By accepting you will be accessing a service provided by a third-party external to https://www.mydentalconsultant.com/
HIPAA 101: Breach Notification
As we have seen in the previous articles, there are numerous HIPAA rules and regulations that must be followed. Non compliance can often lead to fines and penalties that can be quite substantial.
However, in my mind, there is nothing more devastating to a practice than needing to declare a breach.
Data breaches have become common. There are reports in the news almost weekly about breaches in large corporations such as Target and Neiman Marcus. While these breaches can be upsetting to consumers, they don’t fall into the HIPAA rules as they don’t involve protected health information. A breach at a dental practice, unfortunately, would definitely be a HIPAA violation and requires a set of steps that must be taken.
Breaches can take many different forms. One of the most famous was a dentist in California whose server was stolen. This is an obvious breach of data. Other breaches would include someone hacking into your network, a former employee copying patient records before leaving the practice, emailing patient records to the wrong patient, etc.
So, what are the steps that must be taken? There are currently three things you must do by law:
1. You must notify all patients in writing, and not only inform them of the breach, but inform them which data was breached. This often includes social security numbers and credit card info. This, to me, is the most devastating part of the law. Our clients, who have reported a breach, have claimed a loss of 25-40% of their patients on average. It’s also considered proper protocol to offer credit checks for all affected patients to ensure there's been no identity theft.
2. You must notify the local media, such as local newspapers and TV stations.
3. You must have your practice listed on the Health and Human Services website. This site is affectionately called the Wall of Shame. There are currently around 1300 practices listed.
The thing I find most frustrating about the Breach Notification is that most dentists are unaware that they have a “get out of jail free card” when it comes to this rule. That card is encryption. If you have encrypted the data at rest, and encrypt your data in motion, then you are exempt from the rule. The most common breach is loss or theft of a mobile device, such as a laptop or backup external hard drive. Encrypting these devices is relatively easy. There are free programs like Bitlocker and Veracrypt that can encrypt data. You’ll want to work with an IT professional to set it up properly but you just need to pay for the labor. Compared to the fines you face (up to $50k for the lowest level and $1.5 million for the highest level), encrypting your data makes sense for every dental practice.
While the Breach Notification rule can be devastating for a dental practice, properly planning to protect your critical data can ensure that you never have to go through this process. This is one of those situations where an ounce of prevention is definitely worth more than a pound of the cure!
What Does A Dental Consultant Do? Charge?
Many dentists will tell you dental consulting works. If dental practice management firms had no worth or benefit they could not stand up to harsh economic realities for long. What a veteran dental consultant brings to the table are systems and protocols successfully implemented in other practices that have been improved and tweaked over many years. Top dental consultants talk and network with each other. They pay attention to what works and what doesn't work across all dental practices.
Marketing & New Patients
Practice management consultants generally have little marketing training or background.
Note: Cambridge'a consultants are Certified SEO and Ad Words Specialists
Dental Office Systems
Key systems dental consultants implement:
- New Patient Phone Call
- Insurance Processing
- New Patient Experience and Patient Education
- Financial Arrangements
- Unscheduled Treatment Followup
- Stat Monitoring
- Daily and Weekly Checklists
- General Policy Manual
You will not get much ROI from your dental consulting if your staff do not have your back. You do not beed a team of cheer leaders jumping up and down with enthusiasm, but you do need staff who are smart and take some pride and ownership in what they do. If there is more than the usual drama in your practice that needs to be sorted out before you will get any real results.
What gets monitored gets done.
The "big" obvious numbers are important to monitor, but when you look at them they are typically already "in the books". You want your team to concentrate and be accountable daily on the "small" stats that bring about the "big" stats. How many practice owners know how many calls were made to unscheduled patients each day or overdue re-care or inactive patients? Many dentists vastly underestimate how much daily "outflow" is needed to keep a schedule full. How may dentists know what % of slots were open in their hygiene schedule each day? How many know how many NP calls there were yesterday, who scheduled and if they end up showing up? More importantly how many staff know considering it's their job to do?
The only way to monitor what gets done is with daily stats especially for your weak areas. For example, one employee should be specifically responsible for calls to patients who are unscheduled, overdue re-care or need reactivation. Other staff can and should help in coordination with the accountable employee, but that employee accountable reports daily on a spreadsheet like this: 1. # of calls or personal texts sent 2. # of contact
3. # of appointments with name and date 4. # of arrivals
It is the employee who is either making themselves valuable to you or not. If they are doing so, dismissing them will never enter your mind. On the other hand, if they are not making themselves valuable, you will be doing them and yourself a favor by giving them the opportunity to find a practice or other employment that is a better fit for them.
What most practice owners are missing is not how to book an appointment but how to be effective leaders. The best systems in the world are useless if the staff do not comply. Good leaders know how to get staff to willingly follow through and comply. Agreement among all team members is key. Your written office policies should contain those agreements and should answer most questions staff come up with. Doing so will save you much time and simplify the management of your practice. Staff non compliance is a sure sign of poor leadership. The primary reason practices underperform is staff non compliance. Key traits of leaders. All it takes is discipline:
- Always keep a cool head especially when "under fire"
- Realize that all mistakes are an opportunity for you and your staff to learn.
- Set a good example.
- Always be learning.
- Take care of yourself.
- Fight the impulse to address multiple issue at the same time. Frantic activity creates spotty results.
$35.000.00 is the average fee for a one year program with dental practice management companies you are likely familiar with. For those companies that require you and your staff to travel to their facility or seminar you also need to add in the cost of travel, staff pay and lost production from time away from your practice.
Questions You Should Ask
- Do you and/or your staff have to travel or does the consultant come to you?
- Is the program mostly one on one consulting versus seminars or courses with multiple clients in attendance? There are advantages to both.
- If the dental consulting is one on one who will actually deliver the consulting? I recommend knowing who your specific dental consultant will be prior to signing on the dotted line.
- Is program based on a specific dental practice management system? You want to avoid cookie-cutter programs. Ensure the program will be tailor-made to fit your practice's specific needs.
- The cost (including travel expenses and downtime) is certainly not the only factor, everything else being equal, it is still a major factor to consider. It's unwise to pay too much, but it's worse to pay too little.
If you do a little homework it should be fairly easy to pick a reputable consultant that is a good fit for you and your practice.