PennWell Dental Group

PennWell Dental Community

The ADA says I’m wrong about CareCredit

I received a reply from the ADA MSC person this morning concerning a dentist’s contract with CareCredit/GE. She (?) says that “we” (?) think that a contract with GE financial services will not make a dentist a covered entity under the Red Flags Rule. 

From: MSC Password []
Sent: Wednesday, May 05, 2010 8:50 AM
To: pruittdarrell
Subject: RE: Question 4 - Res 82


Dr. Pruitt, what you state in your email of May 1st, about application of the Red Flags Rule in connection with financing arrangements such as those offered by CareCredit/GE is exactly the opposite of what we told you in our email responding to your question on the subject.  We explained there, and we explain again, the ADA’s view that use of such financing arrangements will not bring a dental practice within the reach of the Red Flags Rule. 


Member Service Center


I immediately responded: “Why didn’t anyone correct me a year and a half ago [when the Red Flags Rule was delayed for the first time]? It’s not like I haven’t asked then ADA President Dr. John Findley as well as current President Dr. Ron Tankersley about the perceived liability of CareCredit. In fact, on July 28, 2009, I submitted a letter to the editor of the JADA concerning the issue. 


I never received a response from anyone in the ADA concerning CareCredit until MSC Person responded a few weeks ago. Was my letter to the editor even read? Who knows? I assume other members are probably treated with equal disdain by anonymous employees as a matter of ADA policy. Or maybe they just leave such decisions to staff who never reveal their names or the names of their supervisors.


Though I am grateful that someone finally officially responded, it occurred to me that for an anonymous person whose salary is paid with my dues, MSC Person sounded just a little too put out with my alleged misunderstanding. But maybe it’s just me. After all, I often get that from anonymous employees - even when I’m not wrong… especially when I’m not wrong. As a matter of fact, a couple of weeks ago, a message was relayed to me that at least one unnamed TDA official is “fed up” with me. So why do these mysterious, aggravated people never offer their names?


I suppose the answer will just have to do for now. However, I’m not the only person who is allegedly misinformed. Believe it or not, I know of a few people who are actually in the security and financial industry who would disagree with MSC Person and “others’” interpretation of FTC law.


Her news simply sounds too good to be true. To be fair to dentists who are suddenly considering signing a contract with GE in order to offer patients payment plans while avoiding the Red Flags Rule, I must point out a few inconsistencies that pop up alongside the ADA’s official answer. Here’s the fat one: Why hasn’t this selling point been jumped on by both CareCredit/GE and the ADA to persuade more members to sign up?


How likely is it that nobody at the American Dental Association Business Enterprise Inc. (ADABEI) or GE thought of the sales angle? That question brings up even more inconsistency with the ADA’s tardy, but official answer.


On July 9, 2009, ADABEI officials used ADA members’ funds to purchase an ad on titled “Press Release: CareCredit Adds 24-Month, No-Interst [sic] Payment Plan” (no byline).


Even though I approve of the benevolence in extending credit to those with worsening dental problems – especially during these hard financial times – the anonymous CareCredit/ADA representative who posted the ad (with sloppy spelling in the title for crying out loud), failed to respond to my question: “If the Red Flags Rule is not delayed for the 3rd time in three weeks, how will it affect those who offer Care Credit?”


Until the Rule was delayed the 3rd time, I followed up my time-sensitive question with four additional messages to CareCredit, ADABEI and an anonymous editor whom I finally named “Nancy.” Even though she allowed three anonymous CareCredit-friendly comments to be posted, my signed questions were censored.


Enter Ms.Cindy Hearn, Vice-President of Marketing for CareCredit/GE


Only later, I discovered that a CareCredit/GE vice president had in fact been reading my censored comments about CareCredit. Even though I clearly pointed out that I did not wish to be called at work, she gave it a try anyway.


I cannot help but suspect that Hearn called my office instead of responding online because like ADA Presidents and others, she preferred to keep bad news about CareCredit private. Before she was convinced that I will neither accept nor return phone calls about the issue, she told my office manager two important pieces of information: CareCredit is owned by GE - which had never been disclosed in ADA literature - and that she knows the answer to my questions.


I was elated by the tangible evidence of progress at last (This was 10 months ago, mind you). Even then, whether the answer was yes or no, Hearn’s information could have been useful to ADA members who were considering signing CareCredit contracts. I felt it was far too important for me to attempt to tell others second hand. Hearn’s is the kind of announcement that begged for online transparency years ago.


I left it up to CareCredit/GE VP to share her answers with everyone. Widespread marketplace communication has never been easier, and Cindy Hearn has no excuse to withhold important information from ADA members. So why did she do it?


“We” move on.


Since we were corresponding, I also sent MSC Person another follow-up email this morning: “Thank you for the response, MSC. Is there a chance that my 4th question will be answered before tomorrow?” That’s the one that asks for an explanation of how the ADA intends to determine and punish ADA members for failure to avoid “conflicts of interest” according to the proposed Resolution 82: “ADA Member Code of Conduct.” I was hoping to coordinate information about Rule 10 with the presentation of the 127 pages of complaints that have been filed against me by anonymous TDA staff and/or TDA members over the last 3 years. I’ve asked Mary Kay Linn, the TDA Executive Director to provide that document before tomorrow’s opening day of the TDA annual meeting as well. So far - Nothing.


Alas, it’s now after 5 PM Chicago time, so my question is answered by default: “No.” Person probably became too busy with answering the phone.


D. Kellus Pruitt DDS

Views: 285

Reply to This

Replies to This Discussion

"On July 9, 2009, ADABEI officials used ADA members’ funds to purchase an ad on titled “Press Release: CareCredit Adds 24-Month, No-Interst [sic] Payment Plan” (no byline)."

What evidence do you have to support that statement? Those of us who run dental blogs get press releases every day and post them on our blogs with no compensation. That was a press release, one that I also posted on my blog on the same day. If you're saying that the ADA paid for that posting to Dentalblogs, please explain how you are supporting this accusation.
Lorne. I always welcome your presence because you’re a good sport and I find our conversations stimulating. Thank you for challenging me today. Otherwise it looked like another boring afternoon.

I have to say that in the 10 months since I posted that statement about the CareCredit press release on multiple venues, you are the first to fact check me on my claim that “funds” changed hands. Incredibly, “Nancy,” the editor who censored me, even let it slide. Maybe that was the reason. She never said. Nancy may in fact be a dude for all I know. (That’s got to hurt a little).

Did money change hands in the posting of a self-proclaimed “Press Release”? You got me. I have nothing to support that statement. Considering the misspelling in the title, it could be difficult to actually find that information.

Here is one thing we do know. It was a press release. One can tell that because first of all, nobody signed their name to it. Secondly, it says so in the title.

Here’s something else we both know. doesn’t post things as an altruistic act of public service - neither do I and neither do you.
Lorne, when you posted the press release that profited the ADABEI and GE, did you notice the misspelling in the title? More importantly, is it even the editor's place to proofread titles of press releases?

If I were a representative of GE or the ADA, I'd be embarrassed by the sloppiness. As anyone can see, these kinds of mistakes never disappear.
Actually, my biggest concern was that a blog was getting paid when I was not...I'd have to change my fee structure :-)

While I don't always post as an altruistic public service, as you're well-aware, sometimes there are just slow news days, so if I'm short on material, press releases will be regurgitated. Obviously, I didn't catch the typo...I discovered spell checker many years ago and put it to good use.
I completely understand, Lorne.

I noticed that you and Olivia Wann are sponsoring Webinar this evening at 5 PM PT, titled, “HIPAA and Technology: 2010 and the New Rules”

Are you planning to cover the new HHS requirement that dentists must notify HHS every time patient information is emailed to specialists, insurers, new dentists and even the patients?

I just read about it a couple of days ago. It sounds tedious.
The honest answer is I don't know. Olivia will be speaking about most of that stuff, I'm focusing on email encryption, secure data sharing sites like BrightSquid, wireless network security, and secure data areas of expertise. Olivia seems pretty current on all the latest laws, being in law school right now, but the 45 minute format limits what we can talk about.
The HHS notification law is a new rule that affects digital records. The ADA hasn't mentioned it, but maybe Olivia is on top of it.

Actually, it’s my opinion that the ADA should be encouraging dentists to contact HHS about the next digital intrusion into our practices “for the common good” before the public comment period closes. Otherwise, we'll once again be left with absurd bureaucratic ideas that are notoriously inadequate at protecting dental patients from harm… such as HIPAA.

Do you think the security provided by encryption of Protected Health Information will eliminate dental patients’ fear of identity theft? I have to confide that if a doctor loses my family’s personal information, I expect to be notified whether it is encrypted or not. But then, maybe I’m just unreasonably over-protective and expect too much from healthcare reform.
"Do you think the security provided by encryption of Protected Health Information will eliminate dental patients’ fear of identity theft?"

I think that's really a tough question to answer. As I'm sure you'd agree, the relationships that we build (and that I used to build when I was in full-time practice) with our patients is based on trust. The vast majority of dentists that I work with will do what they truly believe is in the best interest of their patients. If you believe in the value of the eDR and convey that to your patients, I think that most of them would go along with your recommendations. Obviously, as you've made clear in your posts, you're not in that camp, so your patient population may have a different response.

If your point is that encryption is not going to alleviate patients' concerns, then I would agree with that: as you've pointed out, there are numerous examples of security breaches on a regular basis. I believe the secure system that we would eventually need to meet the needs of patients and healthcare providers currently doesn't exist. Are eDR's in the best interest of patients? Another tough question...if I were asked that, my answer would be that I honestly don't know will obviously depend on how state dental societies and the ADA implement it. Personally, I'd rather see that decision left up to people who know technology and its limitations, along with dentists who practice full-time. In my experience, many of the higher-ups in dental politics wouldn't fit into either of those categories.

Now, before you pick those comments apart (as you've done in the past), I did want to correct one misconception you seem to have about me: I'm not an eDR vendor. I'm a consultant and systems integrator. I don't manufacture, designl, or support the systems that offices would use to develop an eDR. As a consultant, I find out where they are at and where they want to be, and I help them to get from A to B. As a systems integrator, my company configures computers and networks, installs software and hardware, provides training, data backup, network monitoring, and ongoing service and support. But, I don't sell any specific eDR system nor do I try to push them on my clients: like any good consultant, I listen to what they want to accomplish and help them pick and choose the parts that support those goals.
Thank you very much, Lorne. I'll let you get to your Webinar. (I'd join you except that I'm going to go golf. Sorry).

True, you're not a vendor in the sense that you sell expendables and such. But you do sell a product to dentists. Consulting isn't your hobby.
Good afternoon, Lorne.

I hope the Webinar went well. Even though I was very interested in what you and Olivia had to say, I just had to get out of the office. I can stand just so much dentistry in one day.

I re-read your latest reply a couple of times, and I’m sincerely touched. I have never before heard anyone who is excited about eDRs say “I don’t know” before yesterday. That makes me feel bad about being such a horse’s ass.

You’re a good man, Lorne. I apologize about the things I said. I was wrong about you.

Your friend,

"As I'm sure you'd agree, the relationships that we build (and that I used to build when I was in full-time practice) with our patients is based on trust. The vast majority of dentists that I work with will do what they truly believe is in the best interest of their patients."

Almost ideal answer, dude! Thank you for that revelation. I try to send that message to my colleagues at essay company, it will work. =)
Lorne, I found the following press release a while back. What I have called “de-identification,” this software company calls “Data Masking.”

I say, whatever one wants to call removing the dangerous parts of eDRs from the eDRs, that is exactly the direction information technology in dentistry should be going… in addition to cloud computing.

What do you think about the idea, Lorne? I think it would make HIPAA inspectors play dominoes during the day.

Leading Healthcare Organizations Take Practical Steps Toward HIPAA Compliance with Data Masking

Data Masking: Practical Solutions for Compliance in Healthcare

Boston, MA (MMD Newswire) May 5, 2010 - Today, Camouflage Software Inc., a leading provider of data masking technologies, announced that leading healthcare organizations are increasingly adopting best practice data masking solutions to facilitate regulatory compliance. With recent federal regulations such as HITECH (Health Information Technology for Economic and Clinical Health Act) and HIPAA (Health Insurance Portability and Accountability Act) requiring strong protection for sensitive information, Camouflage Software Inc. is providing concrete, actionable steps for data security in the healthcare industry.

Today's typical healthcare organizations maintain a variety of sensitive information required to deliver patient care including clinical, financial and outcomes data. Legislation requires "best effort" protection for this sensitive health information but is not specific as to what those best efforts actually entail. This leaves organizations in the difficult position of finding out the hard way - often through a data breach - that data masking is a necessary security layer along with encryption and access control.

Leading healthcare organizations are therefore seeking a means to better protect Personal Health Information (PHI) in non-production environments including application development, testing, training and QA as well as for outsourcing. They require a robust and scalable solution that quickly locates and classifies sensitive information to provide the actionable results needed to efficiently mask this information with minimal involvement of current staff. These organizations are choosing the Camouflage® DLM Suite as the clear winner for best practice solutions to protect health information.

"With HIPAA enforcement on the rise, and new penalties introduced through the HITECH Act, protecting electronic PHI (personal health information) in non-production environments is more important than ever before," says Kevin Duggan, CEO of Camouflage Software Inc. "Violations of patient privacy by health care organizations can have a devastating impact on patient trust. For that reason, Camouflage® can provide clients with peace of mind that their sensitive information is secure."

The Camouflage DLM Suite facilitates compliance with regulatory requirements such as HIPAA and HITECH, easily finding and protecting highly sensitive PHI by limiting access to such information. This end-to-end data masking solution is designed to protect sensitive data, enabling healthcare organizations to discover, analyze, subset and protect personal health information within their non-production environments.

About Camouflage® Software Inc.,
As pioneers in data masking,Camouflage Software Inc. continues to innovate and expand the field with focused products and services that respond to the ever-evolving needs of our clients and the market. Camouflage® offers an end-to-end Data Masking Lifecycle (DLM) Suite featuring best-of-breed data masking technologies designed to ensure that sensitive information is properly protected for use in application development, testing, off-shoring and training. Combined with our team of data masking experts and Best Practice guidance, Camouflage® offers a proven and comprehensive approach to achieving regulatory compliance with HIPAA, HITECH, PCI-DSS, GLBA and more. For additional information please visit us at

Follow Camouflage Software on Twitter at:



  • Add Videos
  • View All



© 2018   Created by Admin.   Powered by

Badges  |  Report an Issue  |  Terms of Service