LITIGATION AND LEGISLATION

Teleorthodontics
Georgia Kotantoula,a Miri Haisraeli-Shalish,b and Laurance Jerroldc
Jerusalem, Israel, and Brooklyn, NY

Y
ou have just finished a long day in the office, and promoting public awareness. The attitudes of orthodon-
you and your wife are out to dinner with friends. tists and general dentists toward teledentistry have been
You forgot to log out of your Gmail account, and assessed by several authors and support the use of tele-
your cell phone, sitting on the table, suddenly beeps with dentistry in making orthodontic consultations more
new mail. You look at your phone and reflexively open accessible to dentists and patients.2,3 On the other
the mail and the attachment. Suddenly, your friend hand, referrals of orthodontic cases via teledentistry, as
sitting next to you says “Hey, that's my boss! Those discussed in several studies, are creating new ethical
are some messed up teeth.” What is your reaction and and legal dilemmas.4-6
or response? It turns out that one of your former resi- In Europe, national protocols have established clin-
dents sent you records of a new patient, this patient, ical photographic standards. Data obtained by medical
asking you for some advice. Did you breach this patient's photography are regulated by the Data Protection Act,
confidence? Did you just engage in a Health Insurance which focuses more on data storage.7 According to the
Portability and Accountability Act (HIPAA) violation? act, “Personal data shall be processed fairly and lawfully.
Did your former resident do either of these? Did he Appropriate technical and organizational measures shall
have the patient's consent to do what he did? be taken against unauthorized or unlawful processing of
These questions can manifest themselves in different personal data.”7 The use of teleorthodontics mandates
ways: most commonly through the “curbside opinion.” the need to address certain ethical issues as well as the
But it is important to understand that any transmission need to comply with the HIPPA Privacy Rule, which pro-
of patient information that relates in any way to their tects all “individually identifiable health information”
care falls under the umbrella of teleorthodontics and held or transmitted by a covered entity or its business
may bring into play legally mandated privacy consider- associate, in any form or media, whether electronic, pa-
ations. Any transmission of patient information that re- per, or oral.8
lates in any way to marketing or practice promotion or It has been suggested that the patient should be
development may run afoul of ethically mandated pri- informed of the intended use of the photographs and
vacy concerns and also may provide the groundwork the security measures in place to protect privacy. The pa-
for civil litigation against you. Also triggering privacy tient should provide his or her informed consent for each
concerns is the fact that today, many of us share patient use of a photograph, whether for diagnostic or educa-
information via various social media platforms. tional purposes or other uses. An important dilemma in to-
As stated by the American Association of Orthodon- day's technological climate would be to inform the patient
tists Principles of Ethics and Code of Professional as to who will be analyzing the images and how the im-
Conduct (adopted 1994, amended through 2009) Princi- ages will be transmitted.9 One option would be to secure
ple III, Advisory Opinion B, “Members shall maintain images with watermarking and transmit them with
confidentiality of patient records.”1 encryption or through private networks, based on the
Teleorthodontics is the use of information technol- guidelines of the American Telemedicine Association.10
ogy and telecommunications to facilitate orthodontic Related to the concept of informed consent, our sce-
consultation about the care to be rendered, the practi- nario presents a situation in which orthodontist-patient
tioner, the patient, and public education, as well as confidentiality was breached. In our scenario, the patient
a
was not aware that his medical information was acciden-
International Postgraduate Program, Department of Orthodontics, Hebrew Uni-
versity-Hadassah School of Dental Medicine, Jerusalem, Israel.
tally seen by another person; therefore, he certainly did
b
Department of Orthodontics, Hebrew University-Hadassah School of Dental, not consent to the distribution of his protected health
Medicine, Jerusalem, Israel.
c
information. Unauthorized use of patient medical infor-
Division of Orthodontics; Orthodontics and Dentofacial Orthopedics, Depart-
ment of Dental Medicine, NYU-Lutheran Medical Center, Brooklyn, NY.
mation may also occur in situations in which identifying
Am J Orthod Dentofacial Orthop 2017;151:219-21 images from a teleorthodontic case are used in scientific
0889-5406/$36.00 presentations or when unauthorized persons overhear or
Ó 2017 by the American Association of Orthodontists. All rights reserved.
http://dx.doi.org/10.1016/j.ajodo.2016.10.012
see video conferencing consultations.11

219
220 Litigation and legislation

This is a multidimensional ethical dilemma, especially patient confidentiality in our code. We, as an organi-
when we deal with the pediatric and adolescent popula- zation, need to address this issue sooner rather than
tions. Solutions include an informed written consent later.
followed by encrypting the pictures to be shared among We also need to recognize that society today has
various providers and allowing this within a limited changed and that millennial practitioners have a totally
period of time. The delivery of health care and the stor- different sense of their professional role and the values
age of medical information on devices such as mobile inherent in professional practice than do their elder
phones, personal digital assistants, and laptop com- peers.13 Although certainly every generation has pro-
puters raises concerns about the protection of a patient's moted its share of change in why and how we do what
privacy and the violability of health care information. we do, the incredible advances in technology over the
Ways to maintain security and protect the storage of last generation have way outpaced our ability to deal
patients' medical information must be addressed when with the fallout technology generates as it evolves. I
implementing teleorthodontics. To ensure that patients' believe the Internet has created a scary place in which
confidentiality and privacy are respected, information we find ourselves practicing, and this environment is
must be adequately protected whenever transmitted, fraught with danger from many fronts: one of which in-
stored, or received in a teleorthodontic consultation.12 volves our use or misuse, as the case may be, of teleor-
With this is mind, one only need to look at 45 CFR thodontics. There is potential risk exposure in the
Section 164 to see existing federal regulations criminal, civil, and, most importantly, the administrative
mandating that technical safeguards be in place arenas for an unsuspecting practitioner.
regarding the electronic transmission of a patient's pro- One of the simplest things we can do to protect our-
tected health information. Section 164.312 (a)(1) notes selves is to engage in a little “defensive dentistry” in the
that we are required to implement policies and proced- form of enhancing our informed consent process. HIPAA
ures to only allow specifically identified people access protected health information confidentiality breaches
rights to the protected health information in question. and other privacy concerns, inadvertent and otherwise,
Section (a)(2)(iv) mandates that we have a mechanism can be mitigated with enhanced informed consent doc-
in place to encrypt and decrypt electronic protected uments that memorialize the patient's consent to how
health information. Subsection (b) requires us to have protected health information will be used in the ortho-
an audit mechanism to record and examine activity of dontic environment. A simple paragraph like the one
whatever systems we use that contain our patients' pro- below, added to your informed consent form is, if
tected health information. Section (c)(1) requires that we nothing else, a good starting point.
have policies and procedures to prevent protected health Like all health care services, my doctor may have to
information from being altered or destroyed. Subsection consult with other health care professionals concern-
(d) requires that we ensure that the one seeking access to ing my treatment. The consultation may be oral or
a patient's protected health information is the person written, and may be transmitted electronically on the
actually authorized to do so. Finally, subsection (e)(1) Internet, particularly by e-mail. Any such transmission
mandates that we protect against unauthorized access will contain some of my protected health information
to a patient's protected health information when such and may be inadvertently seen or read by persons other
information is transmitted over an electronic communi- than the consulting practitioner. Permission is hereby
cations network. granted to exchange medical and dental information
Going back to your dinner, you should apologize to about me or my child over the Internet only as it relates
to diagnosing, providing, or paying for my treatment.
your friend regarding the inadvertent “leak” of another's
In addition, I give my permission to use photographs,
protected health information, enlighten him about the x-rays, models, and clinical data about me or my child
shortcomings and problems associated with this issue in scientific publications and presentations and for no
in today's society, and most importantly, call your other purpose.
former resident to apprise him of the dissemination of
his patient's protected health information, thus allowing Another simple thing we can do is to deidentify our
him to evaluate his HIPAA compliance protocol. patients as much as possible when we transmit protected
health information electronically. The following are
COMMENTARY commonly used deidentification tactics.
Our American Association of Orthodontists policy 1. Remove geographic subdivisions that are smaller
regarding teleorthodontics is woefully inadequate, than a state such as the patient's home city, street
as is evidenced by the meager attention paid to address, county, and full zip code.

January 2017  Vol 151  Issue 1 American Journal of Orthodontics and Dentofacial Orthopedics
Litigation and legislation 221

2. Remove all dates related to protected health infor- and to allow doctors to monitor the progress of a pa-
mation such as birth date and dates of treatment. tient's treatment from a remote location. Some of these
3. Remove all contact information such as phone and applications clearly cause concern; others may turn out
fax numbers, e-mail addresses, social security to be a good thing in some ways. Only time will tell.
numbers, medical records numbers, account One thing is for sure: we need to take a good hard
numbers, insurance plan numbers, and vehicle or look through the appropriate prospectascope and as a
drivers identification numbers. profession start to develop some guidelines or parame-
4. Remove IP addresses and URLs ters regarding acceptable and unacceptable uses of
5. Remove or block out certain aspects of full-face this technology. We can be part of the problem or part
photos and other comparable images (if possible of the solution.
given the particulars of the circumstance) and any
unique identifying marks or characteristics.
REFERENCES
For me, this is real simple. Just stop sending anything 1. American Association of Orthodontists. Principles of ethics and
and everything over the Internet nilly willy. I cannot ima- code of professional conduct (adopted 1994, amended through
gine that all the posts and blogs I have seen on the 2009).
Internet regarding “how would you treat this patient” 2. Stephens CD, Cook J. Attitudes of UK consultants to teledentistry
as a means of providing orthodontic advice to dental practitioners
have been authorized or expected by the patient. If it's
and their patients. J Orthod 2002;29:137-42.
for real, you first tell the patient that you want to discuss 3. Mandall NA, O'Brien KD, Brady J, Worthington HV, Harvey L. Tele-
her case with Dr Smith and that you would like permis- dentistry for screening new patient orthodontic referrals. Part 1: a
sion to send her records to him; don't send them out into randomised controlled trial. Br Dent J 2005;199:659-62.
cyber space to elicit comment from any number of un- 4. Mandall NA, Qureshi U, Harvey L. Teledentistry for screening new
patient orthodontic referrals. Part 2: GDP perception of the referral
known persons. When she says okay, and she will (if
system. Br Dent J 2005;199:727-9.
she doesn't, you should immediately start to be con- 5. Cook J, Edwards J, Mullings C, Stephens C. Dentists' opinions of an
cerned about whether this will be a problem patient), online orthodontic advice service. J Telemed Telecare 2001;7:
make sure that her records are encrypted in some 334-7.
fashion. Tell Dr Smith to expect the records; you should 6. Cook J, Mullings C, Vowles R, Ireland R, Stephens C. Online ortho-
dontic advice: a protocol for a pilot teledentistry system. J Telemed
have an understanding with everyone you do this with
Telecare 2001;7:324-33.
that patient privacy is a high concern for you and your 7. Data Protection Act 1998. Available at: http://www.legislation.
patient, and you expect full HIPAA confidentiality on gov.uk/ukpga/1998/29/schedule/1. Accessed on November 8,
his end. If he is the type who can't do that, find someone 2016.
else for your second opinion. 8. Summary of the HIPAA Privacy Rule. Available at: http://www.hhs.
gov/hipaa/for-professionals/privacy/laws-regulations/. Accessed
Think about it this way. Would you want your kid's
on November 8, 2016.
protected health information plastered all over the 9. Demiris G, Doorenbos AZ, Towle C. Ethical considerations
Internet because the doctor treating him doesn't regarding the use of technology for older adults. The case of tele-
view this as a big deal, since everyone is putting every- health. Res Gerontol Nurs 2009;2:128-36.
thing out there? It is totally conceivable that some 10. Giakoumaki A, Perakis K, Banitsas K, Giokas K, Tachakra S,
Koutsouris D. Using digital watermarking to enhance security in
nefarious people will get your kid's protected health
wireless medical image transmission. Telemed J E Health 2010;
information and then what? We are doctors, we 16:306-13.
have taken an oath to protect a patient's privacy, we 11. Fleming DA, Edison KE, Pak H. Telehealth ethics. Telemed J E
have to do what we have to do, but we can be either Health 2009;15:797-803.
smart or stupid about it. As Forrest Gump said “Stupid 12. Bovi AM, Council on Ethical and Judicial Affairs of the American
Medical Association. Ethical guidelines for use of electronic
is as stupid does.”
mail between patients and physicians. Am J Bioeth 2003;3:
Oh, one more thing. We now have companies using W-IF2.
imaging technology to facilitate patients performing 13. Waldman HB. Ready or not, millennial generation dentistry has
do-it-yourself orthodontics to greater or lesser degrees, arrived. NY State Dent J 2016;82(4):10-13.

American Journal of Orthodontics and Dentofacial Orthopedics January 2017  Vol 151  Issue 1