Saturday, May 22, 2010

Dentrix Mobile Released

Dentrix has announced the release of Dentrix Mobile.  This new program allows you the access to a wealth of pratient information from most smartphones.  It is available on the iPhone, Blackberry, Droid, and Palm Pre.  It is a browser based program that allows you to view your practice schedule, patient contact info, patient medical history, prescriptions and other valuable information.  At this time, you can not enter or update information, but it is on the roadmap. 
Security is always an issue with this type of program.  Because it is browser based, no practice or patient information is copied to the mobile device.  If you lose your phone, please make sure you log into the Dentrix web site and change your password to ensure the data can not be accessed from the lost phone. 
You will need the following items in place to use Dentrix Mobile (from Dentrix FAQ document):
  • Active Dentrix Customer Service Plan
  • Dentrix G4 Productivity Pack 7
  • Latest version of the DXWeb Toolbar
From the Dentrix Mobile FAQ:

See Patient Details at a Glance

When customers get a call from someone requesting a new prescription, they can know within seconds if the caller is a patient or not. With Dentrix Mobile, they can search for the patient’s name and their essential information, including:
  • Contact Information - view the patient’s home, mobile, work and other phone numbers and email address.
  • Prescriptions—view a list of patient’s prescriptions, dates and details.
  • Medical Alerts - view a list of allergies and other medically important information.
  • Past Appointments - view the date and time of past appointments. Click on the appointment date to view details of the past appointment.
  • Future Appointments - see updated appointments as soon as updates are made at the office.
If you have any questions or need our assistance with setting up this service for your dental practice, please call us at 508-624-9898 or email me directly at dwalsh@patriotnetworks.com

Thanks for reading,
Dennis

Saturday, March 6, 2010

MA 201 CMR 17.00 Privacy Law in general

I have been presenting webinars on, as well as participating in discussions of, the new Massachusetts privacy law, MA 201 CMR 17.00 Privacy law. The focus has been on how this law affects dental offices and what steps need to be taken to be in compliance with the law. In future posts I will discuss the different sections of the law in more detail. The focus of the post is on the definition of personal information in the law and how this definition is critical to the implementation of policies and solutions for compliance. This post is not specific to dental offices, rather it is a general discussion and rant about the law.

This law applies to both paper and electronic records and information.

First, the definition of personal information taken directly from the State pdf file on the law:

"Personal information, a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that “Personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public."

The first thing that jumped out at me about the definition is that it does not include Date of Birth. The argument has been made that because this information is readily available in public records, i.e. birth records kept at town hall, available online through sites like Ancestry.com and through other public access means, it fails the "publicly available information" test. OK, I agree with that argument and I can accept the exclusion of date of birth from the law.

The law applies to "to all persons that own or license personal information about a resident of the Commonwealth". This means it applies to almost every business in Massachusetts, but I would argue that it also applies to any group or association that accepts checks and/or credit card payments. For example, when I sign my daughter up for softball, I send them a check which has my first and last name and checking account number on it. This meets the definition of first and last name and financial account number. So, the group that runs the softball league now needs to comply with this law. Does your associations accept dues payments? Time to get compliant!

Government agencies are excluded from the law including "any political subdivision thereof". Yes, that is correct, you are forced to comply with the law, but the people who wrote the law and are in charge of enforcing it do not have to comply with it. Why? Isn't that the way it always is in MA, "do as I say, not as I do"! Why should the State have to go through the hassle of complying with the law? Don't you know it is only you peasants who get hacked, disclose personal information, and don' t know how to protect people's personal information?

As the definition states, there has to be a combination of information for it to be personal information. If I obtain a list of social security numbers, but can not associate the numbers with names, then it is not personal information. This law is not like HIPAA in that it does not relate to medical or dental information. So, if your dentist sends you an email telling you have an appointment next Wednesday at 1 PM and does not encrypt the email, they are NOT breaking this law. But, if they send you an email that has your patient record and it includes your social security number, then it must be encrypted because of the combination test. If they send you an email with your name and images of your x-rays, it does not have to be encrypted under this law. I may be able to see that you have had a root canal on a tooth, but I can't steal your identity from an x-ray. Whether it breaks HIPAA rules is another argument.

Does the law apply to companies in other states that have this information on residents of Massachusetts? Yes, but good luck enforcing the law on these companies. For example, if you own a business in a Rhode Island border town and take payments from MA residents, then you fall under this law. But, I don't think the law arm of the MA law can extend across the state border. This is similar to when Gov. Duval wanted New Hampshire to collect MA state sales tax from MA residents buying goods in NH. The NH governor told Duval to go pound salt.

The basis of the law and what you need to do to be in compliance hinges on the definition of personal information in the law. If you are "a natural person, corporation, association, partnership..." and your records, whether paper or electronic, contain any of the possible combinations under the law, then you need to get compliant with the law.

More information available at http://www.patriotnetworks.com/MA_201_CRM_17.html

Thanks for reading my blog, please feel free to pass along to friends and colleagues!

Monday, February 22, 2010

MA 201 CRM 17.00 Webinars for Dentists

Patriot Networks will be presenting webinars on the new Massachusetts Privacy Law (201 CMR 17.00) to find out more details on the regulation, how it affects your office and the new programs that Patriot Networks is offering to bring your practice into compliance. We have scheduled two webinars around lunch time and two in the evening for your convenience.

This new regulation goes into effect on March 1, 2010 (after being delayed four times over the last two years).

Sincerely,


Dennis Walsh, President
Patriot Networks, Inc.
dwalsh@patriotnetworks.com

MA Privacy Law Webinar

Attend one of our webinars to learn how to bring your practice into compliance with the new MA 201 CMR 17.00 Regulations!

Register for a session now by clicking on the link below to go to our web page for dates and times:

http://www.patriotnetworks.com/MA_201_CRM_17.html



Once registered you will receive an email confirming your registration
with information you need to join the Webinar.

System Requirements
PC-based attendees
Required: Windows® 2000, XP Home, XP Pro, 2003 Server, Vista

Macintosh®-based attendees
Required: Mac OS® X 10.4 (Tiger®) or newer