Saturday, May 24, 2014

Is your email HIPAA compliant?

I recently attended the annual Dentrix Train the Trainer conference and, during the banquet, I sat next to the HIPAA compliance manager for Henry Schein, John Mertz. My commitment to you, my readers, is to try and give you new and relevant content, so while I was chatting with John I asked him, “Can I interview you for my blog?” and he accepted. 

Q:  John, being the compliance officer for Henry Schein, what are the top two HIPAA issues offices are asking you about?
Great question Dayna, and thank you for this opportunity.
The top two questions I get are: 1) What kind of paperwork do I need between Henry Schein and our practice to be HIPAA-compliant? 2) Is the email I submit from my office HIPAA-compliant when sending directly from Dentrix?
Q:  How do you respond to their concerns? Do you refer them back to their own legal team or do you have resources you can pass along?
It depends on what the concern is. To maintain HIPAA compliancy, it is very important to have a Business Associate Agreement between the practice and Henry Schein on hand. To make the process much easier for our customers (and Henry Schein), we have a BAA available that can be downloaded, from our website, where it can be printed out (for their records) and submitted online. One aspect of utilizing this BAA is that it will cover our customers for anything they utilize from Henry Schein (practice management software, eServices, eClaims, TechCentral, training, support, etc.), avoiding the need to have multiple agreements on file. Last year, Congress passed what is called the Final Omnibus Rule of 2013. Anytime there are significant changes made to HIPAA regulations, it is necessary to update the Business Associate Agreement. Our BAA has been updated to reflect the changes made to HIPAA and we strongly encourage our customers to contact Henry Schein if they have not yet renewed that agreement since the Omnibus Rule had gone into effect. If anyone is unsure whether or not their BAA is current, they are encouraged to contact Henry Schein Customer Support.
In regards to email, if you are transmitting any PHI (Protected Health Information) data, the short answer to that is “No, your email is not HIPAA compliant.” Our practice management software does not encrypt email. There are a several methods that can be utilized to protect email and patient data. We encourage our customers to consult with their IT staff, or whoever setup their network regarding email encryption. If there is no one available, Henry Schein has a department dedicated to hardware and network configuration (Tech Central) that would be able to assist with that as well.
Dayna, the only times I would refer a customer back to their legal counsel is if there are questions regarding what they should do internally to comply with HIPAA. Henry Schein is unable to consult customers on HIPAA compliancy. Every customer would have different needs and each situation will vary. We strongly encourage our customers to have a well-documented HIPAA security and privacy policy on hand and their staff trained on HIPAA at least annually. There are several great resources available that can be utilized to help answer specific HIPAA questions. I will list a few of them below:

Disclaimer: the following websites are listed as information only. I intend no endorsement of their content and imply no affiliation with the organizations that provide their content, nor do I make any representation or warranties about the information on those sites, which I do not control in any way.

Q:  What is your answer for email?  How can the office be HIPAA compliant with email?
This is certainly a common question. I would refer to the answer I have given above to address this inquiry.

Note from Dayna:  Corresponding with your patients via email is one of the most common questions I receive from offices. As John stated above, sending email the common way is not HIPAA-compliant. For some HIPAA compliant options for your practice, CLICK HERE to be directed to the resources page on my website.  CLICK HERE if your office needs HIPAA training or Risk Analysis.

Wednesday, May 14, 2014

Opting out of virtual credit card insurance payments

The issue of using a virtual credit card for insurance payments has not only become a frustrating situation for the dental practice, but also costs the office money they don’t need to be spending. My friend and colleague, Jennifer Schultz, who is owner of The Virtual Dental Office Manager, is also having the same issues with her offices. She recently wrote an article on the same topic, CLICK HERE to read it.
When I received one of these virtual credit cards for an insurance payment, I was like, “What the h*%# is this and how am I suppose to post it?” Since I needed my deposit slip to balance with payments and credit cards, I ended up posting a $0 payment to the claim and adding a note in the claim status notes that it was a credit card payment and how much it paid on the claim. Then I posted it as a credit card payment and also made a note in the payment that this was an insurance payment. If it is not critical for your office to balance the credit card total on the Dentrix deposit slip with your credit card batch, then you could post the virtual credit card as an electronic payment and then make a note on the claim that it was a credit card. What a pain!

I would highly recommend you try and opt out of this method of insurance payments because it is costing your office a merchant fee of 2-4% of the total payment that you don’t need to be spending. This could add up to hundreds of dollars per month of unnecessary fees for the practice.

You can opt out of this payment method by calling the insurance company and asking to be removed from this method of payment. See if you can opt for a direct deposit instead. After you have opted out with the insurance company, make sure you follow up with the merchant that issued the credit card payment to see that it was done. Hopefully by making these two phone calls, you can avoid these virtual credit card payments in the future.



Wednesday, May 7, 2014

Success with your dental software implementation and training

Dental Software Advisor’s podcast series focuses on software technology topics relevant to dental users. In this interview with Dayna Johnson of Rae Dental Management, a longtime industry implementation and training expert, we have a frank discussion of software implementation ands how to build acceptance and increase rewards for using appropriate technology.


One of the key topics during software implementation is to identify fears around software implementation and work to figure out what can be shifted to improve efficiency and reduce frustration. Solutions come from incorporating many different strategies.
For any dental practice implementing new technology, this discussion will cover common issues, frequent mistakes, and how to make the process easier and more complete. Efficiency, consistency and protection are the mantra Dayna Johnson uses for successful software implementations.