Jeff Suglio: A Celebration of Life

It is with great sadness that we announce the passing of a loved and respected member of the DIA community.  Jeffrey Suglio, 60, passed away suddenly on April 25, 2021, and immediately entered the presence of his Lord and Savior, Jesus Christ.

Jeff was born May 7, 1960, in Cleveland, Ohio, to Frank and Betty Lou Suglio, who preceded him in death, as did his newborn son, Scott. Jeff leaves behind his wife of almost 33 years, Michelle, and sons, Sam (Amelia) and Stephen.

Jeff was the owner of DMA Tech Solutions, which he started in 1987.  His wife, Michelle, has been his faithful business partner since 1989.  His son, Sam, joined the business in 2016 and will be carrying on Jeff’s legacy.  Jeff joined the DIA in 2014; in that time, he was constantly at our conferences and integral in our meetings and discussions. He was always available to help encourage and talk through any questions.  As time marches on, the DIA will surround Sam, Michelle, and DMA, with support, encouragement, and assistance in any way we can.

We were the lucky ones to have called Jeff a friend.  He continually met each of us with a smile that was so big and genuine it couldn’t help but be returned, and he could always be counted on for a good story or two at the end of the day.

The DIA members who attended the Cabo Conference with Jeff, just a week before his unexpected death, feel so blessed that we could spend that time with him and Michelle. It is a joyful memory we will hold onto for years to come.

 

Why Dental Specialization for MSPs is Better for Everyone

The Dental Integrators Association’s (DIA) Michelle Hambidge and member, Dan DeSteno of Nova Computers Solution, sat down to have a chat with Stuart Crawford of Ulistic’s The MSP Show.  The topic? The benefits to providing vertical based specialized expertise in Dental IT Support.  How Nova Computers is able to leverage the community that the DIA provides to increase his MSP business; and how you can too.

 

https://youtu.be/22P3YjSXKfA

 

PCIHIPAA Establishes a $10,000 Government Shutdown Fund

DIA Partner PCIHIPAA is Living by the Golden Rule

They are doing their part to spread a little good during a bad situation for so many people. According to president Jeff Broudy, “If you know someone (or someone who knows someone) please share.”

 

– Thank you PCIHIPAA!

PCI HIPAA Press Release on Gov't shutdown Pg1
PCI HIPAA Press Release on Gov't shutdown Pg2

Hackers Hit Small Town

HackedThis is an article written for Sally McKenzie’s newsletter The Dentist’s Network which can be found Here

By Patrick Jacobwith, CEO Sunset Technologies, DIA Board Member

 

 

 

If you are connected to the internet, this is a must read.

Imagine, it is Friday morning. You stop at the local coffee spot; your mind is on the day and weekend ahead. You are thinking about your patients, events for the kids, and chores at home. Your life is smooth right now, your business is thriving, and you love where you live.

What is any dentists’ worst nightmare? Losing their data? Losing their business? This story includes both possibilities.

Your phone rings and it is your office manager telling you the computer is not working. Probably no big deal, you head to the clinic. What happens next tears at your chest. Good people, taking care of others, are put into a terrible situation by a faceless cyber-criminal.

 

DIA Member Case Study

Upon arrival the doctor and staff see a ransom note on the computer asking for seven bitcoins (approximately $60,000) to get access to the data…the clinic has been hit with ransomware. This begins an distressing emotional rollercoaster.

IT Support receives the first call at 8:09am. The clinic’s system was infected with a “Zero Day” type of ransomware, which means this attack was new to the entire world. We verified the Zero Day designation with the FBI. IT Support deploys its emergency response team comprised of on-site and remote staff.

 

The Rollercoaster

Friday

Concerned but hopeful – There are patients walking into the clinic and you have no ability to check them in or see any of the details of their appointment. The team quickly pivots to paper and stress is building. IT Support validates the cyber-attack and begins the restore process.

Concern rises – IT Support arrives and brings loaner equipment and begins to look for the backup files. The doctor has been thinking about the backup. He grows concerned because there have been no updates for some time from the outside company he uses for his backup (not an IT Support solution). He remembers receiving daily emails regarding the backups.

 

Shock then stressed out! – IT Support confirms, the outside company was not backing up the practice management system, only other parts of the business. The most recent backup files for the practice management software are seven months old. IT Support begins two processes on parallel paths:

  1. Find any back doors or other methods to restore data
  2. Track down the perpetrator and try to negotiate

The doctor leaves the clinic in disbelief. Desperate thoughts enter his brain. He is unable to eat yet had to attend a friend’s birthday party and pretend nothing has happened. He has called his partner and they are thinking:

Raise money and just pay the ransom. They know this could lead to more demands and more money and still not get the data back.

They live in a small town, this has put the business in jeopardy. If word leaks out they are concerned they may still lose patients or the entire business.

Was this a HIPAA breach? If so, what do we do with that?

Try to rebuild the data manually.

Start over.

What happens on Monday morning?

 

Saturday

No sleep. Stress remains constant.

IT Support Path 1 – IT Support has had no luck finding a back door. One of the doctor-owners is at a game for their child, but mentally completely absorbed with what might happen. Waiting is horrible.

IT Support Path 2 – IT Support’s cyber team has begun to track down the cyber-actor. There are methods that have been deployed and developed as a member of Infragard (a private sector organization tied to the FBI) to track down cyber-actors.

With cyber actions, in general, there are two possibilities i) a larger organized crime entity or ii) an individual. In this situation the team caught their first break, the cyber-actor was an individual, larger organized crime entities do not typically negotiate. In these situations, the clock has started, which is usually 36 hours. Also, payment is only through bitcoin. As a result, time is critical. After fast research, an initial email is sent. The game of cat and mouse is on.

 

Sunday

Helpless, Insecure, Depressed and more…

The doctors call an all-staff meeting on a Sunday. The situation is dire. The entire team digs through the garbage, they look through all paper files to try to lessen the blow and solve Monday. The team does find one ray of sunshine: the clinic uses an online appointment reminder company and have one-week’s information! They can at least deal with Monday, yet the larger questions remain. The team goes home after several hours at the clinic. The doctors are still full of doubt and continue to wait.

IT Support Path 1 – New computers have been put in, the team is working on restoration plans, either if they receive a key, or if they need to rebuild. The team is in constant and close communication with the doctors, which at least provides some sense of relief.

IT Support Path 2 – The cyber team has been playing email cat and mouse with the cyber-actor through the night. The negotiations have been fruitful, break-throughs have occurred. Late Sunday afternoon, the decryption key was received, and the process began. IMPORTANT NOTE: the game is not done, because the cyber-actor can still disrupt the decryption. The conversations are continued while the lengthy process of decryption is performed.

 

Monday

Very early Monday morning, the data is restored. The cyber-actor realizes he has been beaten – until another day.

The total negotiated ransom:                                                                           $304.55

 

Back to the Zero Day designation: IT Support also reported all of this information to the FBI (IGuardian), which resulted in helping many organizations across the country.

Monday

Relief!

The doctors have avoided a potentially catastrophic event to their business. The rollercoaster of the weekend is behind them. One doctor commented after, “I feel like I lost one year off of my life!”

 

Summary

We roll the clock back on this story. The clinic decided to stick with a separate backup solution from the IT Support recommendation. Unfortunately, as hackers become more sophisticated, situations such as these happen more often. Let a qualified IT Support team, like those in the Dental Integrators Association, help you to minimize your risk. The DIA is an organization dedicated to educating IT professionals. We want to be sure you have cutting edge knowledge on your side, let us help you!

 

sunset-p-jacobwithPatrick Jacobwith is the CEO of Sunset Technologies a multi-state organization based in Minnesota.  Patrick is also the President of the Dental Integrators Association.  He believes in excellent service and building healthy and productive relationships.  Patrick’s core values are built on three words: Service, Humility and Love. Patrick can be reached at patrick.jacobwith@sunsetsecure.com

 

 

 

 

 

 

The Worst Advice We’ve Ever Heard About Dental Office Design

This is an article written for Sally McKenzie’s newsletter The Dentist’s Network which can be found Here

By Steve McNamara, CEO and Founder of  DTC and DIA Board Member

 

The Worst Advice We’ve Ever Heard About Dental Office Design

A prospective client of ours once had a family member run a practice management software upgrade for them. No database backup was taken prior to the upgrade, and their automated backup hadn’t been completed successfully in over two years. They ended up losing their entire database.

After spending 20 years in the dental IT industry helping dentists design new office spaces and start new practices, we’ve heard more stories like this than we care to hear. With so many people voicing opinions on how a dental office should be designed and set up, it is easy to quickly become overwhelmed and potentially follow the wrong advice. Don’t cut corners and make the same mistakes that we’ve witnessed other dentists make. Here are a few examples of bad advice and situations we’ve experienced over the years, and what to do instead:

Network

  • When inquiring about a backup for a new client, they stated to me their existing technician told them ‘You don’t need a backup, you have a RAID in your server.’
    • What to do instead: Every office should have a managed backup solution in place, whether you have RAID in your server or not. Backing up to an external hard drive is not only in violation of HIPAA compliance, its risky and often ineffective. A cloud-based backup solution will ensure that your database is properly backed up and always accessible in the event of an emergency.
  • One office was recommended to purchase their own wireless access point for patient access and connect to a local network with an unsecured wireless network.
    • What to do instead: Wireless networks should always be secured. You should have one private network for employees and a separate secured and password protected network for your patients.

Cabling

  • An office was outfitted with exposed network cables hanging from the drop ceiling, running down the wall to the computers.
    • What to do instead: Exposed cables can be hazardous, as well as not looking neat and tidy. Cables should be run through the ceiling or the walls, out of the way of employees and patients. Not only is this safer, your operatories will look much cleaner.
  • We found an unmounted network switch in an office hanging from connected patch cables.
    • What to do instead: Never let any device hang from a cable! Whether it’s a switch, router, or surge protector, letting them hang from cables puts undue stress on the cables and can cause damage. Either mount them to the wall or ensure that they are resting on a solid surface without causing tension in the cable.

Server Closets

  • One of our clients had a shared office space, and their server closet contained network equipment for the two different office networks – nothing was labeled, and the closet looked like this:
    • What to do instead: Keep devices and cables labeled, especially if you share a space. Keeping your IT equipment tidy and organized will make it much easier to troubleshoot if you have issues later. If your server closet has a mess of unlabeled cables, it will take you twice as long to determine which cable goes to the device you need to troubleshoot.
  • Not dedicating enough space for a server closet.
    • What to do instead: Don’t assume you can stick your server in a nook somewhere and everything be fine. Server closets need enough space for the server as well as other network equipment like backup devices, routers, firewalls, and all the cables that go along with them. Keeping them in a closet that you can lock will also help keep you within HIPAA compliance boundaries.

Contractors

  • At a new office build out, the contractor did not plan for a network closet. The fix was to build a cabinet in the bathroom for all network equipment. They did not vent the new closet and bathroom was 20 degrees hotter than any other place in the building due to the equipment being stored there.
  • In an office remodel, the contractor had to do new core drill for plumbing and cut through main rebar of building structure. They had to call in state engineer to tell them how to fix it, and it ended up postponing the project for 4 months.
    • What to do instead: Make sure you thoroughly review all building plans with your contractors. Ensure that the contractors you have hired are capable and highly rated. Partnering with a managed IT services provider, like one of those found through the Dental Integrators Association, in the early stages of a build out or remodel can help prevent oversights like these.

 

Steve McNamara is the CEO and founder of DTC, Inc., a managed service IT provider for dental and medical offices in the Mid-Atlantic region. He has been a member of the Dental Integrators Association for nine years and currently serves on their Board of Directors. Steve has had a passion for computers and IT since he first started working with them in 1994. He has helped countless dental offices design seamless and functional IT systems in an increasingly digital industry.

Phone: 410-877-3625 | Website: www.dtctoday.com

 

Emerging HealthCare Technology

This is an article written for Sally McKenzie’s newsletter The Dentist’s Network which can be found Here

By Wesley Robinson, President of Integrated Axis Group, LLC and DIA Member

 

If you could put part of your practice on autopilot, would you?

Every twelve to eighteen months, computers double their capabilities, and so does the information technologies that use them. Currently, there is regenerative medicine in clinical trials using consumer wireless computer-brain interfaces for $300. If we can do this today, what will it be like in twenty years, when technology is a million times better? Three-dimensional processors and memory drives along with biological, photon, and quantum computing will keep the rate of information improvement at an exponential pace.

So, without getting too technical, here are a few of my observations based on current emerging technology and solutions.

Softbank Robotics launched its first 58 cm in height NAO Robot in 2006. In 2009, a 140 cm tall humanoid ROMEO Robot project with the goal of assisting people facing a loss of autonomy. Then in 2014, the first personal emotional 120 cm in height Pepper Robot was launched. Pepper can identify the main emotions: joy, sadness, anger or surprise. He is also capable of interpreting a smile, a frown, your tone of voice, as well as the lexical field you use and non-verbal language such as the angle of your head, for example. The combination of all this information enables the robot to determine whether his human interlocutor is in a good or a bad mood. These are just a few of his capabilities.

We recently integrated Pepper a human-shaped robot in one of our Orthodontics offices. Currently, Pepper is just interacting with the patients and families as they enter the office. Both Pepper and NAO are entirely programmable and offer infinite possibilities to enrich the customers’ experience and office assistance. For example, patient education, registration, scheduling, electronic collections, patient photo and questionnaire to name a few. Plans are to also include staff training, inventory assistance, and order supplies.

It still takes time to integrate Pepper into a practice; however, as robotic technology is adopted and can be shipped pre-configured based on application, they will be easier to implement. It’s exciting to see the interaction of employees and patients of all ages with Robotics. To learn more about SoftBank Robotics, visit their website.

 

If you never had to ask a patient to fill out a registration, history or consent form, would you?

As the Hospitals, Dentists, Doctors, Labs, Pharmacies, Insurers, Researchers, and Patients continue to require improved collaboration, MediChain is solving the problem. For my entire Healthcare Information Systems career, this has been frustrating and inefficient due to proprietary solutions and government regulations.

MediChain is a Healthcare Big-Data platform that provides a safe way to store sensitive information without the need for trust. By using a combination of blockchain and off-chain storage of EMR, MediChain is creating a simple way to transfer information between entities. With this app, a patient can share data from their dentists, doctors, pharmacies including non-prescription medication and devices like smart watches, smartphones. Their complete records are accessible with anyone or any entity they see fit by granting access by exchanging their decryption key. As the records update so are yours, without having to enter or request updated information once the patient grants access.

Emergency access is in an extended version of MediChain even it the patient cannot give consent. This advancement will ultimately save lives by allowing easy access to accurate patient information.

As with any new technology, the current concerns with blockchain are HIPAA, PHI, FDA 510(k), IEC 60601-1 and ISO 12485 compliance. Health Information Exchange security is crucial in healthcare, especially as data sharing becomes more popular. It will need to take into consideration national and international regulations as data travels.

MediChain is currently in trial with a minimum viable product (MVP) at pain clinics in the UK. The trial has already attracted positive feedback from major pharmaceutical companies, medical technology solution suppliers, and an internationally recognized independent research institution.

Other businesses are working on bringing the EMR to the blockchain; however, MediChain has stood out to me based on these scalable and sustainable solution. To learn more about MediChain, visit their website or read their whitepaper.

 

Wesley Robinson Owner / President & CEO of Integrated Axis Group, LLC  a National Managed Services Provider (MSP) based in Texas. He has been in Healthcare Information Systems for more than 30 years and is a founding board member of the Dental Integrators Association.  Married to Kelly Robinson, DDS a third-generation dentist, they have three sons and a daughter-in-law. He has personally helped countless Healthcare Providers create efficient technology strategies and service solutions that fit their unique needs.

Wesley can be reached at WRobinson@IAG-USA.com

 

 

 

 

 

 

 

The Real Cost of Innovation Debt

This is an article written for Sally McKenzie’s newsletter The Dentist’s Network which can be found Here

By Clay Archer, CEO and Founder of DentalPC and DIA Member

 

A colleague of mine from Ottawa introduced me to the concept of Innovation Debt, and it struck a chord with me. His basic premise is that we all have a certain level of innovation and technical progress in our businesses/practices. Top performing practices manage their growth in a steady, consistent pace, using budgeting and planning to make investments. Others who don’t make regular, planned progress fall behind, and once they fall too far behind the cost and disruption of making up the deficit become exponentially higher. This gap is called Innovation Debt.

When I first read about this concept, it made me think of some of the first dental practices I worked in back in the 90’s. The practice would have a wonderful older dentist whose office was past its prime. It had aged wooden paneling and the old pastel GE x-ray heads, pink, baby blue and yellow. As you walked down the hall, you would see worn carpet in the operatories. It needed a good paint job inside and out. At some point, it had been a beautiful new facility, but it went downhill from there. In year five the doctor didn’t repaint, in year ten they didn’t change out the wood paneling and carpet, in year 15-20 they didn’t upgrade any equipment. Slowly but surely the practice got to a point where getting back to a nice facility became a six-figure gut and redo that would never get done. In the same building the doctors’ peer, who maintained and planned for upgrades, had an attractive, contemporary facility and a thriving practice. Innovation debt is the same thing when it comes to technology.

Now that we have a basic idea about what innovation debt is let’s talk about three things that you can do from the beginning to ensure you don’t fall behind.

  1. Setting an annual budget like clockwork. The most important thing you can do is define what the target is. To be clear, this is not about buying every shiny object you see at a trade show. This is about systematic progress that improves patient experience, clinical care and efficiency of the office. The best way to find the “Goldilocks” amount to spend is to set and drive to a budget. Each year you can evaluate where you stand, what your profit level will be and what you choose to reinvest. If you fell short or spent too much in the previous year, you adjust your goals for the next.

 

  1. Meet with your leadership team and a Dental Integrator and discuss your innovation path. Make sure you have the buy-in from the staff, and they see the value of CAD/CAM, 3D, Recall Systems, etc.   There is nothing more detrimental to your progress than buying expensive equipment that isn’t used because it isn’t properly adopted. This is an area where your Dental Integrator can help you choose the right technology that is the best fit for your office.

 

  1. Be an active member of your dental community. Go to the dental conventions, support your component and state dental association, and meet with your peers. The best way to find out what “best in class” looks like is to talk to and visit your peers. See what is working and what isn’t and form your own prescription for your practice. I can’t emphasize enough the importance of visiting other offices, talking to your supply reps and networking. I know everyone is afraid that their reps will “sell” them more than they need, but they are a wealth of knowledge, and the right one will be consultative and help you grow.

 

Remember, small regular additions are more comfortable for your team to adopt, learn and perfect. Regular expenditures are easier to budget for and afford. If things go well and you exceed budgets, slightly bigger, similar investments can be made. It’s like working out or eating right, you build on success and add layers.

Dentists often put off updating their technology until it’s too late. The longer you put off making technology changes in your practice, the more expensive those changes become. Smaller changes become harder to implement, and the need for much more substantial changes grows. Don’t wait until you are faced with a costly and time-consuming task to update your technology. Be proactive rather than reactive and make sure you avoid falling into Innovation Debt.

 

Clay Archer is the CEO and Founder of DentalPC, a dental specific IT solutions provider serving the southeastern United States since 1995. He is also a member of the Dental Integrators Association www.dentalintegrators.org. Clay can be reached at clay@dentalpc.com

 

 

 

 

 

 

 

 

Cybersecurity Training 101- Building the Human Firewall

Mike Whaley, Director of IT Security for CRC TechnologiesThis is an article written for Sally McKenzie’s newsletter The Dentist’s Network which can be found Here

By Mike Whaley, Director of IT Security for CRC Technologies and DIA Member

 

It has been estimated that it can cost the victim of a healthcare data breach (the patient) $13,500 to recover after their medical data has been stolen. A Ponemon Institute Study on Medical Identity Theft (publication date 2015) compiled these costs based on credit restoration, reimbursement to healthcare providers for fraudulent claims, and correcting inaccuracies in health care records. Due to HIPAA privacy regulations, victims of medical identity theft must be involved in the resolution of the crime. Those who have resolved their crime spent, on average, more than 200 hours working with their insurer or healthcare provider to make sure their personal medical credentials are secured and can no longer be used by an imposter, and verifying their personal health information, medical invoices, claims and electronic health records are accurate.

Dental professionals are keepers of some very sensitive, embarrassing, and potentially discriminatory data. Dental professionals are also keepers of enough information for one person to easily create a false identity – therefore it is necessary to take measures to keep patient data safe.

Most of a dental practice’s technical security controls are provided by their IT vendor, such as firewalls and antivirus. Hopefully the practice is already taking their IT vendors technical security control recommendations seriously and implementing them. Controls are also driven by the practice, such as security cameras or security policies and procedures, and access controls like door locks and server room locks. Even if a practice has their security locked down, it could easily take only one of their employees to accidently download and run a malicious program delivered by email or a website and BOOM – the practice data is ransomed, or the computers are suddenly being remotely viewed and staff keystrokes logged while login credentials are stolen.

If properly trained, staff can become the biggest guard against cybersecurity threats. They will become the human firewall. Security threats can come from many different directions like email phishing, the internet, phone calls, or an in-person visitor. Training employees on a regular basis about cybersecurity threats is called Cybersecurity Awareness Training.

Ongoing cybersecurity training helps to prevent bad outcomes from threats like phishing, which is when the bad guys trick a person into following a malicious link in an email or downloading an email attachment. A study reported by the INFOSEC Institute reports that, “…26% to 45% of the employees of the chosen companies were susceptible to phishing. With the security awareness program, that percentage decreased by 75%.”

Ransomware is a big moneymaker for the bad guys. If a practice downloads malware that ends up encrypting their patient data and demands money to unencrypt the data, this can cost a practice thousands of dollars in ransom to decrypt the data. Plus, if hit by ransomware, HIPAA requires practices to prove their data wasn’t taken by the bad guys, so it could be a double whammy with fines.

Cybersecurity Awareness Training programs aren’t expensive and there are plenty of options out there. Implementing a Cybersecurity Awareness program shouldn’t be a one-time event, it needs to be ongoing and training needs to take place quarterly at a minimum to be effective. The National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce recommends training modules, testing users, simulations, posters, and newsletters as part of the program.

Popular security awareness training vendors include KnowBe4 and PhishMe. KnowBe4 includes phishing, fake voice calls, and they can even send a USB drive to the practice to see if staff will plug it in. PhishMe is one of the more senior companies in the space and has perfected the phish and training that goes along with it. If an end user clicks on a link in a phishing email, it will send them to a training web site. One organization to consider is SANS for their cybersecurity training. They are an organization made up of cybersecurity professionals and have a good reputation for being on the forefront for training end users.

Practices should be on the lookout for cybersecurity training that is offered from their HIPAA consultants or their bank if enrolled in a PCI compliance program. They may have training modules included with their online solutions. The practice’s IT vendor might have some good options for cybersecurity awareness training programs and may already have a program they can refer to or administer.

Rather than a costly breach or a down server do to ransomware, Cybersecurity Awareness Training can help build the human firewall and keep out the bad guys. Loss of patient data can cost not only the practice time and money, but it can cost the patients time and money also. Training programs are easy to find and easy to administer. Stay safe out there!

 

Mike Whaley is the Director of IT Security for CRC (www.crctechs.com ), a managed service provider based in Seattle, Washington. Mike has more than 20 years of client and project management along with a formalized education in Network Administration.

CRC is a proud member of the Dental Integrators Association, a network of leading independent dental technology integration firms from across the country. It was formed to create and deliver a higher standard of quality and care for dental practice technology integration.

Mike can be reached at: mike@crctechs.com

 

 

 

 

 

 

 

 

HIPAA: As Easy as…PPT?

This is an article written for Sally McKenzie’s newsletter The Dentist’s Network which can be found Here

By Amy Wood, President of ACS Technologies, LLC

 

Wouldn’t it be great if HIPAA was as easy as 123 or even ABC? Well, turns out it can be as easy as People, Process and Technology – or as I like to call it, PPT. Additionally, when you have PPT in place, it benefits many other aspects of your practice as well.

As confusing as HIPAA may be, especially for smaller practices to decipher, it can be broken up into three simple things: People, Process and Technology. If you look at all aspects of HIPAA with these three things in mind, it becomes easy to decode and then implement in your practice.

 

Let’s start with People. As an employer, if you properly train your staff and then provide tools to enforce that training, your people will become one of your strongest defenses. When training your team, you have many options to choose from. There are pre-recorded videos, webinars, and consultants that offer live trainings to review the basics of HIPAA – where you and your staff can ask pertinent questions and receive personalized answers. In addition, it is imperative that you review the Process and Technology parts of your Compliance Program with your staff, meaning your HIPAA Policies and Procedures as well as the technology vulnerabilities and security. When it comes to training, the best offense is a good defense.

Next comes the Process. The Policies and Procedures that you are supposed to be training your staff on must be created. You could purchase a manual with stock templates or try to find them on the internet, but I’ve found the most comprehensive policies are a joint effort between the practice staff, the doctor, a HIPAA consultant and the IT Provider. This way, what is written on paper is actually what is being done.

For example, if your policy says you will have Business Grade Anti-Virus on all computers that is updated at least daily and documented as such (as is recommended), but you buy an anti-virus license once per year and set it to ‘auto update’, your policy really isn’t being followed.

Last, and often most confusing, is the Technology. While this part of HIPAA is only about 20% of the puzzle, it tends to be the most talked about because it’s constantly changing. Think about it – ten years ago you were just implementing computers to schedule appointments, and now you are doing appointment reminders, patient health histories, and 2D/3D images of the teeth and head. You can access it from home and send it to colleagues to collaborate. The changes over the years have been incredible.

Unfortunately, the same goes for cyber threats. As information becomes easier to create and move, the more vulnerable that information becomes and the more frequently you have to adapt to new threats.

What exactly is the best way to secure your technology?

It used to be that locking the door and buying an anti-virus program was enough to keep the bad guys out. That’s not the case anymore. Now there’s encryption, cages and cables, firewalls, patching and updates, ‘smart’ equipment and lots of backups. Unless you are fluent in Geek, this can be daunting. Many of the programs and tools that automate this are only accessible to larger businesses.

Fortunately, many IT Providers are adopting a Managed Services Provider Model, where they provide a set of these programs and tools within your price range because they can be aggregated across many clients. This type of IT Provider essentially acts as your Systems Administrator, meaning they are an outsourced IT Department for your practice.

This is a different type of engagement than most dentists are used to and is still relatively new in this space. Most dental practices are used to calling the tech guy when something is broken. Personally, I miss those days. We were the smart guys who were like knights in shining armor. Things have certainly changed in the last few years. With all the malware, ransomware and hacking that has been happening, now if something happens we are the guys who ‘let you get hacked’. It’s no longer about fixing broken things; it’s about preventing things from being broken into. 

There is baseline security that can not only thwart most attempts to get into your business, but can also have all the tools in place proactively if something does get past all your defenses. I call this the ‘Magic Bullet Theory’. If you remember the initial reports of the JFK assassination, they talked about this ‘Magic Bullet’ that had an abnormal and impossible trajectory. Using that same theory, if you think about a threat to your Protected Health Information, in a secured and managed system, that threat would have to get past multiple layers of defense that have different points where they overlap. With all of these defenses in place, the likelihood of something getting through is extremely low.

If your IT Provider isn’t doing these things, someone needs to – whether it be you, your team or another vendor. You stay up on current standards of care for patient treatment. It’s worth it to have a conversation regarding the current standards of care about your digital security.

 

Amy Wood is President of ACS Technologies, LLC. She utilizes her experience as a Data Breach Consultant and a Healthcare IT Provider to provide comprehensive education with real and relatable examples, ensuring that practices are addressing HIPAA proactively, rather than reactively, in a reasonable and appropriate manner.

Amy educates to private practices and clinics, dental associations, study clubs and disability groups as well as to vendors and Business Associate practices. She runs ACS with her husband, Scott, and lives in Santa Rosa, CA with their three daughters. 

Amy can be reached at hipaa@acsdt.com

 

 

 

 

 

 

Business Intelligence – The Next Big Thing in IT

DentalPC - Clay ArcherThis is an article written for Sally McKenzie’s newsletter The Dentist’s Network which can be found Here

 

Over the last few years we have heard a lot about the cloud and “big data”. But isn’t all that for big companies like Walmart and Amazon? The short answer is not anymore. Platforms like the cloud are allowing small business to look at their data like big companies traditionally have. Third party plugins and applications can look at your practice management data and dissect it in a more approachable way. “That’s great but how does it affect my Dental practice?” In the short term, it will change the way dental practices use their data in three major ways.

 

Dashboards/Score Cards. It’s the old proverb “what gets measured gets managed.” Business Intelligence in its simplest form comes in the shape of gadgets or apps that display simple management numbers. Whether it is number of new patients/month or Hygiene production/day, these “widgets” let you quickly see how the practice is doing in certain defined parameters. Unlike traditional reports, you don’t have to look through lists or dropdowns, the numbers are simply presented in whatever form you want. If you want to go deeper into details you can click on the widget and the underlying data will be displayed. Score cards are a wonderful tool for positive reinforcement, variable pay (bonus) and team contests. It is all about clarity of message and goal attainment. These are great for morning huddles or monthly staff meetings to review where the practice is on specific goals. Then the staff can use them on a constant basis to review progress. We have several offices who display a dashboard of widgets in the staff room so the data is always top of mind.

 

Enforcing Systems/Training. As a simple extension of the what gets measured gets managed proverb, the staff now knows what numbers are important. They can more efficiently use their time and effort towards making the appropriate changes or reinforce the things that they are doing well. We can use the information to create best practices and training around what best affects the bottom line. When goals are clearly defined it is much easier to train staff to a system. These types of process driven training programs have until now been the domain of larger corporate organizations.

 

Benchmarking. Traditionally Dentists have not shared much practice management information and have essentially practiced alone. Because most of these Business Intelligence tools have many users there is an ability to “benchmark” across the user base. Now not only can you look at the numbers inside the practice you can see how you stack up against your peers. From customer satisfaction ratings to overhead costs and margins you can see how your practice is performing against others in your region/specialty/etc. Because the data is looked at in aggregate and individual results are anonymous there is no reason to worry about competitive forces. This allows smaller individual practices to take advantage of large sample sizes like corporate dentistry does. A few possible examples would be fee optimization, revenue per procedure, frequency of procedures, procedure duration, the list goes on and on.

 

The reason that I stated that these are the main changes in the short term is that Business Intelligence is a rapidly evolving arena. It won’t take long for these technologies to evolve into different aspects of the practice. The next generation of Business Intelligence will actually “learn” and provide information based on data. Think of a recall system that tailors messages based on past interactions. Or a forecasting system that raises goals based on unscheduled treatment or Insurance benefits. The next generation will change the way you interact with patients, vendors and employees.

The bottom line is that you have a ton of very valuable information inside of your Practice Management system. These new tools help you mine it for the relevant information to more efficiently manage your practice. There are quite a few of these tools in the marketplace right now and the list is growing. Choosing the right one for your practice will depend on the features you are looking for and the integration with your specific Practice Management software.

The first step is to work with a professional IT company. The Dental Integrators Association is an organization dedicated to educating IT professionals. To be sure you have cutting edge knowledge on your side you can find a professional at the Dental Integrators Association website www.dentalintegrators.org

 

Clay Archer is the CEO and Founder of DentalPC, a dental specific IT solutions provider serving the Southeastern United States since 1995. Clay can be reached at clay@dentalpc.com