Quantcast
Channel: Justin Shafer
Viewing all 123 articles
Browse latest View live

Chocolate from Norway!

December 22, 2014, 5:38 pm
Search

Open Dental 15.1 is in development!

December 31, 2014, 7:08 am
$
0
0
http://www.opendental.com/manual/version15_1.html

Version 15.1 is under development but not yet released.  As features are completed, they will be added here.
Web Sched:  New eService allows patients to schedule recall appointments online.
E-mail:  Send and receive encrypted e-mail.
Portal:  Enhanced user interface.  View patient payments and statements. 
Reports:  Improved backend for many reports using the complex report system.  Daily Payment report can be sorted by insurance payment type.
Minor Changes:
New WebMail button in the toolbar.
Database update security enhanced.
Enter an original date estimate for a prosthesis on 5010 claims.
Enhanced notification when eRx prescription information fails to update.
New tool to change secondary provider.
Sort the Payment report by payment type.
EmailSend and WebmailSend security permissions allow/block users from sending unsecure email.
UserQueryAdmin security permission allows/block users from running SQL commands.
Assignent of Benefits (InsPlanChangeAssign) security permission.
Import of 2015 CPT codes allowed.
Code system importer reports how many codes downloaded.
Wiki List revision history.
Font button added to Wiki Edit window.
Primary and secondary insurance carrier automatically updated when appointments created or insurance plan is dropped or added.
New filter for the confirmation list only shows appointments scheduled more than two months from the list start date.
Send Claims window loads more quickly.
Filter sent and received claims on the Send Claims window.
EHR summary of care is automatically sent to the patient portal when a patient is referred to another provider.
Electronic Dental Society (EDS) clearinghouse.
SMARTDent bridge.
Panoramic Corp bridge.
Bridge to Office documents.

Springfield doctors office broken into and computers stolen

January 23, 2015, 10:11 am
$
0
0
Springfield doctors office broken into and computers stolen
POSTED: 06:59 PM CST Jan 22, 2015 





SPRINGFIELD, Mo. -

A theft of computers at a Springfield doctor's office poses many questions about a patients personal information.



Such a crime would typically have patients worried the security of their medical records, but not so in this case.

Yung Hwang says he loves his patients and loves the community here in Springfield.

Hwang is old school in the sense that he still files information about his patients on paper, yes paper.

That traditional practice could be what saved some sensitive information from getting into the hands of crooks when they recently went through the exam rooms and his office.

"Three things missing, two lap tops and one Apple iPad, those contain lots of personal information and the email but more then a thousand emails, and all the documents that I present to Korean war veterans at the time was all there, pictures, those are all gone," says Dr. Yung Hwang.

He says police asked him how many people have keys to his office since the front door was not broken or busted.

He says he trusts all four employees he works and has no reason to question their integrity.

Hwang says he's been in this office for more than 10 years and he says he’s never had anything like this happen before, he says he and his office are still in shock.

"I feel like I have been violated…I been so lucky that everybody, my patients or whatever feel to me is very kind to me and they support me always," says Hwang.

Hwang says he doesn't plan on pressing charges if the thieves are caught, he says he just hopes whoever did this found what they were looking for and won't have to do it again.

Most doctor offices today have electric filing.

Medical experts say you should talk with your doctor to find out how they store your medical records and what they do to prevent sensitive records from being stolen or shared.

Copyright © 2015, KSPR News

Downgrading Dell OEM Windows 8.1 to Windows 7

March 20, 2015, 12:59 pm
$
0
0
That was scary. I had an office in LA buy some workstations, and I flew out to install them. They were downgraded from Windows 8.1 to Windows 7 64bit through the dell website, so the computers arrived activated, with Windows 7 64 bit.

Problem? The office ended up having Dentrix Image.. bom bom bom. I thought it was Dexis.

No matter. So I got out my standard Windows 7 OEM 32 bit Professional DVD and installed it on all the computers. I knew I would run into an OEM CDKEY conflict with this, and worse, I don't have a product key since all the new dell computers have the Product Key for Windows 8 and 7 in the BIOS SLIC Table, encrypted.

Dell offered to send me a DELL Windows 7 32 bit DVD that is compatible with dell oem cdkeys encrypted in the bios, but I have been flown from Dallas to LA so that is not going to help.

After calling Dell and Microsoft and reading a lot of blog posts.. I thought about Windows Loader and how it can easily change the OEM Product Key and then create a virus to mimic the SLIC table in the BIOS,

Since my key is already in the bios, I should be able to just change my OEM info in Windows.


AND I DID.
Find a file on the internet called DELL-DD981F15.xrm-ms  I used this link:
http://ny.wodemo.com/browse/308988/SLIC22/DELL-DD981F15.XRM-MS

Install it like so in elevated command prompt:
slmgr -ilc C:\Path\To\File\DELL-DD981F15.xrm-ms
This command enters the new Dell OEM Product ID Certificate, and automatically reads the BIOS and if they match...

Windows should be activated!


DEXIS - Made their downloads section available!

March 21, 2015, 3:08 am
$
0
0
I guess in an effort to be nicer to Dentists, Dexis has made their downloads section available without a password that changes every day. Used to the office would have to be on support just to gain access to downloads.


www.dexis.com/downloads

Dentrix Image 5.1 is in there, so if you have 4.5 and you want to upgrade, you should.

And then UPGRADE TO DEXIS!!!! (OMG) Anything but Dentrix Image!

Call your local Schein sales rep.

Except I can't get anyone to call this one office in Keller. And they are willing to buy it, if someone would just sell it to them..... I have called Schein about 3 times.

Dentrix Image 4.5 AND 5.1 Installation on Windows 2012 R2 Notes:

April 25, 2015, 6:57 pm
$
0
0
Want to run Dentrix Image 5.1 on Windows 2012 R2 without virtualizing????

Here is some FYI:

I used another method, but it broke 2 weeks later when the doctor rebooted.... So... Here is what I found out:

Dentrix Image 5.1 will install correctly if Dentrix has been installed to C:\, but not D:\.

I tend to install Dentrix in D:\Program Files (x86)\Dentrix

If you create a symbolic link from D:\Program Files (x86)\Dentrix to C:\Program Files (x86)\Dentrix then the installation will go much smoother, you will also have to change HKLM\Software\WOW6432Node\Dentrix\General and HKCU\Software\Dentrix\General  and change the executable path to  C:\Program Files (x86)\Dentrix

Then you should be able to install Dentrix Image 5.1, and you are going to have to leave it this way. Be sure to tell your backup software to exclude C:\Program Files (x86)\Dentrix.

If you have borked your installation like I did, (Doc won't spend the 7K on Dexis 10) then I ALSO had to delete the service name for "MSSQL$VIPER" with sc command, install SQL Server 2005 Express with an instance name of VIPER and then uninstall it.

Then deleted the  C:\Program Files (x86)\Microsoft SQL Server folder after uninstalling all things related to SQL 2005.

Then I installed Dentrix Image successfully.

Then I used corflags to set the 32bit flag on idbadmin.exe.

Tried to initialize, and I failed with idbadmin


My ViperData was not attached, so I attached it. Reinstalled Image again, this time the database and sql server were unchecked, proceeded to install.

Tried to initialize again. Failed.

I also had an MDF and LDF problem (log file grew too large) so I deleted it and added it just the MDF file to the SQL Server, then had to "manually initialize the database".

Reinstall Dentrix Image 5.1 again, same thing.

Then idbadmin passed.

Rebooted. It works. Slow though, I then went back into SQL Server Management Studio 2005 X64 and changed the database properties for Viper and ViperData to not auto shrink, then used the idbadmin tool and optimized the database 5 times, (each time your ViperData.LDF file will grow, and for some reason Image increases in speed) This was true in 4.5, but 5.0 and 5.1 introduce auto shrink.

Everything was working at this point, except Viper.exe would not run, but I could see thumbnails in the chart, on the server. I reinstalled VS C++ 2005 redistributable along with VS2008 and then Viper ran!

And that is where I am now.

Not supported by: Microsoft, nor Dexis. =)


UPGRADE TO DEXIS 10!!!!!!
=================================================================
06-20-2015

To install Dentrix Image 4.5 on Server 2012 R2 Notes.

1. Replace MSSQL 2000 MSDE SP3a with Sp4 in the installer package!
2. Use the mklink command to create a symbolic link from D:\Program Files\Dentrix to C:\Program Files (86)\Dentrix
3. Change the registry for Dentrix to show it is installed in C:\ instead of D:\
4. Install Dentrix Image 4.5, make sure you install on C:\, make sure the ViperData and Viper database are attached if not use Microsoft SQL Studio Management 2005 to attach the databases.
5. Be sure the SQL Browser Service is launched with a local Administrator Account, this happens if you have SQL 2005 Server installed at the same time (Guru). This will let clients actually find the database server.
6. Be sure to use Dentrix Image 4.5 CU7


Earning Patient Trust Crucial to Health Care Reform

April 30, 2015, 10:19 am
$
0
0
Great article.


Earning Patient Trust Crucial to Health Care Reform

Patients are understandably anxious, if not downright fearful, about how their personal medical data is handled and shared, yet health care transformation is contingent on earning their trust. 
Maintaining privacy in health care used to be relatively straightforward. As a physician, I was bound by doctor-patient confidentiality. This gave my patients the confidence that they could share with me intensely personal information. Security focused on limiting access to paper charts. Breaches typically involved only a handful of individuals.
Now, in an era of electronic health records (EHR) and clinical data warehouses, consumers’ confidence in the security of their data continues to be shaken. From lapses in protocols to sophisticated cyber attacks, the public is confronted with exposure on a massive scale. The value of health care data on the black market is even beginning to exceed that of financial data, as scammers and hackers can use information about individuals’ physical characteristics to steal identities. The information that comes with a person’s medical identity is also more difficult to move back into the private realm once it leaks to the public.
Some of this news could not come at a worse time. The future of health care depends on secure flow of information. Nearly every major delivery reform, from value-based care and population health to personalized medicine and use of real-world evidence, relies on data and the willingness of those who have it to share it. The ability to better serve individuals depends on the health care industry’s ability to view its data in aggregate.
Compounding the problem is the awareness that our overall privacy–not just health privacy–is slowly eroding. A casual glance at online ads reveals how quickly your consumer data gets shared, but technology has taken us well beyond that. Last year, while participating in a conference on privacy in Abu Dhabi, one of the speakers asked, “Who knows you’re here?” The list grew rapidly: my office, the airline, customs and immigration, the hotel, the taxi company, the coffee shop, my cellphone carrier, the conference center, and the owners of the literally thousands of security cameras I’d passed during my trip. Add notes to family and friends along with followers on social media, and it was clear that the record of my trip had been broadly dispersed.
As we sit on the cusp of the era of big data in health care, there are several important things to consider:
  • Health data concerns are different. While the loss of financial information can be distressing, the impact can usually be mitigated and consumer liability is often limited. By contrast, disclosure of certain medical information can be devastating with far-reaching consequences. In addition, breaches and misuse can introduce inaccuracies into a medical record, potentially impacting patient safety.
  • Privacy preferences fall along a continuum and vary even within individuals depending on the topic. While many consumers may freely share certain health information for clinical research, on social media, and with disease-specific websites, they fiercely protect other personal health data. As we strive to gather more data to advance health care, the tension between the need for individual privacy and knowledge for the greater good is only going to increase.
  • The industry has a communication challenge. Do your own survey and ask some friends, “What are the risks of having your medical information stored electronically?” Once they have talked your ear off about identity theft, discrimination, and even extortion, ask them, “What are the benefits?” Having done this many times myself, I’ve found that few have a compelling answer. While we have invested heavily in EHRs and health information exchange, we have done little to educate the public whose data may be at risk.
These are extraordinarily complex and highly personal issues that sit at the intersection of science, law, ethics, and technology. Solving them may begin with establishing a firm foundation that addresses the pervasiveness of cyber risk and ensuring an organization’s strategy is secure, vigilant, and resilient. This strategy might include:
  • Performing a risk review of the full health information supply chain of an organization
  • Articulating the organizational vision for security and privacy
  • Capturing policies and processes in an organizationwide plan that also includes business associates
  • Investing in and implementing a security and privacy program that includes continuous monitoring and updating.
Change happens at the speed of trust. The need to transform health care is clear and the goals set are ambitious. However, progress will depend upon a public that is informed and confident that the industry will be a trustworthy data steward.
—by Harry Greenspun, M.D., director, Deloitte Center for Health Solutions, Deloitte LLP

Curve Dental offers 2D pano support via Twain.

May 26, 2015, 6:38 pm
$
0
0
We are super pleased to announce that Curve Capture (our native digital imaging module) is now fully compatible with the following TWAIN devices for 2D imaging:
·  Carestream:
oCS 8000C Digital Panoramic and Cephalometric System
oCS 8100 Digital Panoramic System
oCS 9000 Extraoral Imaging System
oCS 9000C Extraoral Imaging System
oCS 9300 System
·  Planmeca:
oProMax 2D S2
oProMax 2D S3
oProOne
·  Sirona:
oORTHOSPHOS XG 3
oORTHOSPHOS XG 5
oORTHOPHOS XG 3DReady
Does Your Practice have One of These Devices?
Call our customer service team and we'll assist you in connecting your pan to Curve Capture. In short order you'll be capturing pans directly to the cloud. Call us at 888-910-4376 option 3 to reach our customer service team. You can view all of our compatible devices on our website.

Don't have Curve Capture?
Curve Capture allows you to capture digital images from a number of different devices (intraoral cameras, x-ray sensors, pans, and other devices) directly to the cloud. Curve Capture is software native to Curve Hero--it's not an integration nor a bridge. Visit our website to learn more or Call Tina Cook at 888-910-4376 x2004.

Many thanks to you and your practice for choosing Curve Dental to help you manage your practice. We sure do appreciate it! If we can be of any service we invite you to call and let us know.
Best wishes,
Team Orange


Curve Dental Logo
=====================================================================
http://www.curvedental.com/dentist-imaging-software-system

Search

Fixing the Dentrix Appointment Book Refresh

May 30, 2015, 11:37 am
$
0
0

Fixing the Dentrix Appointment Book Refresh


If you have Dentrix 11 through G4:
First it is best to use a Blank Dentrix Database or the Tutor Database and replace 6 files in your database. Comm_Dat.Dat, Comm_Dat.Idx, DataLok.Dat, Datalok.idx,  Netid.Dat and Netid.idx in your actual Database. Then you should use the maint.exe (or rename mu.dtx to maint.exe) and reset the Network Station IDs... If you still have problems then run regedit.exe and change your StationID to zero. Then run the appointment book and you should be assigned a new StationID.







For Dentrix G5 through G6:
Instead of replacing 6 files you can just replace 4. Comm_Dat.Dat, Comm_Dat.Idx, Netid.Dat and Netid.idx are the files, and the Dentrix ACE Database service should be stopped when you replace the files. Startup the Dentrix ACE Database service. Then you want to run Maint.exe and reset the Network Station IDs and Communication Fles.

Dentrix G6 seems to no longer use the registry for the StationID. Haven't messed with G5. Be sure to test appointment book refresh with appointments in the future, not from the past.

Fixing the I-Cat Cobra Service

May 30, 2015, 11:43 am
$
0
0

Fixing the ICat Cobra Service


My friend Richard Andrews came across this and I want to share it. There is an office with an I-Cat and on the second time of taking a conebeam the Cobra service would crash. I-Cat tech support spent quite a bit of time on this, and could not fix it. They wanted the doctor to get back on a support agreement, and replace the computer for around 20K.

I-Cat kept saying it was third party software installed on the I-Cat Server and they were right! The old IT guys had installed VNC Server on the I-Cat and eventually the ports were conflicting with Cobra. Rich uninstalled VNC and it worked like a champ!





Great work Rich.
http://www.onsitepc.us/




I finally got to see Apixia

June 7, 2015, 8:35 pm
$
0
0
Yep. I used Apixia remotely, to setup some intraoral cameras. The office was using them with Open Dental and I asked what Imaging software she uses for x-rays.

The answer?

Apixia!!!!

For those who have never heard of Apixia, they sell low cost x-ray sensors and phosphor plate scanners. Image seemed diagnostic to me. She had a phosphor plate setup.

So next came the test: Can it handle Chinese Intraoral cameras? It should..... They ARE asian.

And!!!

It worked with the MD-740 and DY-50 cameras (Empia 2580 UVC) and it worked with the MD-960U (Empia 2860). It just did. I didn't have to configure a thing, and the snapshot buttons.. just worked. That means it can handle Still Pin cameras AND it can handle the Empia 2860.

Pretty impressed! Bridges with Open Dental nicely (What doesn't?)

http://www.ebay.com/itm/Apixia-Dental-Digital-Imaging-Sensors-Radiography-Rvg-System-Sensor-Size-1-/291238582796 $2750.00!!!!! Say what you want, but that is... very affordable.

http://www.apixia.net/html/front/bin/ptlist.phtml?Category=313357

They even offer the Apteryx Data Grabber! And of course, Apteryx can work with Apixia hardware.
http://www.apteryx.com/apteryx-updates-site#A



Using VMWare VCenter Converter as Scheduled Disaster Recovery

June 20, 2015, 7:16 pm
$
0
0
I really like VCenter Converter, and I thought I would put together a system as using it in a schedule to backup a physical server to a virtual server that can be used in VMWare Workstation, but on a schedule. VCenter Converter does not allow you to use the scheduling features unless you are backing up to VSphere as a destination, but here is a way to do it with VMWare Workstation with the Windows Task Scheduler! VCenter Converter is Free!

This will allow you to have inexpensive Disaster Recovery. By no means is this better then having actual snapshots, but... it will work, and does have an odd and even rotation, or more.


VMWare Workstation Ready to Power on the Virtual Server:



The main ingredient is AutoHotKey. You can create an AutoHotKey Script to load VCenter Converter, and run a new Task when the script is loaded. Mouse and Keyboard simulation is used to achieve this. That means that the desktop resolution (at least for me) must always be 1024x768 with the script I created for a doctor. This script is meant to backup to a fileshare over a network, and can be ran daily. For some people their server has almost two 2TB of data, and this script would probably be best to be ran on the weekend, but for this office It has around 200GB so this will suffice as a daily disaster recovery task.

The script itself can be downloaded here if you want to see an example:
http://www.onsitedentalsystems.com/DisasterRecoveryVCenter.ahk

I have this setup to run as an executable file at 6:30pm Monday thru Friday.

But wait, there is more!
Question:
What if the server is locked at a Control-Alt-Delete Screen or no user is logged in?
What about backing up the Virtual Machine to Odd and Even?
Answer:
I use SyncBack Pro to backup the Virtual Machine to an Odd and Even Folder.
C:\Virtual Machines\Server corresponds to :
C:\Virtual Machines\Server\Backup\Odd
C:\Virtual Machines\Server\Backup\Even
This scheduled task runs at 10:00am Monday thru Friday
Next:
I have the computer hosting the VMWare Workstation automatically run Remote Desktop and login to the Physical Server at 6:27 so that way there will be a Desktop for AutoHotKey and VCenter to run on, EVEN if both the Server and the computer hosting VMWare Workstation is both locked to a control-alt-delete screen. Right before it does it deletes the folder:
C:\Virtual Machines\Server to make room for the next backup and to satisfy VCenter
Example Batch File:
http://www.onsitedentalsystems.com/LoginToServer.txt

Disaster recovery for Dentrix, Open Dental, Eaglesoft, and everything else.

Great for the computer running VMWare Workstation and hosting the fileshare. Keep them logged in: http://www.logonexpert.com/

Hey, Texas Dental Association. (I told you so)

August 6, 2015, 7:34 pm
$
0
0

Hey, Texas Dental Association. (I told you so).

Aug 6, 2015
“Security breaches soar for electronic medical records,” by Paige Winfield Cunningham was posted today in the Washington Examiner.

http://www.washingtonexaminer.com/security-breaches-soar-for-electronic-medical-records/article/2569646

“Security hacks of electronic medical records have more than doubled this year, costing the healthcare system $50 billion, according to a new report from the American Action Forum.”
In 2009, my unpopular warnings of the growing cost and danger of electronic dental records were anonymously censored by the Texas Dental Association. Within a year, my membership was suspended for vague, “unprofessional behavior,” allegedly exhibited in comments that are still posted somewhere on the internet.

Throughout the whole TDA judicial process, not one official was obligated to reveal an example of my “unprofessional” behavior: My opinions on which the TDA Judicial Committee’s secret verdict was based. When I asked the TDA President at the time, Dr. Matthew Roberts, the reason behind my banishment from the TDA/ADA, all he could give me was, “You know what you did.” When it came down to it, he had nothing… Right, Matt?

Unlike the secret, but public, evidence the TDA Judicial Committee used to kick me out of the Texas Dental Association, The message containing Dr. Robert’s irresponsible response to a dentist he harmed is available upon request.

You still owe me $200 in prorated dues, damn it!

D. Kellus Pruitt DDS ​

====================================================================

I would have to agree with Dr. Pruitt.

-Justin

http://www.crockettdental.com/meet-the-team/



DigiDoc Camera Helper Service

August 25, 2015, 4:12 pm
$
0
0
I wrote this just to help out a client. They really need to get new USB Hubs. DigiDoc recommends using certain USB Hubs and not everyone does.

What happens is, if you use a hub that may not have a good chipset inside, the capture button service (NET Service 1.02) might stop working, and needs to be restarted.

This is more or less a bandaid. If you hold down the F6 key for 3 seconds, the service should restart.

http://www.onsitedentalsystems.com/setupdigidochelper.exe

Buy new hubs!

http://www.digi-doc.com/products/item/55-usb-20-hi-speed-powered-hub

AND!!! my capture button works with these cameras now.
http://justinshafer.blogspot.com/2014/04/empia-capture-button-software-for-ebay.html

Camera Control Tool for WebCams and Patient Photos

September 24, 2015, 11:41 am
$
0
0
I decided to update the Camera Control Tool to be used with Dentrix and the patient photo for the appointment book. The doctor wanted a webcam that we could snap patient photos with, and I decided to go with something modern, that can support "High Definition". The problem is Dentrix doesn't seem to even like 640x480 without cropping out some of the image. Probably from zooming??? No idea. Something to do with their "graph"?
(seems like they take an image and crop it for portrait? This is 640x480.)


So I came up with this solution.
http://www.onsitedentalsystems.com/CameraControlTool.zip

All this does is save the Image to the clipboard so you can paste the image into the patient photo instead of importing from a file.

I included one especially made for the Microsoft HD5000 Camera, which defaults to 1280x720P.

Click on the Snapshot button, or press S on the keyboard. It is best to pin it somewhere on the taskbar.



Click on the Paste From Clipboard button.

Microsoft HD-5000 @ 1280x720p


Microsoft HD-5000 @ 640x480


Works great for Open Dental as well.








Based on the Camera Net Library.
Search

Note for changing out a hard drive on a caesy edge server.

December 27, 2015, 8:07 am
$
0
0
1. Used Acronis 2015 to transfer the data.
2. Used Ubuntu 7.10 Alternative and setup a chroot to the sold state drive.
3. once in chroot, I reran grub-install /dev/sda1
4. yanked the drive, and recreated the uuid's based off of fstab.

All done!

If someone out there needs Caesy Edge Server repair, give me a shout.
www.onsitedentalsystems.com

I have also replaced the nic, and even recompiled a kernel to support a newer nic, though using an older one is best.


CEREC Acquisition Unit Upgrade\Repair

December 27, 2015, 8:21 am
$
0
0
Upgraded an old Red Cam CEREC Acquisition Unit that was getting old. Eventually the doctor sold it for a 3shape. Posting this mainly because I couldn't find the pictures.

Anyways, if you would like me to repair your CEREC Acquisition Unit and your located near DFW give me a shout. www.onsitedentalsystems.com





Open Dental built-in text messaging kicks ass.

January 5, 2016, 11:42 am
$
0
0
An office I know recently switched back to Open Dental from the cloud for 3 locations, and he really enjoys the built-in text messaging features, as this was not an option in Open Dental 7.X... (long time ago).

"Open Dental 15 ROCKS!" Says the doctor. As you can see there is a Text Notification area in the second window I posted, when a text arrives that populates with a number with how many new texts have arrived. All I was asked to do was forward a port to the listener service, and setup the backup again! OD Tech support did most of the work, leaving me with little to do but.. backups and port forwarding, and... this blog post. Anyways... I really like this.

http://www.opendental.com/manual/listenerservice.html




FTC takes on toothless encryption claims for dental practice software

January 5, 2016, 4:25 pm
$
0
0

FTC takes on toothless encryption claims for dental practice software

By: Lesley Fair | Jan 5, 2016 1:11PM

TAGS:
When a company promises to encrypt dentists’ patient data, but fails to live up to established standards, it shouldn’t come as a surprise that the FTC would bristle. A $250,000 proposed settlement with Henry Schein Practice Solutions, Inc., and a new FTC video remind companies to brush up on security-related data hygiene.
Schein sells software to help dentists manage their practices. Many dentists use the company’s Dentrix G5 software to enter patient data, send appointment reminders, process payments and insurance claims, and add clinical notes. That can involve lots of sensitive stuff, including contact information, Social Security numbers, dates of birth, IDs and passwords, insurance providers, and details about diagnoses and prescriptions.
The security of patient data is of particular concern to dentists and other healthcare providers because of their obligations under HIPAA. To help them meet those requirements, HHS cites guidance from the National Institute of Standards and Technology (NIST), which recommends Advanced Encryption Standard (AES) encryption – a nationally recognized standard. HHS’ Breach Notification Rule includes a safe harbor that says dentists don’t have to notify patients about certain breaches if the information was encrypted consistent with the standard cited by NIST.
According to the FTC, Schein was aware of the recommendation of AES, knew about the HHS safe harbor for encrypted data, and understood why encryption would be a key selling feature for dentists. So the company hit that point hard in its promotional material. For example, according to a sales brochure, “The database also provides new encryption capabilities that can help keep patient records safe and secure. And of course, encryption plays a key role in your efforts to stay compliant with HIPAA security standards.”
But there was something else the company knew. It knew that despite its “encryption” claim, Dentrix G5 didn’t use an established standard like AES encryption. Instead, it used a less secure and more vulnerable proprietary algorithm. Then in June 2013, the United States Computer Emergency Readiness Team (US-CERT) issued a Vulnerability Note and Alert publicly stating that the vendor of the less secure algorithm had agreed to rebrand its method as “Data Camouflage” so it wouldn’t be confused with encryption algorithms like AES.
But according to the FTC, despite receiving US-CERT’s Note, Schein continued to claim until January 2014 that Dentrix G5 “encrypts patient data.” The FTC says the company didn’t clearly alert dentists who bought Dentrix G5 before that date that its software used a method less complex than a standard encryption algorithm like AES. It’s likely that accurate information would have been material to dentists because had they known the truth, they may have taken additional steps to secure patient data. In addition, the company’s statements could have led dentists to mistakenly think they qualified for the HHS safe harbor in the event of a data breach.  
The complaint charges that Schein falsely claimed that Dentrix GS provides industry-standard encryption and helps dentists protect patient data, as required by HIPAA.
The remedies in the proposed settlement are worth noting. The order prohibits the company from making misleading claims about the extent to which its products use industry-standard encryption, help ensure regulatory compliance, or protect consumers’ personal information. The company also will notify customers still using Dentrix G5 that the product doesn’t provide industry-standard encryption. In addition, the company will pay $250,000 as disgorgement. That’s a fairly common provision in FTC advertising cases, but a first for marketing claims specifically related to data security. You can file a public comment about the proposed settlement by February 4, 2016.
The FTC's Start with Security campaign uses lessons from FTC cases to help businesses avoid security pitfalls. Today the FTC debuted a short video that the company in this case would have done well to heed: Use strong encryption to store and transmit sensitive data securely. http://bcove.me/pwo16iu7
========================================================================
https://www.kb.cert.org/vuls/id/900031
Well written. ThanksPogoWasRight from databreaches.net, Darrell Pruitt DDS of Fort Worth TX for being my friend, Steve Ragan from CSO Online, Brian Martin from Risk Based Security, Matt Blaze (I read his name in the news all the time!), Matthew Green from http://blog.cryptographyengineering.com, Joseph Lorenzo Hall from Center for Democracy & Technology, Michael Ramirez from Pill Fill and finally Ms. Jessica Lyon at the FTC.
Thank you very much.

Shout out to: James Russo from Halo3 Consulting, Trent Wolodko (Dental Integrator), Sodium Systems and Dan Gospe from DMI Networking. Thanks for your support and not shunning me! =) Mick Gomm...NEW Security Architect at Henry Schein Practice Solutions: "Choose the Right" and Nick Pelliccio the best HSPS Tech Support dude on the planet.



Hard-coded credentials placing dental offices at risk

January 15, 2016, 3:04 pm
$
0
0

Hard-coded credentials placing dental offices at risk


























Full Disclosure: CERT has known about the issue in Dentrix for more than a year and has remained silent

CSO | 



Viewing all 123 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>