about what you’ve done.’ Yeah, you read that right – two years. If you thought paying a fine and putting it behind you was the extent of the bad news, we’re here to tell you why a CAP is just as important if slapped with a HIPAA violation. ALL the Paperwork The goal of a CAP is to correct the issues that caused the HIPAA violation in the first place. However, CAP requirements aren’t just a simple ‘do this next time’ and involve quite a bit of paperwork. Over the course of the designated time frame, one to typically two years, practices are required to: Lets face it, no one likes paperwork (even hearing that word makes us cringe). Having to complete what’s required in a CAP is often far more paperwork than maintaining a regular HIPAA compliance program would be – another reason to be compliant before an incident occurs. Even More Consequences Failing to complete a corrective action plan within the designated time frame can void the initial settlement and can leave a practice open to additional fines and penalties – yikes. It may just be paperwork, but the OCR takes it seriously, and leaves practice’s having to juggle a CAP on top of their already full plate of patient care, regular operations, and reputation management after landing in the news for a HIPAA violation.  So, who doesn’t want to be stuck with a mound of paperwork and the OCR breathing down your neck? (We’re raising our hand – both hands actually.) Getting ahead of violations by completing the SRA and HIPAA program requirements before a breach, complaint or audit will save your practice the pain of a CAP and help avoid a violation in the first place. After all, if you have all the right policies, SRA, and risk management plan in place before a breach you’ve already got OCR requirements down – but with less time spent, on your own schedule, and without the OCR looking over your shoulder.

Top 4 HIPAA Violations
Fines, HIPAA

Top 4 HIPAA Violations Your Practice Should Avoid

September 4, 2020 Comments Off on Top 4 HIPAA Violations Your Practice Should Avoid

September 4, 2020 Even with everything else going on in the world today, HIPAA violations are still making headlines. While these news stories reinforce that the Office for Civil Rights (OCR) hasn’t let up on HIPAA enforcement, they also provide great examples of what not to do when it comes to your own practice. Based on these violations and recent OCR investigation data, we’ve compiled the top four types of violations investigated by the OCR:  1. Impermissible Uses & Disclosures The reigning champion of HIPAA violations over the past 5 years – impermissible uses or disclosures – covers any access, use, or sharing of protected health information (PHI) that is done in a manner not permitted under HIPAA and compromises the security or privacy of a patient’s sensitive information. Common culprits include: Having the right policies in place outlining the proper ways staff may use and disclose PHI is key to ensuring your practice doesn’t join the growing list of improper use violators.  2. Missing Physical, Technical and Administrative Safeguards HIPAA law requires practices to implement safeguards to ensure PHI is protected and secured. These safeguards include:  Failing to implement key safeguards is what gets practice’s into trouble, which is why it is essential to perform in-depth as well as ongoing Security Risk Analyses in order to properly identify which safeguards are missing  3. Improper Access Your data library shouldn’t be fair game to every employee regardless of their role. Even if just glancing at a patient’s information, any access to patient information that is not necessary to complete a specific job function is a violation of HIPAA. With remote work becoming more and more common, we can expect improper access violations to rise as employees use data in less secure environments and with less supervision than there would be in a typical practice setting. Appropriate access is featured heavily in HIPAA, and it’s important to limit and document your access roles. It’s not just internal access to PHI that can get your practice into trouble. There are specific guidelines for providing patients with medical records as well, and while this may seem straightforward 51% of providers fail to comply with HIPAA Right of Access laws. Understanding what Patient Right of Access laws entail is important to keeping your patients happy and avoiding a problem with the OCR.  4. Violations of Minimum Necessary Requirement Less is more when it comes to sensitive health information. Only the minimum information necessary should be provided when PHI is requested, accessed, or disclosed. Violations of this requirement could include providing additional information such as previous medical conditions that may not pertain to the actual purpose of the task at hand. Having proper training and documented policies in place that define what information is considered necessary is an essential piece to protecting your patient’s information and steering clear of a HIPAA violation.   A Violation is Just a Slap on the Wrist, Right? While a violation in any of these areas could be minor, a HIPAA violation fine ranges anywhere from a few hundred to a million dollars based on various factors such as:  The biggest fine so far? $16 million in a single settlement. Monetary fines aren’t the only thing you have to worry about if you find yourself facing a HIPAA violation. Jail time and extensive corrective action plans involving extra oversight and administrative work are real possibilities if a violation is found. So How Can You Best Avoid a HIPAA Violation? Many HIPAA violations can be attributed to a lack of employee education on what’s required under federal law. Violations aren’t usually intentional or malicious, which is why it’s so important to create a culture of compliance within your organization and promote good habits. Keeping up with your HIPAA compliance program and staying updated on any changes to federal regulations is the best way to keep your patients’ information secure and avoid ending up as another HIPAA headline. 

North Carolina Dental Society Partnership
Fines, HIPAA

Abyde Joins Forces With North Carolina Dental Society to Deliver HIPAA Compliance Solutions to Dental Practices

August 5, 2020 Comments Off on Abyde Joins Forces With North Carolina Dental Society to Deliver HIPAA Compliance Solutions to Dental Practices

August 5, 2020 August 5, 2020, Tampa, FL – Abyde, a user-friendly HIPAA compliance software solution for dental practices, today announced it has joined North Carolina Dental Society (NCDS) as an endorsed HIPAA compliance solution for North Carolina dentists. As HIPAA complaints and breach threats continue to rise in 2020, the need for practices to understand and implement HIPAA compliance programs is now more important than ever. Abyde’s collaboration with NCDS as an endorsed solution showcases collaborative efforts to help dental practices meet this need and to provide NCDS members with essential tools to realize HIPAA compliance on an ongoing basis. Abyde’s software solution is the easiest way for any sized dental practice to implement and sustain comprehensive HIPAA compliance programs. Abyde’s revolutionary approach guides providers through mandatory HIPAA requirements such as the Security Risk Analysis, HIPAA training for doctors and staff, managing Business Associate Agreements, customized policies, and more. “Joining North Carolina Dental Society as an endorsed solution showcases the value and ease of use dental providers have found with Abyde, and our joint commitment to helping providers realize HIPAA compliance when they need it most,” said Matt DiBlasi, President of Abyde. “We are honored to be a part of North Carolina Dental Society’s select solutions and to play a role in educating and protecting their practices.” “The North Carolina Dental Society chose Abyde for its easy to use and comprehensive program for our members. We are pleased to have Abyde as an endorsed solution,” said Duncan Jennings, Managing Director of NC Services for Dentistry. “We research and endorse solutions allowing our members to focus on their patients in this changing healthcare landscape. Abyde will make identifying compliance opportunities, tracking results, and staying current simple.” About AbydeAbyde (Tampa, FL) is a technology company dedicated to revolutionizing HIPAA compliance for medical professionals. Launched in January 2017, Abyde was formed with the idea that there could exist an easier, more cost-effective way for healthcare providers to comply with government-mandated HIPAA regulations. For more information on Abyde visit abyde.com. About NCDSThe North Carolina Dental Society was founded in 1856 and remains one of the oldest dental societies in the country. Representing 3,900 member dentists across the state, our mission is to help all members succeed. The NC Dental Society is a part of the American Dental Association, the nation’s largest dental association, representing 163,000 member dentists, and the leading source of oral health information. For more information, visit https://www.ncdental.org. Read the full press release here.

Looking to finish your SRA for MIPS by the Dec 31 deadline? We're here to help you get compliant in minutes.

SCHEDULE CONSULTATION
X