Preventing the Unauthorized Use of a Dental Practice Patient List

It is important to remember that dentistry is business. As an essential component of the business side of dentistry, dentists work hard to develop a Practice patient base. Patients are the lifeblood of a successful dental practice, as patients are the source of the business’s revenue. A dental practice’s patient list are a very valuable asset to any Practice. Thus, it is imperative that dental practices take appropriate steps to prevent any unauthorized use of their Practices’ patient list. Fortunately, there are a number of steps that a dental practice owner should take to prevent employees or former employees from improperly removing or misusing the Practice’s valuable patient list. Unless a Practice owner takes appropriate steps to prevent the unauthorized use of patient information, he or she may unnecessarily lose patients.

Preventative Measures to Protect Patient Lists

To prevent a current or former employee from steering business away from a Practice, a dental practice owner should take steps to ensure the confidentiality of patient list.  Ohio law provides protection for a business owner with valuable confidential information. Ohio’s Uniform Trade Secrets Act prohibits the improper disclosure or use of a “trade secret,” which has a specific meaning under Ohio law.  A trade secret includes a listing of names, addresses, or telephone numbers, that (i) has independent economic value from not being generally known to others, and that (ii) is the subject of reasonable efforts to maintain the secrecy of the information. Thus, certain confidential business information, such as a patient list, may constitute a trade secret. As a result of being a trade secret, Ohio law prevents improper use or disclosure of this information.

There are a number of steps that a Practice should take to ensure that these protections would be deemed to apply to your Practice’s patient list. As described below, a Practice should ensure that it has a confidentiality policy in its employee handbook and contracts. Such a policy should state, among other things, that the Practice’s patient lists and other proprietary information is confidential. A dental practice should also ensure that it takes steps to protect its confidential information, such as password protecting files and locking file cabinets.

The exclusion against improperly disclosing or using trade secret information applies to information in tangible form. But, it may also apply to information that employee memorizes, such as patient identities.  The Ohio Supreme Court has ruled that patient lists are protected trade secret, and remain a trade secret even when the list is memorized.  See Al Minor & Assocs. v. Martin, 117 Ohio St. 3d 58, 881 N.E.2d 850 (2008).  Thus, an employee cannot memorize trade secret information, and then attempt to disclose or use that information for their own benefit without being authorized by the owner of the trade secret.  Despite these protections, the specific contours of what is a trade secret are not well-settled under Ohio law. For example, in Al Minor & Assocs., the Ohio Supreme Court acknowledged that employees will have memories “casually retained from the ordinary course of employment.” Thus, the Court suggested that information casually acquired in the ordinary course of employment, such as learning the names of patients through day-to-day interactions, does not constitute a trade secret. Additionally, an intermediate appellate court in Ohio has expressed skepticism over whether a list of patient names by itself will constitute a trade secret.  See Columbus Bookkeeping & Bus. Servs., Inc. v. Ohio State Bookkeeping, LLC, 10th Dist.No. 11AP-227, 2011-Ohio-6877.

Confidentiality and Non-Solicitation Provisions

Practically speaking, to limit the potential unauthorized use of a patient list, a dental practice owner should limit employee access to that patient list. Furthermore, the owner should mandate that employees with access to a patient list sign a carefully drafted confidentiality agreement relating to the information contained in the patient list.

But, if information is known to an employee, such as a patient’s name, it may not be considered a trade secret or otherwise treated as confidential. In this instance, an employee could potentially contact that patient to solicit business away from the Practice. To prevent this scenario of patient theft, a dental practice owner should limit their employee’s ability to solicit the Practice’s patients by including a non-solicitation provision in employment agreements. A carefully drafted non-solicitation provision can prohibit employees from inducing a patient to discontinue his or her relationship with the dental practice for a specified and reasonable period of time during and after their employment. The effect of these non-solicitations provisions is to prevent a current or former employee from contacting your Practice’s patients to induce them to leave the Practice. With a non-solicitation provision in place, the Practice is able to deter any solicitations and is granted a legal claim against former employees if they violate their agreed duties not to solicit the dental practice’s patient. Although, a non-solicitation provision is advisable, a dental practice owner should remember that Ohio State Dental Board policy indicates that patients should be timely informed of changes that could impact their dental care and the continuity of that care.  Thus, if applicable, the Practice itself should provide a dental patient notice that the patient’s treating dentist has left the Practice to ensure compliance with that provision.


In sum, a dental practice owner should carefully consider the steps that can be taken to prevent the unauthorized use of their Practice’s patient list. These steps must be considered to prevent the corresponding loss in patient base that may result from an employee or former employee contacting patients at the Practice to induce them to leave the Practice.