HITECH and the Breach Notification Rule

Back in August 2009, there were a few new HIPAA rules released by the Federal Health and Human Services department. I was asked about one in particular today, the Breach Notification Rule. Sadly, my government contact no longer forwards me any of the new rulings, so I had to go and dig up some answers on my own.

I found out that Breach Notification refers to a rule “requiring HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information.” (source) This rule applies to anyone who handles PHI, including my customers, our third-party business associates, and ourselves (PracticeWorks).

The rule states that a breach has occurred when PHI that has not been de-identified has been disclosed or used without permission in a way that would compromise the individual’s privacy. At that time a Breach Notification must take place, and letters or emails need to be sent to the affected individuals, the state, and in some cases, the media.

Compliance with this rule would mean that in the event of a breach of the PHI in our control we would conduct the proper notification. Similarly, in the event of a breach of any PHI in the control of practice using our software, the practice would be responsible for the notification.

In this case, it isn’t proper usage to ask “Are we Breach Notification Compliant,” because our software or systems do not apply the terms of the rule or assess whether or not PHI has been disclosed without permission. Your responsibility here is understand the rule, and know how to handle the proper notifications if a breach should ever occur.

For more information on this and other Health Information Privacy rules, please visit the HHS.GOV site here: http://www.hhs.gov/ocr/privacy/index.html

Cone Beam Computed Tomography (CBCT) in Oral Surgery

Digital radiography has raised imaging to a new level.  Cone beam imaging offers a 3D view of your patients—allowing for more detailed diagnostics and predictable treatments.  Imagine being able to visualize a patient’s anatomy before actually going to surgery and having the ability to determine a more precise treatment plan. 

On Tuesday, October 27, 2009, Dr. Bart Silverman will discuss the advances of cone beam imaging within the Oral and Maxillofacial Surgery field and the recent introduction of affordable combination CBCT/panoramic units.  Please join us for an informative 60 minute webinar at 8PM EST.  It's a free lecture and you can even earn 1CE credit for attending the live class. 

You can register for the event here: http://www.kodakdental.com/en/events-new/webinars-for-oms.aspx

WinOMS CS v8.1 Release Reminder: You Will Need a DVD Drive!

Just to remind you, when you receive your WinOMS CS v8.1 update in the mail, you will need DVD-readers in your computers to run the update.

I was looking over our existing system requirements document, reviewing the things that we might need to update with the release of 8.1, and there is was, in capital letters: CD-ROM drive.  Up until this version, we would deliver the updates on a CD.  It was no big deal, since everyone has replaced their computers since the day of the floppy drive.  Come to think of it, of the four computers I use most regularly (two laptops, one work desktop and one home desktop), none of them have floppy drives.

The good news is, if you have replaced your PC in the past three years, your computer probably has a DVD-reader installed instead of an older CD-reader.  But you should check now just to be sure.  For more information, you can review our announcement from April.


Yes, yes, I'm anxious about it too.  We are finalizing the release now, and we should start shipping soon.  We haven't added any new features in weeks, and the only things left to do are some fine-tuning and regression testing (a fancy term for "making sure we didn't break more than we fixed").  I'll announce the ship date soon.

U.S. House passes ADA-backed Red Flags exemption legislation

As reported in an article posted by the ADA yesterday, a decision has been made by the Federal Government that exempts Dental practices from the Red Flags Rule. This is good news! Read on for more. And any article that can successfully use the word "thrice" in a sentence is worth reading in its entirety.

By Craig Palmer

Washington—The U.S. House of Representatives Oct. 20 approved by a 400-0 vote legislation to exempt most dental offices from the Federal Trade Commission's Red Flags Rule. Thirty-two House members were recorded as not voting.

"This is great news for most dental practices in this country and demonstrates the effectiveness of our grassroots advocacy initiatives," said ADA President Ron Tankersley.

"Obviously, applying the Red Flags Rule to the typical dental practice overreached the original intent of the legislation and would result in unnecessary bureaucratic burdens and expense," Dr. Tankersley said. "I am pleased that the House of Representatives overwhelmingly understood the wisdom of the exemption."

The Association is seeking similar Senate legislation to assure final congressional passage and enactment of a law providing an exclusion from Red Flags identity theft guidelines for certain businesses including "a health care practice with 20 or fewer employees," which means most private practice dental offices.

The ADA pushed for a legislative exemption and gained support from key lawmakers during the Association's springtime Washington Leadership Conference. As passed by the House, the measure would amend the Fair Credit Reporting Act under which the FTC and other federal agencies issued identity theft prevention regulations.

"It is obvious that physicians and dentists are not creditors, and they should not be forced to spend hundreds of dollars to comply with this needless regulation," said dentist/Rep. Mike Simpson (R-Idaho), one of the key sponsors of the bill. "They don't require full payment at the time of service because they first bill the insurance company, then they bill the patient the remainder of the bill. This system should not be treated the same as a loan with a financial institution," said Congressman Simpson.

Rep. John Adler (D-N.J.), the bill's chief sponsor, said the FTC "went too far. During these tough economic times, the federal government should not be placing burdensome regulations on small businesses."

... (visit the ADA.org site for the entire article) ...

The FTC says health care practices may be "creditors" as defined by the 2003 law to include "any entity that extends or renews creditâ€"or arranges for others to do soâ€"and includes all entities that regularly permit deferred payments for goods or services," and thus subject to the Red Flags Rules. The Association has challenged FTC's interpretation of the Fair Credit law while seeking legislative remedy.

The FTC has thrice deferred enforcement of the regulation with respect to health care practices.

Please visit the ADA site to read the entire article.

The Post-AAOMS Rituals

I have a yearly routine I perform, and this year will be no exception.

When the AAOMS show closes at 1PM on Saturday it's time to pack up and head home. We change clothes, turn on the college football game and get to work, disassembling the demo stations and packing up all of our sales sheets. Everything gets boxed up and loaded into huge crates to ship back home. We shake hands with other vendors we are friends with, reminisce about the past few days and talk about where we're going next year. As a team, we all pitch in and bring that year's show to a close.

I head back to my hotel room determined not to think about anything oral surgery or software related, planning on settling in for a final evening of post-season baseball, and packing up my suitcase. But it never fails -- I end up reading through all the notes I took during my conversations at the show, remembering new details or brainstorming solutions to new problems. I add a few more details to my list, and make plans to call some customers for follow-up. I just can't resist it. It's hard to put it down when it's all you've been thinking about for days on end.

And I'm finally back in the office, ready to dive in and process all that I learned. I have a long list of enhancement requests to document and few new defects to report. I have a stack of business cards from new friends that I need to get into my virtual rolodex. And to top it off, it's time to start planning the next new major version of WinOMS CS.

Thank you to all who stopped by the booth to talk to us. I really appreciate the time we spent together talking about what's going on in your office and how you use our software.

PEARL rocks the AAOMS show!

I'm gonna tell you this, and it's gonna make me sound a little salesy, but PEARL sells itself.

AAOMS Toronto 2009's trade show opened today and we had huge traffic in the booth. One of the highlights, aside from the new v8.1 features, is a new iPhone and BlackBerry app called PEARL. Our customers love what they see. I walk them through a show demo and WHAMMY! they are on board. There wasn't a single person who thought that they wouldn't use it. There were a bunch of people who were considering switching from some other phone to an iPhone or a Blackberry just to get PEARL. There were a few more who are switching their practice management software just to get PEARL.

What PEARL does is put real-time, live data from your practice in your hands. How often do you get drug-seekers calling on the weekend for a new scrip? And how often do you find yourself guessing about whether or not you have seen them as a patient before. I'm sure it's plenty. We have solve your problem, and we made it simple to use.

There are many fantastic features in PEARL that provide you the info you need when and where you need it. And the good news? It works only with WinOMS CS. (okay, it works with other PracticeWorks practice management apps too, but CS is the only OMS one!)

Check it out at www.kodakdental.com/GoPEARL.

Oh, and sorry for the whammy up there. I just couldn't help myself.

Are you affected by the Red Flags Rule?

When I first heard about the Red Flags Rule, I didn't think it pertained to our industry. After thinking about it more, talking to a lot of people, and doing a little reading, I'm still not sure it will affect the OMS community.

The Federal Trade Commission has granted a three month reprieve on enforcement of the Red Flags Rule, stating that they will provide more guidance on November 1, 2009. Hopefully, this will help shape our understanding of these new policies and how they will affect your business.

From what I understand, if you and your office extend credit to your customers, you will need to come up with a policy in your office to comply with the new rule. If your office does not, and you are a cash-for-services business, I don't think that this will affect you at all.

Further, the way the Rule reads, the policies you need to put into practice in your business is to protect yourselves and your customers from those who would steal identities and commit fraud. The descriptions of ways you would implement policies (you'll need a PDF Reader for that link) to prevent and report this kind of fraud do not involve your practice management software. At this time, WinOMS CS will not make any changes as a result of the Red Flags Rule.