Monday, July 27, 2015

Protect your livelihood and your computers from viruses

If you are like me and read up on the latest news in the dental industry and keep up on breaking stories then you know that many dental practices have been violated recently by the Crypticwall or the Crypticlocker virus.  This virus can be devastating to the practice and embarrassing to you and your team.  My friend and Dentrix Product Manager, Brad Royer, wrote a great response to this topic in the Dental Town forum and I have his permission to share it with all of you.

These viruses do not just hold Dentrix for ransom, they hold your entire computer and other systems on the network ransom.  They are known as ransomware.  The most widely known example from a few years ago was called cryptolocker (this particular version is almost eradicated); however, there have been many other copy cats and other versions that have since been created.

Please see the following information on ways to prevent your office from being affected by this malware.

Security Tips for Small Businesses Regarding Internet and Email Usage

The following information provides tips for small businesses to follow in order to help avoid potential data compromise due to cyber threats from the internet while browsing the web or using email.

Email spam or junk mail is usually unsolicited email that is sent to a large number of recipients. These emails are usually irrelevant or inappropriate and may contain malware or viruses that can infect your computer. And in some cases, they could infect an entire network of computers. All one has to do is open up an unfamiliar or suspicious email and a virus can then immediately load on your computer.

The same goes for visiting certain web sites that contain malware or viruses. Simply visiting a popular social media site and then clicking an advertisement could result in a virus being installed on your computer. Spam, junk mail, viruses, and malware could lead to data loss, data breach, damage to systems, and high replacement and repair expenses. However, most of these threats can be avoided by educating your staff and implementing some basic protocols.

Security Tips

  • Do not share your business email accounts except for with customers, patients, and colleagues.
    • In most cases, in order to receive malicious emails, spammers first need to know your email address. Therefore, it is recommended that your business email addresses not be shared with anyone except your patients, your customers, and your colleagues.
    • Sometimes it is necessary to use your business email to sign on to a web site. Be sure that if you use your business email address on a web site, only use it on a legitimate web site that you are familiar with. And make sure that this usage is for business purposes only. Unfortunately, even legitimate web sites will often share your email address with third-parties. However, the more you can reduce the exposure of your business email addresses to the web, the safer your email will be.
  • Do not post your business email account on the public internet such as posting on your business web site or on forums.
    • Harvesting bots are special software designed to obtain email addresses from public data on the web. Once emails are harvested, the emails are then added to lists for sending spam emails and other threats. In order to help avoid having your business email address harvested it is a good idea to not post your business email address on your company web site or on a web forum for the public to see. Also, make sure that your email address does not show up in your signature on a forum or as a link within a guest book. If the public can see your email address, then it is likely that a harvesting bot can see it also.
    • Make sure that your company web site has some sort of security method in place to hide your email from harvesting bots while allowing your web site visitors to communicate with you.
  • Do not use your business email address to sign up for promotions, drawings, or other marketing gimmicks.
    • Sharing your business email to sign up for anything free or for any special promotion is likely a method for a spammer to collect email addresses. Some of the signup emails or signup pages can even contain malware or viruses that immediately load on your computer.
  • Do not open unfamiliar or suspicious emails; delete them.
    • When checking email, do not click on unfamiliar or suspicious emails or attachments. Instead, immediately delete them. Some suspicious emails when clicked can add your email address to a list, or even worse, install malware or a virus.
    • Also, be careful with unsubscribe links in certain emails. Although many unsubscribe links are legitimate, some unsubscribe links within suspicious or unfamiliar emails could contain links to further threats.
  • Microsoft Exchange users should implement SPAM Firewall services.
    • If you host your own Microsoft Exchange server, you need to implement a Spam Firewall service such as Barracuda. This type of service will help reduce spam emails arriving to your inbox.
  • Web based email users, only use legitimate email services rated high for security.
    • If you use web based email for your business, make sure to only use a reputable service such as or Gmail that contain built in security measures to help prevent spam and viruses.
  • Restrict email usage.
    • Email usage should be for business purposes only and should be conducted by approved and secure email methods. Limit email usage to only select employees who will be responsible for following the proper protocols. Personal email on business systems should not be allowed.
  • Be suspicious of email attachments.
    • Before opening an email attachment verify that you recognize the sender, the name of the attachment, and the body of the email. If anything seems out of place do not open the attachment. Delete.
  • Restrict web surfing.
    • Minimize the number of users in the office that are allowed to surf the internet. This can be accomplished by implementing and enforcing rules for usage. Only surf the web for business purposes while only visiting legitimate web sites.
    • Systems that do not need web browsing can have the web browsing disabled either through the computer settings or by changing the settings within the firewall.
    • Perhaps implement web filtering services. These services can allow some web browsing to occur while filtering potentially dangerous sites or sites that waste time and productivity of employees.
    • The more systems with a web browser that is filtered or disabled, the safer the network will be.
    • Personal web browsing by employees should not be allowed on business computers. Although visiting social media sites and other personal web sites may be common, this is the leading cause for businesses acquiring viruses on the network. Make it the protocol that employees must web surf on their own personal devices such as phones or tablets.
  • Implement email encryption.
    • Before sending an email to a customer, patient, or colleague, consider encrypting the email so that it cannot be read or captured by a hacker while in transit. There are many third-party services that offer encryption.
    • Also, products such as Adobe Acrobat allow one to encrypt a single document at a time that is password protected. The document can then be attached to an email and then sent. The recipient only needs to know a password to unlock the encryption and then view the documents once received. This is a basic and inexpensive method for encryption.
  • Get rid of old email accounts if they receive too much spam and open new email accounts.
    • If your business is using an old email account that receives excessive SPAM and junk mail, maybe it is time to retire the old email address and create a new one. Be sure to not share the new email address with anyone except customers, patients, colleagues, or legitimate web sites for business purposes only. This may require updating or changing business cards, flyers, or your company web site.
  • Do not allow employees to check personal email on business computers.
    • So far as personal email, there is a very simple protocol for employees to follow. Do not allow personal email to be checked on business computers. Employees should use their personal devices such as phones or personal tablets to check personal email.
  • Do not allow employees to connect their personal devices such as phones or tablets to the business network.
    • Make sure that employees are not connecting their personal devices to the business network. The only exception would be is if you have a secure firewall in place with a separate guest network. The guest network must be firewalled from the business network, never allowing communication between the two.
    • If you do not have this sort of secure and separate guest network, then do not allow personal devices to connect to the business network.
  • Run updates on all systems on a regular basis.
    • Run Windows updates on a regular basis. Be sure to run these updates during business downtime and be prepared for the updates to take quite a bit of time to install. There could possibly be multiple reboots involved. Once completed, be sure to test all systems, test all database software, and test healthcare devices to make sure they are in good working condition before the next business day. Windows updates cannot protect against all possible attacks, but they can help to make your systems more secure.
  • Make sure you have up-to-date antivirus software on all systems.
    • This includes all workstations and servers. Antivirus needs to be active and up-to-date. Although, antivirus cannot protect against all possible attacks, it can help to keep your network safer by addressing possible viruses and malware.
  • Be sure to always have a current backup of your data and an old backup of your data.
    • Each backup should be on separate, secure media. You should have multiple backup sets that represent multiple restore dates. Some backup sets should be new and some should be older. That way you will have more choices of dates to restore from. For example, one backup from yesterday, another backup from two days ago, another backup from three days ago, and a fourth backup from two weeks ago, etcetera. The more backup sets that are available to choose from in a restore situation the better the odds are of restoring the system to the best possible state in a disaster recovery scenario. Multiple backup media and multiple backup methods are encouraged.
Brad Royer
Dentrix Product Manager
Henry Schein Practice Solutions


Tuesday, July 21, 2015

Why now is the perfect time to examine your fees

My good friend (and insurance editor for Dental Products Report) Teresa Duncan recently wrote an article about how now is the perfect time to reevaluate your office fees. Teresa says that many practices wait until the end of the year, but if your practice is anything like the norm, the end of the year gets pretty busy. CLICK HERE to read Teresa’s article on fee updates. My blog today wants to piggyback on Teresa’s article and show you how to implement this task in your Dentrix software.

The process of updating your fees is a pretty simple task that can be accomplished with a couple of clicks. Go to the Office Manager > Maintenance > Practice Setup > Fee Schedule Setup (if you are on earlier versions of Dentrix, it might say Auto Fee Schedule Changes). You will get a window that looks like this. If you want to update your fees using a percentage or a dollar amount, click on the Auto Changes button and your fees will automatically be increased by the amount you set, then you will have an opportunity to look at each procedure code individually and then click OK to accept the changes.

If you want to take a more complex approach and change each procedure fee individually or if you want to copy one fee schedule to another, you can click on the View/Edit button and open a window that will allow you to update fees one by one or copy fees from another fee schedule. If you are updating a PPO fee schedule from a list provided to you by the insurance company, this is probably the method of choice for you.

Once you have updated your fee schedule, remember that any existing treatment plans still contain the old fees. With a new feature in Dentrix G5.2, you have a new feature where you can update all your treatment plan fees with the click of a button. Going back to my first image above, you will notice there is a Treatment Plan button. If you click on this, you can update all the fees in the existing treatment plans from here. If you have not upgraded to Dentrix G5.2, you can still update your treatment plan fees by opening the Treatment Planner.

Here are some other articles I have written on this topic if you want to continue reading about fees.

Tuesday, July 14, 2015

Business of Dentistry . . . why it's my favorite conference of the year

It’s that time of year. It’s time to get your doctor and your team registered for the Business of Dentistry Conference. As you have heard me talk about before, I have never missed a conference and I am going to give you 5 reasons you and your team should not miss it either. This year's conference is being held Oct 7th - 10th in sunny Florida.

  1. You will be repeating the words “I didn’t know Dentrix could do that! I can’t believe how we are under-utilizing our practice management software.” Even if you have been using Dentrix for over 10 years, I can guarantee you will learn things that you didn’t know existed. Last year, I taught the advanced Billing and Collections class and my class was filled with doctors excited to learn how the software could help their practices meet production goals. It was eye-opening.
  2. There is something to learn for every member of your team. Especially the dentist!  This year the Business of Dentistry is offering more clinical technique and technology courses than ever before.   The Dentrix courses have a skill level from entry level to advanced so the attendees can choose the level that best fits their knowledge of the software. This conference attracts some of the most sought-after consultants and they tailor their presentations to fit into the Dentrix agenda so you not only get amazing practice management educational material but you also get tips on how to implement it into your practice management software.  Check out the course listing by CLICKING HERE.
  3. Don’t miss the Learning Lab. This is my favorite part of the Business of Dentistry Conference. This is where you get to bring your questions and sit down with a knowledgeable support tech and get one-on-one help. If you are having issues with Dentrix, eServices, Easy Dental, or Enterprise, bring it to the Learning Lab. Here’s a tip: Take screen shots and print them out so you can show the team your issue (make sure you black out any patient information).
  4. Learn about third-party software that integrates with your Dentrix software. The vendors pour out into the hallways just waiting to tell you how their product, along with your Dentrix software, can help your practice more profitable, secure, or productive. Since Dentrix G5 opened up the Marketplace, there are many third-party companies that enhance your software in so many ways. I will have a booth at this year's conference so come by say Hi and check out what I have to offer you and your team. 
  5. Finally . . . have some fun and enjoy spending time with your team! This year’s conference is being held at the amazing Gaylord Palms Resort and Convention Center in sunny Kissimmee, Florida.  Henry Schein always brings the fun to this conference. I can remember bowling parties and dance parties that were off the charts. I can’t wait to see what this year has to offer.

Wednesday, July 8, 2015

Inactive, Archived, Non-Patient . . . . what do I choose?

I wrote an article titled “At some point we need to let thepatient go,” but does this mean the patient is inactive or should we archive him or her? What is the difference between a Non-Patient, Inactive, and Archived patient? Does your practice have its own definition or do you choose to just ignore it?

These questions come up a lot when I am working with dental practices on cleaning up their systems and putting effective systems in place for managing their active patient base. It is important to know what your active patient base is so you are not reaching out to patients who have either left the practice or died. Having reports and patient lists is important when you start following up with unscheduled treatment and overdue recare.

I would like to share with you not only the definitions of each patient status, but what my recommendation is for each.

·        Non-Patient – This is a person who is either an insurance holder or a guarantor on a family account. This is not a person who comes to your office for dental care. Now this person could also have a patient account if he or she is only an insurance holder for another patient in your practice. For example, if mom is a patient with her two children and dad is the insurance subscriber, then mom would be the guarantor and dad would be a non-patient on the account.

·        Inactive – This is where there it gets a little “gray.” If you mark a patient as inactive, he or she will still show up in all search results and you can still send out letters and generate reports.  My opinion is that if you have exhausted all your resources by calling, sending letters, and emailing patients and they are not responding to you, then you should mark them as inactive. What inactive will do is at least remove them from the Continuing Care lists and you can unselect them from other management reports.

·        Archived – If you archive a patient, then he or she is removed from all search results, removed from all Continuing Care, it erases all insurance information, and deletes any future appointments in the schedule. My opinion is that if patients have told you they are leaving or died, then archive them. If the patient who has left the practice decides to return, you can bring the account back to active status and re-enter the insurance and continuing care information.

Having a clean, accurate system helps with many things like patient count, unscheduled treatment numbers, and setting goals. I hope you will take some time and clean up your patient status and create systems in your practice using the definition of each status.

Thursday, July 2, 2015

With all the details to remember we sometimes forget things . . .

It’s the little things that make a huge difference in the daily lives of the dental team. There are so many details to remember in order to make sure your patients are well taken care of. One of those details you don’t want to forget is giving patients post-op instructions after their surgery or complicated dental procedure. When you are managing a busy schedule, making sure the instruments get into the sterilizer, and turning your room over for the next patient, sometimes things can get missed. How can you systematize your post-op instructions? Let me show you. J

You can add a doctor’s recommendation note to print out on the patient walkout statement or set up a separate post-op letter to print out in addition to your patient walkout statement. This can be set up to print automatically on the patient’s receipt, depending on what procedure code has been posted complete.

To set this up, go to the Office Manager > Maintenance > Practice Setup > Procedure code setup. Select the code you want to attach the post-op instructions to and click Edit. In my example, I have selected the D3310 Root Canal Therapy. In the lower left of the code edit window, there is a button Edit Note. Click on this. In the lower window where it says Recommendation Note, type your post-op instructions (or copy and paste from another document), then check “Print Note on Walkout.” Repeat this process for all your surgical and complicated procedures.

If your office wants a full letter to be printed out with the patient’s receipt, you can set up a letter to attach to the walkout statement and it will print as a separate piece of paper. You will notice directly under the Print Note on Walkout there is a Recommendation Documents >>. If you click on the >>, it will open up the same document folder you would use for your Quick Letters or Letter Merge.

The final step is to default this not to print on your walkout statements from the ledger. From the Ledger, click on the Print tab at the top of the toolbar, click on Walkout, then make sure there is a check mark in the Print Doctor’s Recommendations and check Set as Default. Now you have systematized your post-op instructions for every procedure code to automatically print as part of the patient’s receipt instead of sifting through folders of pre-printed forms.