How to Add an Hour to Every Day

How to Add an Hour to Every Day


3 Ways Mobile Data is Changing Marketing

3 Ways Mobile Data is Changing Marketing

Documentation for the Dental Practice: A Must

      Documentation by dental staff members is equally as important as documentation by the dentist. The dentist and staff entries are considered equivalent; what a staff member writes in a patients chart is regarded as representing the dentist.
All staff members should sign or initial their entries. In addition, all entries by staff members should be reviewed by the dentist, who should in turn verify the accuracy of the entries, make any necessary changes or additions, and co-sign the entry. This is particularly important for those dentists who delegate the task of writing clinical progress notes to their assistants. The data recorded by staff members under the dentist’s direction ultimately remains the dentist’s responsibility. If an entry is illegible, incomplete or incorrect, the patient may suffer consequences, and the dentist will be held liable.
     Documentation of telephone calls, conversations, and messages is another area where the dental team is of vital importance. A great deal of important information is contained in patient phone calls, most of which do not involve the dentist’s participation. The timeliness and extent of documentation of patient telephone calls are often the issue that make or break the defense of a malpractice allegation or dental board complaint. Information received on answering machines or voice mail, or from answering services, should be recorded in the patients chart in a timely fashion.
     The duplication and release of confidential patient information is yet another area in which dental team members must practice good risk management. All team members must understand that, absent a court order, patient information is not to be released to anyone without the patient’s expressed written consent. This prohibition includes releasing records to spouses, parents of adult children, children of aged parents, siblings, work associates, and insurance companies.

   Finacial Matters in a Dental Office

  bills_coins.jpg     It is imperative that dental team members in financial roles recognize the often delicate nature of their assigned tasks. In many dental practices, the negotiation of patient financial arrangements and management of account receivables is delegated to an office manager or billing coordinator.
    Unfortunately, financial disputes are a frequent cause of a breakdown in the relationship between a patient and a practice. Most financial disputes and associated legal claims can be avoided by establishing clear, concrete financial policies and following them.
  The person responsible for making financial arrangements should be comfortable discussing financial matters. Whenever a payment is overdue, the patient should be contacted in a courteous manner in order to determine the problem before it creates a rift in the patient relationship. checkbook-pen.jpg
         Another responsibility of the office’s financial manager is sending accounts to collection. While it is the practice owner’s legal right to pursue a collection action for an outstanding debt, it should be noted that collection actions against patients frequently result in board complaints and retaliatory claims of malpractice against the dentist.
        Practicing sound risk management in the dental office isn’t difficult when the dentist and staff members take a team approach to risk management.


In today’s legal environment, a owner of a dental practice may be vicariously liable for the errors and omissions of staff members. As a general rule, the risks are clinical in nature, however, a substantial amount of   errors or omissions occur as a result of miscommunication. In matters of alleged patient miscommunication, a patient alleges that they were told the wrong clinical information, or were never told the correct clinical information at all.

Although, claims arising from a dentist’s vicarious liability for the clinical error or omission of a staff member may not be very common, dental malpractice claims arise from a patient’s dissatisfaction with staff member interaction. A dental practice owner can manage the risks of staff members by hiring qualified individuals, who can project the desired image of the practice, are well trained, and communicate in a clear manner.

Independent Contractor or Employee: What Every Practice Owner Needs to Know

The IRS will review many factors in order to determine whether a worker is an independent contractor or an employee. Some of the factors include (1) behavioral control; (2) financial control; and (3) the relationship of parties.

In each case, it is very important to consider all of the factors regarding an employment relationship.

Behavioral Control

The factors listed above will show whether there is a right to direct or control how a worker performs their required work. A worker that may be considered an employee when a dental practice has the right to direct and control the worker. The practice does not have to actually direct or control the way the work is performed, as long as the employer has the right to direct and control the work.

For example:

Instructions – if a worker receives extensive instructions on how such work should be performed, then this suggests that a worker is an employee. Instructions can cover a wide range of topics, such as (1) how, when, or where to do the work; (2) what instruments or equipment to use; (3) what assistants to hire to help with the work; and (4) where to purchase supplies and services.

If a worker receives less extensive instructions about what should be done, but not how it should be done, they may be considered an independent contractor. For instance, instructions about time and place may be less important than directions on how the work should be performed.

Training – if the practice provides a worker with training about required procedures and methods, this indicates that the practice wants the work to be performed a certain way, and this suggests that a worker may be considered an employee.

Financial Control

The factors below show whether there is a right to direct or control the business side of the practice.

For example:

Significant Investment – if a worker has a significant investment in their work, they may be an independent contractor. While there is no precise dollar test, the investment must have substance. However, a significant investment is not necessary to be considered an independent contractor.

Expenses – if a worker is not reimbursed for some or all of their business expenses, then they may be considered an independent contractor. Especially, if their unreimbursed business expenses are high.

Opportunity for Profit or Loss – if a worker can realize a profit or incur a loss, this suggests that they may be in business for themselves, and that they may be considered an independent contractor.

Relationship of the Parties

The facts below illustrate how the practice and a worker may perceive their relationship.

For example:

Employee Benefits – if a worker receives benefits, such as insurance, pension, or paid leave, this is an indication that they may be an employee.  If a worker does not receive benefits, however, they may be either an employee or an independent contractor.

Written Contracts – a written contract may show the actual intention of the worker and practice. This may be very significant if it is difficult, if not impossible, to determine the status of a particular worker based on other facts.


Dental offices are now being hit with Ransomware (cyber blackmail). If you own or work in a dental practice, you need to know what Ransomware is, and the ramifications of this serious security breach.
Ransomware Trojans are a type of cyberware that is designed to extort money from a dental office. Often, Ransomware will demand a “ransom” payment in order to release the hijacked dental office software. 

 The hijacking of dental office software can include:

  • Encrypting data and software that is used by a dental practice (Eagle Soft or Dentrix) – so that the dental office can no longer have access any type of patient information
  • Blocking normal access to the entire dental office software

How Ransomware Enters Dental Office Computers

The most common ways in which Ransomware is installed are:

  • Via phishing emails, or
  • As a result of visiting a website that contains a malicious program

After the Ransomware has infiltrated a particular computer or network, they leave a ransom message on the computer screen that demands the payment of BitCon Currency in order to decrypt the files or restore the system to its normal function. In most cases, the ransom message will appear when the user restarts their computer after the entire infiltration has taken place.

In order to keep on top of the latest cyber security breaches, we have taken the intuitive to consult with cyber security forensic experts, in order to assist our dental clients, both before the breach occurs [for preventive measures] and after a breach occurs [to determine the extent of the damages].

If a dental office is infected with Ransomware, a practice could suffer a massive security breach, and be subject to huge HIPAA fines [$100.00 to $50,000.00 per violation, as well as $250,000.00 in criminal fines].

Practice Data Security Policy and Standards

Every employee needs to understand his or her obligation in order to protect patient data. Employees also need clear expectations about behavior when it comes to their interaction with sensitive patient data. For that to happen, every practice should have a data security policy. The policy should outline policies and procedures that help safeguard employee, patient and third-party data, and other sensitive information.

The essential elements that form the foundation of a good privacy plan include:

Safeguard data privacy:

Employees must understand that your practice privacy policy is a pledge to your patients that they will protect confidential patient information.

Establish password management:

A password policy should be established for all employees or temporary workers who have access to confidential practice data.

Govern internet usage:

Most employees use the Internet without the thought of potential consequences. Employee misuse of the Internet can place your practice in a costly position.

Manage email usage:

Many data breaches are the result of employee misuse of email, which can result in the loss or theft of data, and the accidental downloading of viruses or other malware.

Govern and manage practice-owned mobile devices:

When practices provide mobile devices for their employees to use, a formal process should be implemented to help ensure that mobile devices are secure and used appropriately.

Establish an approval process for employee-owned mobile devices:

With the increased capabilities of consumer devices, such as smart phones and tablets, it has become easy to interconnect these devices to practice applications and infrastructure.

Govern social media:

A strong social media policy is crucial for any practice that seeks to use social networking to promote its activities and communicate with its patients.

Oversee software copyright and licensing:

Also, employees should not download or use software that has not been reviewed and approved by the practice manager or practice owner.

Report security incidents:

A procedure should be in place for employees to report malicious malware in the event it is inadvertently downloaded on to practice computers.

Cyber Security for Dental Practices  

The provision of healthcare is changing at a rapid pace as healthcare providers endeavor to maintain maximum efficiency while navigating the technology rich climate. As a result of the reliance on electronic data, dental offices have become vulnerable to cyber security threats. The growing volume and sophistication of cyber-attacks suggest that dental practices will have to grow increasingly vigilant to ward off these threats. A breach of cyber security will inevitably lead to significant expenses, both financial and reputational, which can wreak havoc on a dental practice.

Many dentists believe that cyber criminals are not a threat to their small dental offices. However, when choosing between a large corporation or bank with security teams and firewalls preventing access to databases and a dental office with no firewall or security team, the dental practice will be the chosen target. In fact, many hackers specifically target small dental offices because they believe that the small business may not have the resources for sophisticated security devices and do not enforce employee security policies.

Dental practices are an increasing target for cyber criminals. These offices hold a vast amount of data, including names, health history, addresses, birthdates, social security numbers, and even banking information of hundreds, if not thousands, of patients. The threat of this information being stolen by a staff member or a cyber-criminal is great, and dental practice owners must address this concern before a theft creates a legal nightmare for the dental practice.

Healthcare organizations make up roughly 33% of all data security breaches across all industries and the healthcare industry is the most breached industry in the United States. According to the US Department of Health and Human Services, almost 21,000,000 health records have been compromised since September 2009. It has been shown that human error causes the majority of personal health information data breaches, and that actions of healthcare employees cause 3 times as many breaches as external attacks.

The most common causes of data breaches in healthcare organizations are theft, hacking, unauthorized access or disclosure, lost records and devices, and improper disposal of records. A significant proportion of healthcare breaches are a result of lost or stolen mobile devices, tablets and laptops. In addition, security breaches are not solely inflicted upon the large HMOs, as more than half of all organizations that suffer from security breaches have fewer than 1,000 employees.

The Health Insurance Portability and Accountability Act requires healthcare providers to maintain the privacy of patient health information and to take security measures to protect this information from abuse by staff members, hackers, and thieves. The penalties imposed upon health care providers for HIPAA violations are great. The monetary penalties can range from a fine of $100 to a fine of $50,000 per violation, with a $1,500,000 maximum annual penalty. In addition to the federal penalties, dentists may face penalties imposed at the state level as well as lawsuits filed by disgruntled patients whose health information has been compromised.

It is crucial for dentists to take steps to ensure that their practice is in compliance with HIPAA provisions regarding computer security. Because the majority of data security breaches occur when staff members fail to follow office procedures or exercise poor judgment, the location of computers in the dental office is key. All computers should be placed in areas where the computer screens are not visible to patients and visitors, and encrypted passwords should protect access to each computer. Passwords should contain mixed-case letters and include numbers or symbols and should be changed regularly. In addition, passwords should not be written down under keyboards or kept on desks or surfaces where the public may be able to access them. Dentists should ensure that all staff members understand the importance of maintaining the privacy of patient health information.

Every dental practice should have a policy that includes steps for safeguarding patient information and educate staff members as to how to comply with the office policy. A strict Internet and computer use policy should be enforced that prohibits staff members from checking personal e-mail accounts or visiting Internet sites that aren’t work-related. It is also important that dentists ensure that all firewalls, operating systems, hardware and software devices are up to date, strong and secure and that wireless networks are shielded from public view. Antivirus software should be installed on every computer, kept updated, and checked regularly.

When accessing office data remotely, dentists should use only trusted Wi-Fi hot spots and never use shared computers. Smartphones and tablets should be password protected to prevent easy access to patient information in case the device is lost or stolen. In addition, all hard copies of documents with patient information should be shredded. Finally, to ensure that your dental practice is HIPAA compliant, data transmitted to payers, health plans, labs and other healthcare providers may need to be encrypted to ensure that a hacker will not have access to this data.

Because dental practices are subject to heightened government enforcement and the scope of fines and penalties for data breaches have increased, many dental practices have relied on cyber insurance for protection in the event of a breach of cyber security. These insurance policies cover the cost of investigating a theft, compensate the insured for all state and federal fines and penalties imposed, and fund all related lawsuits and legal fees, thus relieving dentists of the financial and time burdens imposed as a result of the breach in security.

It would be prudent for all dentists to invest in data security and in the proper training of staff members as to acceptable use of office computers. If plans and policies are put in place proactively and steps are followed to ensure HIPAA security compliance, a dental practice should be able to prevent the significant cost and headache involved in responding to a cyber-breach.

If a security breach in a dental office does occur, it is imperative that appropriate action is taken immediately, which includes determining how the breach occurred, and the extent of the security breach. In addition, if a security breach does occur, the owner of a dental practice must be very careful whom they initially contact and provide information to. Any improper or accidental disclosure to a third-party other than legal counsel for the dental practice owner may be subject to the rules of discovery if litigation occurs, which could increase the liability exposure of the practice owner.

Stuart J. Oberman, Esq handles a wide range of legal issues for the dental profession including cyber security breaches, employment law, practice sales, OSHA, and HIPAA compliance, real estate transactions, lease agreements, noncompete agreements, dental board complaints, and professional corporations. 

For questions or comments regarding this article please call (770) 554-1400 or visit

Oberman Law Firm is proud to be a sponso

Oberman Law Firm is proud to be a sponsor of the 2014 AB Cooper Seminar through the North Georgia Dental Society. We look forward to seeing our friends and colleagues at this great event Friday, November 21. If you still need to register visit