Pennsylvania dental patients’ stolen social security numbers posted online

Join Our Mailing List 

EDR Data breach in Williamsport, Pennsylvania

By D. Kellus Pruitt DDS

1-darrellpruittOver the last 7 years, I have absorbed a surprising amount of criticism for warning my community that electronic dental records continue to grow both more expensive and more dangerous than paper dental records. That chunk of bad news which not one dental leader is ready to acknowledge is becoming increasingly difficult for even the most popular practice management consultants and other 3rd parties to hide. Unresponsiveness from those who profit from EDR sales is unethical and has already harmed dental patients.

Vulnerability Notes

In the Vulnerability Notes that have been issued by the US Department of Homeland Security to dental software giant Dentrix in the last year, security expert Justin Shafer was thanked in both for alerting authorities to Dentrix’s weaknesses.

Though evasive EDR stakeholders were able to fend off transparency far too long, it is fast becoming obvious to the world that their free ride with no accountability has always been destined to end ugly, and greed is to blame. Unforgiving media coverage of the nation’s loss of confidence in EDRs just might start in day or so in the parking lot of dentist’s office near Williamsport, Pennsylvania. Take cover, Dentrix

Eyeing Dentrix 

In the last two years, Justin Shafer’s uninvited watchful eye over Dentrix’s vulnerabilities may have already helped protect millions of dental patients from identity theft. Nevertheless, Dentrix’s security problems which company officials apparently hide, continue to endanger the welfare of uninformed Americans. I have learned that Shafer doesn’t give up easily. He’s in HIT for the long haul.

Yesterday morning, he posted a heads-up on the City of Williamsport’s Facebook, as well four other local Facebooks, warning of the results of a dental office data breach of Dentrix software: Dental patients’ social security numbers have become available on a zip file from Piratebay.

Shafer: “I am willing to bet there are a lot of your citizens SSN’s in this database. Look at rsc_dat.dat and patient.dat… Seems a dental database ended up on piratebay. You may already know.. you may not.”

He explained it to me this way: “the practice info is in rsc_dat.dat, patient info is in pat_dat.dat. It’s a nightmare, and I told dentrix and the doctor a full year ago.”

Insightful or clueless dentist?

Assessment 

Did your opinion of censorship in dental care recently undergo change?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct Details

Product Details

Don’t Co-operate with eDR Vendors, Doc!

Join Our Mailing List

My Opinion of eDRs and eDR  Vendors

By D. Kellus Pruitt DDS

Don’t cooperate with those you don’t trust, Doc.

eDR Stakeholders

If you allow Dentrix, the W. K. Kellogg Foundation, the ADA and other ambitious EDR stakeholders talk you into switching from paper dental records to digital before 2014, it will be the most regrettable business decision you have ever made.

PHI Breaches

Regardless if a data breach of your patients’ Protected Health Information (PHI) is your fault or not, it can easily cause bankruptcy, and the odds aren’t in your favor. According to a recent Redspin study, the number of breaches doubled between 2010 and 2011. (See “Health data breaches up 97% in 2011” by Diana Manos in Healthcare IT News, February 1, 2012).

http://www.healthcareitnews.com/news/health-data-breaches-97-percent-2011

Procrastination and Late Adopters

So even if unlike Americans who enjoy freedom, professionalism keeps you from publicly expressing an opinion, there’s never been a better time to drag your feet in our usual way. Besides, what have you got to lose by waiting? If consumers prefer EDRs, don’t you think we would see dentists touting their safety in their ads?

RedSpin

Daniel W. Berger, President and CEO of Redspin, is quoted in Diana Manos’ article: “Information security breach is the Achilles’ heel of PHI. Without further protective measures, data breaches will continue to increase and could derail the implementation, adoption and usage of electronic health records.” So why allow selfish EDR stakeholders who cannot be held accountable for harming your patients rush you into buying their favorite technology?

Note that the ineffective “further protective measures” will make EDRs even more expensive compared to paper dental records – allowing paper dentists to charge less than paperless practices, while still making more profit. Indeed, Doc. What have you got to lose by waiting?

Over the last 6 years, virtually all of my predictions about HIPAA have been right, and following the recent Redspin report, I feel even stronger about this one: The national failure of HIPAA will become noticeable in dentistry first.

OCR Culture

Not only is the Rule ineffective at protecting dental patients’ identities, but the tedious, mostly worthless compliancy requirements are so unreasonably time consuming and costly that no dentist can ever be 100% compliant. What’s more, eager HIPAA auditors working on commission to enforce the Office of Civil Rights’ “culture of compliance,” can find a dentist “willfully negligent.” Is that not subjective? The fines for such an auditor’s opinion are obscene. If you unfortunately experience a data breach, you don’t want to lose even more sleep over an audit that you cannot win, do you? Dentists don’t have to take this.

Dentistry Is Billing Simple

Unlike the complex administrative tasks in physicians’ offices, the business of dentistry is simple: Billing involves ten times fewer patients and CDT codes cover fees for procedures only involving the lower third of patients’ faces. Ledger cards, pegboards and lots of carbon paper have functioned adequately and safely for busy dental practices for decades. Besides, computers still haven’t shortened the time it takes to do a technique-sensitive filling in a squirmy kid’s mouth. If the front desk is the bottleneck rather than the speed of the dentist’s hands, someone needs to brush up on their alphabet skills.

If you think you might miss your computer, now is a perfect time to encourage dentistry’s leaders to consider de-identifying EDRs… Or if like me, you aren’t a HIPAA covered entity, we could wait a little longer if you’d like. Within a year, Americans will be noticeably seeking dentists who don’t put their PHI on computers.

Assessment

The hope for miracle discoveries derived from safely data-mining interoperable dental data doesn’t have to end like this, but I certainly don’t mind the windfall profits that expensive HIPAA regulations and patients’ fear of identity theft will bring to my practice.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

   Product Details

On Open Letter to Dental Economics

Join Our Mailing List

Fun on a Slow Day [will that be paper or electrons?]

[By Darrell K. Pruitt DDS]

As anyone following the ME-P knows by now, Dental Economics’ officials have been suspiciously unhelpful in locating experts capable of responding to concerns about the cost and safety of EHRs in dentistry – quite the opposite.

The CR Foundation

In addition, Dr. Gordon Christensen’s CR Foundation has also suspiciously avoided discussion of EDRs with this dentist. Nevertheless, I’m certain that like most other EDR stakeholders, employees of DE and CRF at least secretly agree that this consumer has tolerated good ol’ boy behavior in the marketplace far longer than any vendor anywhere else in the free world could ever expect – no matter how important.

Dentrix, too!

At some point, Dental Economics, CR Foundation and Dentrix will either have to answer at least one dentist’s sincere questions about EDRs or censor me from their Facebooks. Over time, not-anonymous censorship would be second only to anonymous censorship as the worst possible choice. If I’m given the opportunity, I’ll prove it.

As readers can tell, sometimes on slow days, even silence from rude people who profit off of my profession irritates me – causing me to want to grab them by the attentions. I’m feeling especially itchy today, so I also posted the following on Dental Economics Facebook:

Dear Dental Economics:

If the AMA finally admits that EHRs are a poor substitute for thinking, don’t you agree it’s time for shy stakeholders in dentistry to accept ownership of their products’ weaknesses? And for other stakeholders to either help me or get out of the damn way?

“EHRs Linked to Errors, Harm, AMA Says — Clinicians can introduce errors when they copy and paste sensitive patient data into electronic health records, according to AMA research.”

http://www.informationweek.com/news/healthcare/EMR/232400325

Or, do you think if dentists remain silent like good little professionals, those who profit from EDRs and related advertisements will suddenly become honest with our patients? I’m not that optimistic. I think if interoperable EDRs are ever to succeed, dentists must pester the unresponsive leaders even while hangers-on would shield them for their own selfish reasons. For example, dentists are unlikely to ever read in Dental Economics the following hints of the imminent failure of EHRs in dentistry: 96% of EHR systems have been breached in the last 2 years and the frequency of breaches rose 32% in the last year – costing over $6.5 billion. The fantasy is over, DE. It’s becoming increasingly difficult for even stakeholders to get giddy about EDRs.

Once the high risks of identity theft from dental offices can no longer be suppressed by stakeholders, our patients’ trust will be forever lost – just to protect the most selfish of people in the healthcare industry from accountability.

Where are you Dentrix?

And what’s the opinion of your CRF investigators, Dr. Gordon Christensen? Are EDRs cheaper than paper dental records or not? As you know, a few months ago your former CEO stated in an article on Dentistry iQ that EDRs offer dentists a “high return on investment,” yet failed to produce evidence supporting his incredible claim.

http://www.dentaleconomics.com/index/display/article-display/2974000845/articles/dental-economics/volume-101/issue-10/features/digital-dentistry-is-this-the-future-of-dentistry.html

Regardless of an institution’s reputation and market share, deceiving doctors and patients for personal gain is just wrong.

Since the misleading statement from the influential CEO has never been corrected, his lie which is still featured on Dentistry iQ continues to harm naïve dentists and clueless patients – but not without the help of 8 Dental Economics editors who voted the CEO’s article as a tie for the “Most important story for the dental profession in 2011.”

http://www.dentistryiq.com/index/display/article-display/9721317527/articles/dentisryiq/hygiene-department/2011/12/best-of_2011_articles.html

Assessment

Way to go, Dental Economics editors! Any of you have enough confidence to discuss why you chose the former CEO’s article? I think your readers would like to hear your reasons. I certainly would. What could it hurt?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:


 Product Details

On Practice-Based Research Networks

In Dentistry – if only it were that easy

By D. Kellus Pruitt DDS

I like the concept of a Practice-Based Research Network for teasing out latent miracles from dentalcare data, but I’m afraid any hope of networking success is limited by insurmountable cost and safety concerns of EDRs that few in the dental industry are yet willing to recognize.

Dr. Schleyer 

Titus Schleyer, DMD, PhD, Associate Professor and Director, Center for Dental Informatics, University of Pittsburgh published “The feasibility of an electronic dental practice-based research network” a few days ago.

“The long-term goal of our research is to use data from EDRs to improve patient care and its outcomes. The objective of this project is to develop a generalizable method for extracting EDR data for practice-based clinical research, using Dentrix as the test system.

In our first specific aim, we will determine the utilization of clinical data elements useful for research by practitioners by mining the electronic dental records of 100 Dentrix users and generating summary statistics about patient documentation patterns by data field.

The second specific aim will develop a technical Infrastructure for extracting data from Dentrix and integrating them with manually collected research data. The main outcome of this project will be the electronic Dental Practice-Based Research Network (ePBRN), a generalizable method for extracting clinical data from EDRs and reusing them for practice-based research. This project is a first step in making the increasing amount of electronic clinical data available for improving research, clinical care and patient outcomes.”

-Abstract: September 30, 2011

http://halley.exp.sis.pitt.edu/comet/presentColloquium.do?col_id=2348

I agree with Dr. Schleyer. However, until dentists perceive value in EDRs instead of liabilities, the dreams that he and I share about real-time, evidence-based research on an internet platform will be nothing more than just a cool-sounding fantasy of a handful of geeky dentists hoping to get a better peek at an obscure healthcare niche.

On Transparency 

Transparency in dentistry, rather than NPI numbers, has a better chance of revealing cost-effective solutions for painful and even life-threatening health problems. In addition, nothing is holding down the cost of HIPAA compliance, and data breaches from healthcare facilities – including dental offices – are only becoming more common.

Assessment 

Sidestep liability. De-identify now. If a dentist’s EDR system is breached, yet it contains no Protected Health Information [PHI], who cares?

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Product Details  Product Details

   Product Details 

Is ARRA Stimulus Money for Dentists?

Join Our Mailing List

Now is the Time to Say “No Thank You” to the ADA

[By D. Kellus Pruitt DDS]

A few days ago on Twitter, @techguy said: “@Dentrix, Are you guys helping dentists get access to the ARRA EHR Stimulus money?” This morning I “retweeted” his question to the electronic dental record giant: “That’s a great question, @Dentrix. What are you doing to help dentists receive stimulus money?

Of Faded Promises  

Dentrix officials no longer shop faded promises of free stimulus money to help dentists purchase their software. The truth is, without taxpayer help, Dentrix’s product offers dentists no return on investment, and it’s unlikely that the profession will ever see a cent of stimulus money. In fact, if American Dental Association President Raymond Gist wants to be a national hero, now would be the time to purchase a press release to tell the nation, “American dentists graciously decline your offer of stimulus money, taxpayers. We say, let our grandchildren keep it for themselves.” The deficit-weary public is very interested in that kind of good news these days. But, the ADA’s PR opportunity has a shelf life. The sooner they jump on this minor deception the more generous American dentists will appear. A year from now, the chunk of faux-generosity won’t work.

Too Late for Cash Give-Aways 

For one thing, it’s simply too late for dentists to take part in the cash giveaway. And even if there was time for a significant number of dentists to convert from paper to digital before September 2011, to receive promised stimulus money, a dentist’s practice has to be 30% Medicaid. That qualification rules out almost all dental practices right off, and here in Texas last week, Governor Perry threatened to opt my state out of Medicaid (and stimulus money) completely. A year ago, Perry threatened secession from the Union. It sounds to me like you are softening him up, Washington.

Meaningful Use Requirements 

That’s not all. Before a dentist can qualify to be reimbursed up to $44,000 dollars, the practice must show “meaningful use” of certified electronic dental records. However, meaningful use of digital records in dentistry has not yet been determined and perhaps does not actually exist. Nevertheless, the best minds in the ADA and HHS are searching for the next best thing – humorous rationalizations. For example, imagine the convenience of the speed-dial on the telephone compared to logging on to a highly secure, password-protected, HIPAA-compliant, encrypted computer just to tell the lab you have a pick up – just to show the Department of Health and Human Services that you are making “meaningful use” of your Dentrix product and spending taxpayer money wisely.

Assessment 

Do you know what is scary about the leadership in my profession? I’m apparently the only dentist in the nation who dares admit that as far as ARRA stimulus money goes, American dentists are out of luck and clueless. Even @techguy is in the dark for crying out loud!

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details 

Front Matter BoMP – 3

%d bloggers like this: