I can’t believe I have to write this, but I’ve been told of this scam by several dentists as well as practice transition consultants.
The scam is this: A local doctor comes in looking to expand their patient database by purchasing your practice. Seems legit, right? They then ask for access to your computer or server to get an idea of your patient pool, or to run a report in your practice management program. This is when they install a spyware program to secretly take your patient information to directly market to them.
Seriously? As if we don’t have enough security threats to worry about, now we have to worry about your fellow dentists?
You can easily protect yourself by adhering to this simple rule: NO ONE gets access to your computers, server or network unless they are your staff or one of your HIPAA Business Associates. If a potential buyer needs reports or information, you provide it to them. This applies to consultants too. They are not staff and they are not hired to interact with, create, receive, maintain or transmit Protected Health Information on your behalf, so they don’t get access to your systems.