Management Security Software

Who owns the Data??? Dentist denied access to patient Data Base

Key Dental received a notification from its EMR vendor MOGO that it would not return the dental group’s EMR database as required at the termination of its end user license agreement. It violates both the EULA and several portions of HIPAA.

As Key Dental can no longer view or monitor the database to ensure the security of patient data, officials have begun to notify patients.

Source: Dental Breach Notification Sparked by EMR Vendor Refusal

This seems rather strange. Based on the information in this story MOGO is not acting in good faith and has violated a number of agreements including a HIPAA Business Associate Agreement (BAA). I imagine there must be more to the situation.

If the facts are correct it seems like MOGO is engaging in Ransomware tactics.

The dental group has filed a data breach notice per HIPAA guidelines informing patients that the dental group no longer has control of the patient PHI.