10 TIPS FOR DEVELOPING A DENTAL OFFICE EMERGENCY PLAN

ASSOCIATION LEADERSHIP CAN TAKE ON MANY FORMS

Unfortunately, natural disaster and manmade threats, including active shooters, are occurring more frequently throughout the nation. Most people don’t want to entertain the thought of the unthinkable happening; however, threats and responses should be discussed and practiced with dental teams just as they are at schools, places of worship and shopping malls. A frustrated employee or patient could make your office and staff victims of preventable violence or other attacks. Office staff should be informed and prepared with a plan that can be performed faultlessly in the unfortunate event that a nightmare scenario becomes reality.

Following are 10 tips to best protect your staff and your practice during a threat or disaster.

Tips for General Threats

1. Set an emergency action plan (EAP) for your dental office to employ in the case of a threat. Make sure that all staff members are aware of – and fully trained for – the procedures of your office plan. It may be a bit uncomfortable to have these discussions with staff, but not having a plan is no longer a responsible option.

2. Always be aware of your office’s exit locations. Evacuation is the best option in most threat scenarios. Once safe, call 911, and provide as much information as possible including the location, a physical description of the threatening person or people, any weapons involved, the number of potential threats and the number of potential victims at the scene.

3. Help yourself first. Whether or not other decide to follow your offices emergency plan, follow it yourself. Help others, if possible, but secure your safety first.

4. If evacuation is not an option, find a hiding place and put obstacles between yourself and the threat, such as a locked door. Barricade doors with upturned furniture or whatever you can find to add to the obstacles between you and the threat. Try to have an escape route from your hiding place in case it’s needed and remain as quiet as possible.

5. If you are confronted by the threat and feel as though your life is in danger, attempt to disrupt or incapacitate the attacker. Be aggressive, throw any items within reach and use any type of improvised deflector that you can. Commit to your actions and don’t stop until the threat has been immobilized.

Tips for if the Threat is a Patient

6. Try to move the patient away from public space. Ask the patient to move into a consult room or private office.

7. When the patient is speaking to you, do not speak until he or she is finished. Be sure to allow the person the time and space needed to feel heard, do not interrupt; and only speak when you’re absolutely sure the patient is finished or asks a question for you to answer.

8. When it is your time to speak, focus on empathy. Connect with the patient and try to understand the person’s frustration in order to see the issue from their perspective. Do not shout the person down or try to rationalize with them, simply make him or her feel heard.

9. Make notes about all the information the person tells you. Not only will this give you a chance to document the scenario but it also assures the patient that you’re taking his or her concerns seriously. Show the patient the notes you took and ask if anything should be added. Explain to the patient that you will investigate the problem and respond as soon as you’re able. Review all of the facts of the situation from an objective point of view and then follow up with the patient in the timely fashion.

10. If all of the above tips do not help to diffuse the angry patient and the person threatens or becomes violent, contact local law enforcement immediately and follow through with your emergency plan.

Threat situations can be chaotic and unpredictable, which is why it’s important to have a plan in place. In some instances, law enforcement will need to be immediately dispatched so they’re able to quickly get control of the situation.

Ensure all building exits are marked and have an evacuation plan in place with a central meeting location to account for all staff member. Implement an emergency notification system so all staff members are on the same page during a disaster and use code words during emergencies to prevent patients from panicking. Ultimately, being prepared is the first step to protecting your staff and your practice from threat and disasters. If the unthinkable happens, you and your team will be ready.

An EAP (Emergency Action Plan) will help your staff respond efficiently to unplanned events ranging from violent threats to fires and other natural disasters. Learn more about creating an EAP for your practice through the U.S. Department of Labor at dol.gov or the Occupation Health and Safety Administration at osha.gov. Ready.gov has information about how plans for disasters and emergencies ranging from severe weather to chemical emergencies and more. Also, find the Federal Bureau of investigation’s guide to active shooter planning and response for a health care setting at bit.ly/2QSIP7R.

Shey Loman Today’s FDA

ARE CREDIT CARD FEES AFFECTING YOUR BOTTOM LINE?

Expert Offers Tip For Minimizing Fees

ARE CREDIT CARD FEES AFFECTING YOUR BOTTOM LINE? EXPERT OFFERS TIP FOR MINIMIZING FEES

It’s no surprise to small business owners that more and more consumers are paying for goods and services with debit and credit cards rather than cash.

And data from the Federal Reserve show that cash payments in 2020 declined sharply among consumers in every age group, and especially in two groups that consistently made the highest share of cash payments — those aged 18-24 and those age 65 and older — due in part to making fewer in-person purchases during the height of the pandemic.

It's no surprise to small business owners that more and more consumers are paying for goods and services with debit and credit cards rather than cash.

and 3- to 4-digit card security code whenever possible. This is an anti-fraud check and if it passes you get a lower rate than if you don’t put in info or have the wrong info for the cardholder.

Dental offices have long accepted card payments to boost sales, improve cash flow and offer convenience to patients. But, without a vigilant management strategy, credit card processing fees can add up and affect your bottom line.

3. Encourage patients to use a debit card instead of a credit card and avoid insurance payments made on credit cards. Since different cards run at different rates, any patient payments made with a debit card (no PIN required) should result in substantially lower fees than credit cards. On the other end of the spectrum, insurance payments made by credit card tend to be the most expensive types of cards.

“The first thing every practice should do is calculate its effective rate,” said Phil Nieto, president of Best Card, a company that provides credit card processing solutions to thousands of dental offices and is endorsed by ADA Member Advantage.

“The first thing every practice should do is calculate its effective rate," said Phil Nieto, president of Best Card, a company that provides credit card processing solutions to thousands of dental offices and is endorsed by ADA Member Advantage.

“Your effective rate tells you your total average cost to run cards,” said Mr. Nieto. “It’s easy to calculate. Grab your latest monthly statement and divide the dollar amount of processing fees you were charged by the total amount of monthly sales. Based on our 2022 comparisons, the average rate dental offices pay is 3.38%, but you should be shooting for a rate closer to 2.12.2%.” For example, if your office paid $1,027.45 to run $37,355.25 in card sales, your calculation would look like this: $1,027.45 ÷ $37,355.25 = 2.75%.

“Your effective rate tells you your total average cost to run cards,” said Mr. Nieto. “It’s easy to calculate. Grab your latest monthly statement and divide the dollar amount of processing fees you were charged by the total amount of monthly sales. Based on our 2022 comparisons, the average rate dental offices pay is 3.38%, but you should be shooting for a rate closer to 2.1-2.2%.” For example, if your office paid $1,027.45 to run $37,355.25 in card sales, your calculation would look like this: $1,027.45 ÷ $37,355.25 = 2.75%.

Credit card processing fees can be complicated and confusing, which is why Best Card offers a free savings analysis to help explain your current fees and potential savings. Just email a recent credit card processing statement to compare@bestcardteam. com or fax to 1-866-717-7247. In 2022, Best Card helped 96% of practices pay less than their previous fees and the average savings per practice was more than $5,500.

“We switched to Best Card in May of 2020, after learning of the ADA endorsement,” said Prabu Raman, D.D.S., a general dentist in Kansas City, Missouri. “The transition was so easy and painless, and we are saving over 50% on our credit card processing fees each month. Saving is one thing; their customer service is beyond my expectation … We highly recommend that you see what Best Card can do for your practice.”

Is your effective rate too high? There are a lot of different factors that affect how much you might be paying in fees, and processors can add or raise fees anytime if they provide you with a 30-day notice in small print at the bottom of your monthly statement.

“Changing providers or renegotiating can be ways to save a lot, but once you have a great deal, there are also some steps you and your staff can take to bring your costs down," Mr. Nieto said.

“Best Card is hands down the best service for the best price of any credit card processing company I’ve dealt with in the last 20 years,” said Shaun Christensen, D.M.D., a general dentist in Nampa, Idaho. “My credit card fees are half of what they used to be. What really sold me was that their software works directly with my dental software ... easy for my staff and easy on my wallet. Win-Win.”

“Changing providers or renegotiating can be ways to save a lot, but once you have a great deal, there are also some steps you and your staff can take to bring your costs down,” Mr. Nieto said.

1. Accept payment directly from the patient in person via chip, contactless, or swipe whenever possible to get a lower rate than when keying in those same cards. Because there is less risk of fraud with the patient and card present, lower fees are charged.

2. If you are going to manually enter a card number or have a patient pay online, make sure to include the 5-digit ZIP code

“Switching to Best Card was one of the best things I have done in a long time,” said Ron Lee, D.D.S., a general dentist in Colleyville, Texas. “I’m saving thousands of dollars every year, and as my father-in-law once told me, ‘It’s not how much you make, but how much you keep.’ So, thank you Best Card for helping keep more of my money, while providing amazing customer service.”

For more information, visit www.bestcardteam.com/ada-member-advantage

While no one likes to think about it, things do happen and it’s always important to be prepared.

Knowing your practice’s value can make the difference between selling your practice or having it become unsellable. That is why practice owners should have an up-to-date practice valuation.

Whether you are anticipating selling your practice and planning for retirement, recruiting a new associate who potentially may become a partner, or preparing for the unexpected, there are many reasons to have a current practice valuation.

A Henry Schein Dental P r actice Transitions valuation considers both tangible and intangible assets of the practice and can provide the many key factors which inﬂ u ence the practice’s value.

To get started on your practice valuation or schedule a complimentary, confidential consultation, contact me or scan the QR code!

Jeff Harmon Transitions Sales Consultant 801-319-4161

Jeff.Harmon@henryschein.com n PRACTICE TRANSITION PLANNING n SALES & VALUATIONS n BUYER REPRESENTATION

HOW DOES HIPAA AFFECT THE WAY I MANAGE PATIENT INFORMATION?

If a dental practice meets the HIPAA definition of a “covered entity” or “business associate,” the dental practice must be in compliance with the four HIPAA rules or it risks substantial penalties. There is also a risk of reputational harm, since the federal government makes public certain data breaches and violations through online postings and media releases. A dental practice that has agreed contractually to comply with HIPAA (for example, in a participating provider agreement) risks liability under the contract for failure to comply.

The Four HIPAA Rules

Dental practices that are covered by HIPAA must comply with the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, and Enforcement Rule, and also with applicable states laws that are more stringent than HIPAA. Some of the requirements of the various HIPAA Rules overlap. For example, the Privacy and Security Rules both require a covered dental practice to designate personnel to be responsible for certain HIPAA-related tasks, to have written policies and procedures in place, to train workforce members and document the training, and to apply appropriate sanctions if a workforce member fails to comply. Both the Privacy and Security Rules require compliant written agreements with “business associates,” which are generally defined as outside entities and individuals who create, receive, maintain, or transmit patient information and when doing something for or on behalf of the dental practice.

Here are examples of requirements in each of the HIPAA rules: The Privacy Rule applies to patient information in any format, such as electronic, hard copy, (e.g. paper, films, and other physical items), and spoken. It also:

• Gives patients certain rights over their information, such as the right to see information and obtain a copy, the right to an accounting of disclosures of their information, and the right to ask for changes to the information. Each of these rights has certain limitations.

• Tells a covered dental practice when HIPAA permits patient information to be used or disclosed without getting the patient’s written authorization.

• Includes certain other standards and requirements to protect patient privacy, such as the “minimum necessary rule,” which, with limited exceptions, require (1) using, disclosing and requesting the minimum amount of patient information necessary for the purpose of the use, disclosure or request, and (2) identifying which workforce members (or categories of workforce members) require access to which categories of patient information, and making reasonable efforts to limit access accordingly.

The Security Rule applies only to electronic patient information. The Security Rule requires covered dental practices to assess the risks to the confidentiality, integrity, and availability of patient information and document the risk assessment, and to update the risk assessment as appropriate (for example, when the dental practice buys new technology or learns of a new risk.) The dental practice must implement risk management to bring the identified risks to an acceptable level. The Security Rule also requires covered dental practices to have certain specific safeguards in place to protect electronic patient information. The safeguards are not technology-specific, and are flexible and scalable to a certain extent.

The Breach Notification Rule requires covered dental practices to notify affected individuals, the federal government, and in some cases the media, of a breach of unsecured patient information, unless the dental practice can demonstrate that there is a low probability that the information is compromised by performing a written analysis of all relevant factors, included four required factors: i. The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of reidentification ii. The unauthorized person who used the protected health information or to whom the disclosure was made iii. Whether the protected health information was actually acquired or viewed; and iv. The extent to which the risk to the protected health information has been mitigated.

Many states have adopted breach notification laws that may impose obligations on dental practices whether or not the dental practice is covered by HIPAA, and whether or not the breached information is patient information. For example, a state breach notification law may apply to a breach of a name and Social Security number that a dental practice has collected from an employee. Some breaches may require notification under both HIPAA and state law.

The Enforcement Rule contains provision relating to government investigations, penalties for HIPAA violations and procedures for hearings. For example, the Enforcement Rule requires covered dental practices to cooperate with investigations and compliance reviews, and to permit the U.S. Department of Health and Human Services (HHS) to access to the dental practices facilities, books, records, accounts, and other sources of information, including patient information, that are pertinent to ascertaining compliance with HIPAA.

A Dentist’s Guide to the Law: 246 Things Every Dentist Should Know

Page 89

WHAT ARE THE PENALTIES FOR VIOLATING HIPAA?

HIPAA violations can result in civil penalties and in some cases, criminal penalties. There are four tiered ranges of civil penalties. The lowest tier is for violations where the dental practice did not know, and by exercising reasonable diligence would not have known, that the dental practice was in violation of HIPAA. Penalties in this tier range from $100 to $50,000. The highest tier involves willful neglect that is not corrected within 30 days. Penalties in this tier can start at $50,000. There is a maximum penalty of $1.5 million for all violations of an identical provision during a calendar year.

In most cases, the maximum penalty amount will not be imposed. Instead, the government will determine the amount of a penalty on a case-by-case basis, depending on the nature and extent of the violation and resulting harm, as well as other aggravating and mitigating factors, which are listed in the HIPAA regulations at 45 CFR 160.408, available online (see ECFR in Related References and Resources).

Examples of the factors include the number of individuals affected, the harm caused to the affected individuals, and the size of the dental practice.

A HIPAA violation can also result in criminal penalties.

According to the U.S. Department of Health and Human Services Office for Civil Rights (OCR):

A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm. The Department of Justice is responsible for criminal prosecutions under the Privacy Rule.

A Dentist’s Guide to the Law: 246 Things Every Dentist Should Know

Page 10

2023-2024

Upcoming University of Utah, School of Dentistry

Continuing Education Lectures:

September 8, 2023 all-day event 8:30 am- 4:00 pm; The 5th Annual Lynn Powell Lecture Series: Hit Me With Your Best Shot and Is The ‘Mandibular Block’ Passe?

Featuring: Stanley F Malamed, DDS

October 19, 2023 6:30 pm – 9:00 pm: Implants (Part I) Site Preparation and Placement

Featuring: Chanook David Ahn, DMD

November 16, 2023 6:30 pm – 9:00 pm: Implant (Part II) Restoring Implants

Featuring: Jonathan M. Rasmussen, DDS, MS

January 18, 2024 6:30 pm – 9:00 pm: Oral Medicine

Featuring: Audrey L. Boros MSc., DDS

February 15, 2024 6:30 pm – 9:00 pm: Oral Cancer, DX, TX, and Maintenance

Featuring: Michael Gladwell, MD, DMD, FACS, and Rhet Tucker, DMD, FACP

March 21, 2024 6:30 pm – 9:00 pm: Geriatrics

Featuring: Bonnie Lederman, DDS, BS

April 19, 2024 ½ day morning 8:00 am -12:30 pm: Dental Sleep Medicine

Featuring: Jamison Spencer, DMD, MS

Questions:

Karin Mishler, Karin.mishler@hsc.utah.edu 801-587-2023

Jerald Boseman, Jerald.Boseman@hsc.utah.edu 801-587-2246

WHAT DO I HAVE TO DO IN ORDER TO COMPLY WITH HIPAA’S PRIVACY RULE?

Some of the key requirements of the Privacy Rule are:

• Designate a “privacy official” for your dental practice.

• Develop and implement appropriate written privacy policies and procedures.

• Have in place appropriate administrative, technical and physical safeguards to protect the privacy of patient information in all formats (e.g. electronic, paper, and oral).

• Develop the necessary documents, such as the Notice of Privacy Practices (NPP) and business associate agreements.

• Provide you NPP to patients on their first visit, and prominently display your NPP in you office and make copies available to patients upon request. Make the NPP available through your dental practice website if you have one.

• Obtain written patient authorization in the required format prior to any use or disclosure not permitted by HIPAA.

• Respond appropriately if a patient exercises his or her right under HIPAA; for example, by requesting an accounting of disclosure, access to records, an amendment to records, confidential communications, or restricted disclosure. Each of these patient rights has certain limitations and requirements.

• Adhere to HIPAA’s “minimum necessary” rule. When patient information must be used, disclosed or requested, limit the information to the minimum necessary for the purpose of the use, disclosure or request (the minimum necessary rule does not apply to disclosures for treatment purposes.) Identify workforce members, or categories of workforce members, and the patient information it is appropriate for them to access, and make reasonable efforts to limit access accordingly.

• Implement reasonable safeguards to limit incidental uses or disclosures of patient information that result from any use or disclosure permitted under the Privacy Rule. An example of an incidental exposure is a visitor hearing a treatment-related conversation between dentist and patient.

• Train your staff about your office’s privacy policies and procedures, and document the training. Apply appropriate sanctions for violations of your policies and procedures, and document any sanctions applied.

• Enter into a compliant business association agreement with each of your dental practice’s business associates.

• Maintain documentation of HIPAA compliance for the time period required under HIPAA. Each document must be retained for at least six years from the date the document’s creation, or at least six years from the date when it is no longer in effect, whichever is later.

NOTE: Keep in mind that HIPAA’s privacy rule covers more than just the traditional written patient record. It extends protection to information about the patient, including demographic information, that identifies (of that could be used to identify) the patient and that pertains to the patient’s past, present, or future:

• Physical or mental health

• Health care

• Payment for health care

This can include records such as patient charts and billing records and includes information in any format, such as paper, photos and films, oral information and electronic information.

A Dentist’s Guide to the Law: 246 Things Every Dentist Should Know

Page 90-91

Co-Sponsored by The Utah Dental Association