Tuesday, September 18, 2018

Government Study Of BPA Backs Its Safety, But Doesn't Settle Debate

For years now the debate has raged about Bisphenol-A and the potential damage… or no damage that it can cause.  Due to these fears, BPA was pulled out of dental products several years ago, but the debate continued.  The HHS (Department of Health and Human Services) hoped to end this constant sparring by setting up the “Clarity-BPA Program” which, it was thought, would end the debate once and for all.  Like there was a chance of that.  One of my problem with scientific debates is that there is always plenty of data to prove many points and each point grabs a bit of data and begins to use it as the sole source.  What then ensues is less science and more “my dad can beat up your dad” playground behavior among the scientific community.  Or course its been like that for 100s of years so you’d think I’d be used to it…
Now we have an article from NPR that does a good job of explaining what the scuffling is all about, but not a good reason to make it stop…

Government scientists have presented new evidence that the plastic additive BPA isn't a health threat.

Low doses of the chemical given to hundreds of rats, "did not elicit clear, biologically plausible adverse effects," said K. Barry Delclos, a research pharmacologist at the Food and Drug Administration's National Center for Toxicological Research.

Delclos made the remarks Thursday during an online presentation in which he summarized an important part of a $30 million project called CLARITY-BPA, which was launched in 2012 to resolve questions about the chemical's safety.

The results of the rat study had previously appeared in a draft report on BPA (also known as bisphenol-A) released in February. But since then, the research has undergone peer review and revisions, Delclos said.

During his online presentation, Delclos provided an overview of the two-year study, which involved thousands of rats given a wide range of BPA doses.

Rats that got at least a thousand times more BPA than consumers are exposed to showed effects similar to those produced by the hormone estrogen. These included changes to the reproductive system and a greater risk of reproductive tumors.

But at doses meant to replicate human exposure, there was no pattern indicating any health or behavior problems, Delclos said.

He declined to comment directly on BPA's safety or the FDA's position that the chemical is safe to use in most plastic food containers. But Delclos noted that government agencies around the world have now weighed in on BPA, and that "most of these regulatory agencies currently conclude that BPA does not pose a risk at estimated dietary exposure levels."

BPA has been used for decades in products like water bottles, and in the lining of some food cans. And studies show that tiny amounts can get into our bodies.

Scientists agree that BPA can act like estrogen. But early government studies found no evidence that people are exposed to enough BPA to produce an effect.

Meanwhile, studies by some academic scientists suggested that even low levels of BPA can cause everything from obesity to breast and prostate cancer, to diabetes, to behavioral problems.

CLARITY-BPA was supposed to resolve the conflict. But it hasn't.

Academic scientists whose research has suggested that even tiny amounts of BPA affect lab animals have raised questions about the government's rat study since the February draft became available. And the day before Delclos' presentation, they held an online press conference to pre-emptively challenge the results he was expected to describe.

During that press conference, Laura Vandenberg, an associate professor at the University of Massachusetts at Amherst, said her own analysis of the study data comes up with a different result — low doses of BPA are a problem.

"There were significant effects of BPA in both males and females," she said, citing groups of rats that had unusually high rates of breast cancer and prostate inflammation.

That sort of risk will be shown more clearly when the second part of CLARITY-BPA is finalized next year, Vandenberg said. That part will feature studies from more than a dozen academic scientists who received CLARITY funding, including some who found that very low doses of BPA did cause health problems even when higher doses did not.

But some academic scientists who participated in CLARITY have only praise for the project, and its results so far.

A study by Norbert Kaminsky of Michigan State University found that low doses of BPA had no effect on a rat's immune system.

"We probably measured about 125 endpoints in more than 700 animals," Kaminsky says. "This study was extremely comprehensive, and I am very confident and comfortable in the results."

The debate about BPA is likely to intensify as CLARITY scientists work to assemble their final report next year, says Patricia Hunt, a professor at Washington State University who has studied BPA for decades but is not part of CLARITY.

Many academic scientists who specialize in chemicals like BPA think the government's effort is badly flawed, she says, adding that they disagree with the type of rat the government chose and fear that the presence of BPA is some animals who were supposed to be BPA-free undercuts the study's validity.

"What we're going to see over the course of the next few of weeks is a lot of fighting because there's a lot of anger on both sides," Hunt says.

And all that fighting be misguided, she says, because the plastics industry has already removed BPA from many products.

Instead, she says, they have begun using a range of chemicals that are very similar to BPA, but haven't been studied as carefully.

On Thursday, Hunt published a paper suggesting that one of these substitute chemicals, called BPS, caused the same effects in lab animals she'd seen with BPA.

Monday, September 17, 2018

Dentsply Sirona launches Azento™: Single tooth replacement in one box

DentsplySirona logo.png
Don’t you love it when things work out just the way you planned?  Today I’m celebrating because I hit one at near 100%.  Being in technology I’m frequently asked to make predictions based on what I *think* will happen in the future.  They are usually educated guesses, but they are still guesses.  So sometimes, I get close and sometimes I am not even in the same area code…
For the last 3 years or so, I’ve been predicting a concept I called “Implant in a Box”.  Now it seems that Dentsply Sirona have taken my prediction and pretty much created exactly what I envisioned.  I’m proud of them.
Here is all the info:
Azento is a single tooth replacement solution, highly customized to the needs and timeframe of dentists and patients, which revolutionizes the digital implant workflow by streamlining implant planning service, purchasing and delivery. Dentists will receive a precise, customized digital treatment plan based on each patient's digital scans, with imaging systems such as the Orthophos SL and intraoral scanners like the CEREC Omnicam, submitted through a case management portal. Azento includes all components and instruments necessary to complete an implant treatment, including a surgical guide, implant and custom healing abutment, delivered within five business days of approving the treatment plan. This eliminates the effort of coordinating purchases with multiple suppliers and monitoring inventory in the office.

"This streamlined workflow solution offers tangible financial and time-saving benefits by reducing administrative responsibilities, number of visits and patient chair time," said Jo Massoels, Director Digital Implant Solutions at Dentsply Sirona. "It is designed to help dentists select the best-fitting implant, determine optimal implant positioning, healing environment and restoration for each case."

Azento enables practices to achieve consistently excellent results thanks to the customized and prosthetically driven treatment plan, based on each patient's digital scans. It also includes a custom healing abutment, contouring the emergence profile and enabling a final esthetic result.

Furthermore, with Azento, dental professionals will receive custom digital treatment plans that will help communicate the procedure clearly to patients, who will also benefit from the reduced number of visits and chair time.

"The Azento team supports me in planning a truly restorative driven implant placement, reducing the risk of complications, ensuring accuracy and producing excellent results," said Dr. Daniel Butterman, dental surgeon in Centennial, Colorado.  

Azento works with the Astra Tech Implant System® and Xive®. It also includes an Atlantis® custom healing abutment and optional temporary restoration. The final restoration can be performed with Atlantis and CEREC or through an Atlantis dental lab.

Azento will be available in Canada and Europe in 2019.

To learn more, visit www.dentsplysirona.com/Azento.

About Dentsply Sirona: 

Dentsply Sirona is the world's largest manufacturer of professional dental products and technologies, with over a century of innovation and service to the dental industry and patients worldwide.  Dentsply Sirona develops, manufactures, and markets a comprehensive solutions offering including dental and oral health products as well as other consumable medical devices under a strong portfolio of world class brands.  As The Dental Solutions Company™, Dentsply Sirona's products provide innovative, high-quality and effective solutions to advance patient care and deliver better, safer and faster dental care. Dentsply Sirona's global headquarters is located in York, Pennsylvania, and the international headquarters is based in Salzburg, Austria. The company's shares are listed in the United States on NASDAQ under the symbol XRAY.  Visit www.dentsplysirona.com for more information about Dentsply Sirona and its products.

Thursday, September 13, 2018

Sonitus Technologies Wins Multi-Million Dollar DOD Award for ‘Molar Mic’ Personal Communication System

Tooth phone.jpg

This is one of the coolest things I’ve read about lately.  A combination of tech AND teeth!


Sonitus Technologies announced today that it has been awarded Phase II of its contract with the U.S. Department of Defense (DOD) which is structured to provide the U.S. Air Force with a novel new personal communication system that Air Force personnel have nicknamed the ‘Molar Mic.’ The innovative two-way, personal communication system, ATAC™, fits a miniaturized traditional headset into a device that clips to a user’s back teeth.

The DOD, via its Defense Innovation Unit (DIU), has contracted Sonitus for a multi-million dollar, multi-year agreement, to complete development of the Molar Mic for purposes of transition to Fielding and Deployment of the system upon successful conclusion of the first segment of the contract which is funded by the U.S Air Force. Subsequently, other qualified branches of the U.S. defense community may leverage the technology as part of the DOD’s program to enhance communications capabilities and operational safety of its personnel. Sonitus was introduced to the DOD by In-Q-Tel, the not-for-profit strategic investor that identifies and partners with startup companies developing innovative technologies that protect and preserve U.S. security.

“Sonitus Technologies is honored to bring this game changing technology to our country’s elite military, making them safer and more effective by enabling them to communicate clearly – even in the most extreme situations,” said Peter Hadrovic, CEO of Sonitus Technologies. “The voice interface sustains communications in dangerous and challenging environments. The Molar Mic is the first in our family of solutions that conventional approaches are unable to address.”

Pararescuemen (commonly known as PJs) from the Air National Guard 131st Rescue Squadron based at Moffett Field in Mountain View, CA, participated in early field testing of the Sonitus prototypes, including rescue operations during Hurricane Harvey last summer in Houston.

“The ability to communicate by radio is crucial for our mission,” said a PJ and DIU Warrior in Residence. “It enables us to execute in extreme conditions and save lives. But despite having amazing technology, communication still commonly breaks down because of the extreme environments where we operate.”

In one case during Hurricane Harvey, a PJ was involved in airlifting an injured civilian into a helicopter hovering directly overhead and was attempting communication with the helicopter flight engineer and pilot using the Sonitus system. The crew was amazed that they could clearly hear the PJ in these conditions.

Parachuting from high-altitude aircraft, working under a hovering helicopter, swimming in open water, and similar conditions, interfere with traditional communication devices precisely when they are needed most. What is needed is an entirely new approach.

Sonitus Receives DOD/DIU Contract

Sonitus Technologies uses a patented audio interface and near-field magnetic induction (NFMI) technology to achieve its performance. The recent award followed DOD-funded field-testing of prototypes by military personnel from all of the major service branches with extensive field experimentation. Testing included multiple scenarios, with and without personal protective equipment, all with extreme noise and without loss of communication.

The Sonitus solution creates a unique wireless audio interface by embedding both a tiny microphone for talking and a speaker-transducer for hearing in a compact custom-fit mouth-piece that snaps comfortably around a user’s back teeth. This allows the user to both talk and hear without external devices attached to the head. The placement on the teeth uses the body itself to block external noise when speaking and leverages the user’s teeth and jawbone to create a new auditory path for hearing. The result is an unobstructed head and face, clear communication, higher comfort, enhanced situational awareness and the ability to add or remove personal protective equipment without breaking communication.

Security personnel, first responders, and industrial workers such as those in the energy sector are evaluating the Sonitus solution for their market applications.

For more information about the Sonitus wireless personal communication system and its technical specifications, visit how it works.

About Sonitus Technologies

Sonitus Technologies is the developer of miniaturized wireless personal communication solutions designed for use in harsh commercial and security environments. Developed with, and proven by, the world’s most demanding customers, the Sonitus solution sustains two-way voice connectivity in communication networks critical to personal safety and performance across defense, public safety, aerospace, power, oil & gas, and professional applications. The patented two-way Sonitus solution is a new audio interface – using near-field magnetic induction (NFMI) technology – which makes voice communication immune to a user’s operating environment and decouples it from protective equipment. A small wireless, hands-free, ears-free device clips to a user’s back teeth and creates an unbreakable personal communication link for speaking and hearing that is compatible with existing radio, phone or intercom solutions. The new audio path eliminates the need for ear pieces, microphones and wires on the head. Initial investors in Sonitus include In-Q-Tel, Panasonic, KCK and Tsuha. The company is based in San Mateo, CA, and is led by a team of proven executives from within the technology, government and medical device markets. For more information visit www.sonitustechnologies.com.

About DIU

DIU is an entity within the Department of Defense charged with accelerating and streamlining the process by which commercial technology is sourced and integrated across the U.S. military to ensure our national defense. For more information visit www.diux.mil.


Wednesday, September 12, 2018

Amazon VP Mark Mitchke Named CEO of Delta Dental of Washington

-Here’s an interesting tidbit I came across.  Delta Dental has hired someone away from Amazon.  With all the rumors swirling about Amazon entering the healthcare space, here’s a story of someone leaving Amazon FOR the healthcare space…
The Boards of Directors of Washington Dental Service and Delta Dental of Washington (DDWA) today announced the appointment of Mark Mitchke, the veteran Amazon executive who led Amazon Global Fulfillment Services, as CEO of the two companies.

"Mark Mitchke is an innovative, driven executive with a tremendous balance of operating and strategic capability," said DDWA Board Chair Dr. Gerry Phipps. "Mark is a long-range thinker and adept at navigating complexity, and he has successfully balanced the needs of the sellers, customers and Amazon in his role leading Amazon's fulfillment services. His experience leading Amazon's small-businesses marketplace is directly applicable to Delta Dental's core business."

Mitchke brings more than twenty years of business leadership experience to Delta Dental of Washington. At Amazon, Mark managed a large team whose diverse areas of focus included product development, software engineering, machine learning, finance, business development, Seller and Customer support, and operations. Mark excels in leading the collaboration that is essential to bring together multiple and sometimes disparate interests and priorities to deliver results. Under his leadership since 2014, Amazon Global Fulfillment Services has empowered hundreds of thousands of small and medium-sized businesses to grow global businesses on Amazon and has quadrupled sales for Amazon.

"I am thrilled to join Delta Dental of Washington at such a pivotal time," Mitchke said. "With the rapid changes in health care and the dental industry, I am eager to work closely with our dentist members and employees to continue to deliver the excellent care patients have come to expect from Delta Dental while accelerating Delta's progress in serving the community and shaping the future of oral health care. Throughout my career, I have learned to operate and innovate in complex new environments with a variety of stakeholders, always working for mutual wins. I look forward to listening and learning as we work together to shape and improve oral health in Washington and beyond."

At Amazon, Mitchke is known for his ability to cut through complexity with a sharp analytical mind and calm demeanor – and for being both tenacious and focused. He is also known for caring deeply about his team members, customers and community.

"Mark has deep roots in the Seattle area and feels a strong connection to the community and Delta Dental's mission, which is historically important for the CEO of Delta Dental of Washington," said Anne Farrell, DDWA Board Vice Chair. In addition to his corporate role, Mitchke has been involved with the Make-A-Wish Foundation of Alaska & Washington since 2005, served on the Board from 2005 to 2010 and served as the Board Chairman in 2009.

Prior to joining Amazon in 2013, Mark was a Senior Partner at McKinsey & Company in Seattle. At McKinsey, he gained extensive experience in leading change for a wide variety of complex organizations across a range of industries, developing a deep understanding of how to adapt and lead in new environments with varied stakeholders and company cultures.

Mitchke holds a bachelor's degree in Mechanical Engineering from the Massachusetts Institute of Technology and an MBA with high distinction from Stephen M. Ross School of Business at the University of Michigan. He lives in Bellevue with his wife and three children.

Mitchke, who will start by the end of the year, succeeds the current CEO Jim Dwyer, who is retiring. Dwyer completes 17 years of leading the organization to record revenues, profits and sales growth, serving approximately 2 million subscribers.

Tuesday, September 11, 2018

American Academy of Periodontology Publishes Proceedings from 
Best Evidence Consensus Meeting on Lasers

AAP Logo.jpg

Periodontal experts address clinical efficacy of laser usage in patient care

CHICAGO – September 11, 2018 – The American Academy of Periodontology (AAP), the leading professional organization dedicated to the dental specialty of periodontics, has published its “best evidence consensus” (BEC) panel proceedings on the topic of laser usage. The proceedings are the result of the AAP’s second BEC meeting, a model of scientific inquiry rooted in the best available published research and expert opinion. The BEC meeting on lasers was held in Chicago in February 2017.

The latest BEC meeting brought together a panel of 10 experts to discuss the efficacy of laser usage, either when used alone or as an adjunct to non-surgical and surgical treatment of periodontitis and peri-implantitis. The panel members were selected based on their extensive knowledge of laser therapy and experience in applying lasers to a broad range of clinical situations. The group found that when laser treatment is used in addition to mechanical treatment, similar or slightly better clinical outcomes are observed when compared with laser usage alone. Current evidence suggests that there is no additional benefit to lasers beyond what is seen with traditional periodontal surgery.

“Lasers are a part of a diverse treatment repertoire, and there are countless reported successful outcomes in their use,” says Steven R. Daniel, DDS, president of the AAP. “As the profession advances with the adoption and application of these technologies, the Academy is committed to using existing evidence and thoughtful expertise to bridge knowledge gaps and provide insight for responsible, real-world use.”

The BEC model of inquiry utilizes current, high-quality published literature and the expert opinion of periodontal thought leaders to provide guidance on innovative topics for which there is insufficient evidence to arrive at definitive conclusions.

The complete BEC proceedings appear in the July 2018 issue of the Journal of Periodontology (JOP). Similar to the inaugural BEC report on cone-beam computed tomography published in October 2017, the proceedings on lasers offer a consensus statement, commentary, and systematic reviews related to the usage of lasers.

“I encourage all dental professionals to read the laser BEC proceedings carefully as they underscore how crucial scientific evidence is in influencing clinical recommendations,” Dr. Daniel adds. “The latest findings are not meant to insinuate that laser usage is more or less beneficial over traditional periodontal therapy or to imply an Academy position on its use in patient care. They simply demonstrate that, in the absence of a critical mass of evidence, all practitioners must rely on their judgement and expert training to make the best possible treatment decisions.”

The AAP’s best evidence consensus meeting on lasers was sponsored by J. Morita USA. To access the full BEC proceedings, please visit the Journal of Periodontology on the Wiley Online Library. For more information about the AAP or periodontal disease, visit perio.org

About the American Academy of Periodontology

The American Academy of Periodontology (AAP) represents over 8,000 periodontists—specialists in the prevention, diagnosis, and treatment of inflammatory diseases affecting the gums and supporting structures of the teeth, and in the placement of dental implants. Periodontics is one of the nine dental specialties recognized by the American Dental Association.

Monday, September 10, 2018

Register Now for the AAPMD Airway Summit November 8-10

Red Rock Resort.jpg
The American Academy of Physiological Medicine & Dentistry is holding their Airway Summit 2018 November 8-10 at the Red Rock Casino in Las Vegas.
This meeting will be encompassing three different and yet interrelated subjects: Airway Health - Functional Medicine - Oral Systemic Health
In the last few years, there has been tremendous research and recognition of Sleep Health as a vital part of the human existence.  Obstructive Sleep Apnea (OSA) is highly prevalent and it is estimated that  up to 50% of the US population has some type airway pathology.
The problem we currently face with this problem is bringing awareness to patients that both snoring and struggling to breathe while sleeping are not *normal or acceptable*.  The only way that healthcare providers are going to get this message out to the general population is to band together and work on getting the word out through an interdisciplinary approach.  That is what this meeting is all about.
The meeting will help provide information that attendees can take back to their practices and implement on the very first day they return.  The schedule is chock full of well known experts on sleep, airway pathology, and OSA.
Sleep medicine and airway health are about to be on the forefront of both medical and dental practices.  If you have any interest in helping your patients achieve the better quality of life that better sleep can provide, you need to make plans to be here.

Thursday, September 6, 2018

MouthWatch to Debut and Demonstrate Noteworthy TeleDent™ Upgrades During CDA San Francisco

New TeleDent & Logo.jpg

The Latest Release of the Leading All-In-One Teledentistry Platform
Raises the Bar on Efficient Workflow Management

 – MouthWatch, LLC a leader in innovative teledentistry solutions, digital case presentation tools and intraoral imaging devices, is launching a substantially upgraded version of TeleDent™ during CDA Presents in San Francisco. MouthWatch will be demonstrating the enhanced teledentistry platform in booth #2012.

Since its launch in 2016, TeleDent has enabled the sharing of patient data, clinical information, and intraoral images in real-time or via store and forward technology. The HIPAA-compliant teledentistry platform was originally designed to enhance referrals, screenings, consultations and collaboration between GPs and specialists, group practice locations, and hygienists in public health or private practice. 

The company is once again raising the bar on teledentistry functionality. According to MouthWatch CEO and founder, Brant Herman, “Our focus for the latest version of TeleDent was to optimize workflow in order to make collaboration and communication more efficient between internal dental teams and external care providers across virtually any public health and private practice application.”

TeleDent’s latest release includes the following features and benefits:

  • Enhanced User Interface: A more intuitive user interface improves user efficiency and significantly flattens the learning curve.
  • Task Assignment: Enables monitoring and management of individual care team members involved in care delivery for each patient. Facilitates delegation across the team for improved treatment planning and coordination of care.
  • Optimized Sync: Smarter sync technology allows for faster store and forward cloud synchronization to help reduce bandwidth requirements.
  • Optimized Workflow: Thanks to simplified appointment scheduling and sequencing of treatment, more efficient appointments and improved provider management help keep everyone in the loop.
  • Patient, Provider and Practice Management: Enhanced ability to manage basic and complex organizational structures while maintaining patient privacy and provider relevance. TeleDent now ensures providers, patients and practices are separate or shared according to business needs.
  • Audio Recording During Appointments: Ensures more accurate note taking, perio charting and documentation for improving treatment outcomes, providing ongoing team training and maximizing insurance reimbursement.

The enhanced version of TeleDent like its predecessor, requires a MouthWatch intraoral camera for best results and can utilize virtually any Windows 10 tablet or laptop for local data collection and image capture. The enhanced software will be ready to order on September 30th, 2018. Current TeleDent clients will be upgraded to the latest version free of charge. For more information, download the TeleDent product sheet at https://MouthWatch.co/TeleDent1sheet .

About MouthWatch, LLC:
Headquartered in Metuchen, New Jersey, MouthWatch, LLC is a leader in leader in innovative teledentistry solutions, digital case presentation tools and intraoral imaging devices. The company is dedicated to finding new ways to constantly improve the dental health experience for both patient and provider.

The founders and management team of MouthWatch have relevant backgrounds and successful track records in dentistry, consumer products and communications. Since 2012, this team has pioneered the integration of digital imagery and communications technology in the field of dentistry. Their cumulative experience makes it possible for the company to take the lead in introducing the benefits of telemedicine to the world of dentistry. For more information, visit www.MouthWatch.com .

Wednesday, September 5, 2018

Social Engineering and the Chinese CD Hack

The easiest way for your data to become someone else’s data is through social engineering.  That means convincing someone with the keys to the kingdom to share those keys with a hacker.
This can be done in lots of ways.  Phone calls with hackers masquerading as legit IT personnel, phishing scams, or even downright physical infiltration.
Lately, the Multi-State Information Sharing and Analysis Center has contacted state governments about a very clever scheme.  It seems that Chinese hackers are  physically mailing CDs to state governments.  When someone inserts the CD into their computer, it installs hidden programs that give the hackers control and access to the data.  Sneaky right?
Basically this is an easy scheme to pull off and it works.  Someone opens a package they receive in the mail that contains a CD and a letter written in broken English.  If anyone was coerced to put the CD into their computer, the hackers have them.
I’ve heard of similar scams before.  One was hackers leaving virus ridden thumb drives on the ground in parking lots of businesses they wanted to hack.  All someone had to do was insert the drive in their USB port and they were infected.
The moral to this story is that vigilance in data security is important.

Tuesday, September 4, 2018

How iTero Saved the Day

Max iTero Model.JPG
There is an cover story coming soon to Dental Products Report about digital impressions and whether they are ready for prime time.  It’s written by my good friend Terri Lively and does a great job of covering the subject.  It’s not out yet, but should be available soon.  Be sure to look for it and check it out when it’s printed.
In Terri’s article she had me describe a case that I completed recently and I thought I’d share the image and the story here.
The photo above is a maxillary model that was created from a full arch scan with our iTero Elements scanner.  This case was a great one for digital because the patient had a very severe gag reflex.  We had tried to take a traditional impression, but due to the gag reflex present, that just was not possible for this case.  Instead, the full arch scan was taken.  The case was designed with a palatal strap  to decrease palatal coverage (you can see the design lightly scribed on the model).
Both arches were scanned and articulated.  The framework try-in with wax blocks went uneventfully and the wax try-in demonstrated the occlusion to be spot-on.
My only concern with the case being done with digital scans was the possibility of discrepancies with the tissue surface in the edentulous area.  I always try and design my cases (any type of case) with a Plan B in case our original solution does not work as originally designed.  My solution for this case would have been to take a functional impression of the saddle area and then have a hard reline done if necessary.  The amount of impression material needed would have been minimal and I feel it would have been tolerated well by the patient.
However, it turned out that I could leave Plan B on the workbench as the final tissue check was exactly what I had hoped it would be.
More and more the profession is moving away from analog impression systems.  The digital systems obviously require a “front end” investment, but as far as being “expensive”, in the analysis that we’ve done in my practice, it’s a wash.  This is a great example of creating a case that I would have perhaps been unable to do without the help of digital.

Thursday, August 30, 2018

HHS Helps Practitioners Battle Ransomware

With all of the bad news and terrifying stories about data breaches lately, it might seem a whole lot easier just to stick your head in the sand and ignore the whole thing… right?  Unfortunately… wrong.  Failure to comply can create a data breach which can lead to fines, bad PR, and a plethora of other problems for the practice.  To help practices be in compliance, here is some really great info from the U.S. Department of Health and Human Services.  I’m placing this here in the hopes that it can help others in healthcare.
- John

FACT SHEET: Ransomware and HIPAA

A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015).1 Ransomware exploits human and technical weaknesses to gain access to an organization’s technical infrastructure in order to deny the organization access to its own data by encrypting that data. However, there are measures known to be effective to prevent the introduction of ransomware and to recover from a ransomware attack. This document describes ransomware attack prevention and recovery from a healthcare sector perspective, including the role the Health Insurance Portability and Accountability Act (HIPAA) has in assisting HIPAA covered entities and business associates to prevent and recover from ransomware attacks, and how HIPAA breach notification processes should be managed in response to a ransomware attack.

1. What is ransomware?

Ransomware is a type of malware (malicious software) distinct from other malware; its defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid. After the user’s data is encrypted, the ransomware directs the user to pay the ransom to the hacker (usually in a cryptocurrency, such as Bitcoin) in order to receive a decryption key. However, hackers may deploy ransomware that also destroys or exfiltrates2 data, or ransomware in conjunction with other malware that does so.

2. Can HIPAA compliance help covered entities and business associates prevent infections of malware, including ransomware?

Yes. The HIPAA Security Rule requires implementation of security measures that can help prevent the introduction of malware, including ransomware. Some of these required security measures include:

  • implementing a security management process, which includes conducting a risk analysis to identify threats and vulnerabilities to electronic protected health information (ePHI) and implementing security measures to mitigate or remediate those identified risks; 
  • implementing procedures to guard against and detect malicious software;
  • training users on malicious software protection so they can assist in detecting malicious software and know how to report such detections; and 
  • implementing access controls to limit access to ePHI to only those persons or software programs requiring access.

The Security Management Process standard of the Security Rule includes requirements for all covered entities and business associates to conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of the ePHI the entities create, receive, maintain, or transmit and to implement security measures sufficient to reduce those identified risks and vulnerabilities to a reasonable and appropriate level. It is expected that covered entities and business associates will use this process of risk analysis and risk management not only to satisfy the specific standards and implementation specifications of the Security Rule, but also when implementing security measures to reduce the particular risks and vulnerabilities to ePHI throughout an organization’s entire enterprise, identified as a result of an accurate and thorough risk analysis, to a reasonable and appropriate level. For example, although there is a not a Security Rule standard or implementation specification that specifically and expressly requires entities to update the firmware3 of network devices, entities, as part of their risk analysis and risk management process, should, as appropriate, identify and address the risks to ePHI of using networks devices running on obsolete firmware, especially when firmware updates are available to remediate known security vulnerabilities.

In general, moreover, the Security Rule simply establishes a floor, or minimum requirements, for the security of ePHI; entities are permitted (and encouraged) to implement additional and/or more stringent security measures above what they determine to be required by Security Rule standards.

3. Can HIPAA compliance help covered entities and business associates recover from infections of malware, including ransomware?

Yes. The HIPAA Security Rule requires covered entities and business associates to implement policies and procedures that can assist an entity in responding to and recovering from a ransomware attack.

Because ransomware denies access to data, maintaining frequent backups and ensuring the ability to recover data from backups is crucial to recovering from a ransomware attack. Test restorations should be periodically conducted to verify the integrity of backed up data and provide confidence in an organization’s data restoration capabilities. Because some ransomware variants have been known to remove or otherwise disrupt online backups, entities should consider maintaining backups offline and unavailable from their networks.

Implementing a data backup plan is a Security Rule requirement for HIPAA covered entities and business associates as part of maintaining an overall contingency plan. Additional activities that must be included as part of an entity’s contingency plan include: disaster recovery planning, emergency operations planning, analyzing the criticality of applications and data to ensure all necessary applications and data are accounted for, and periodic testing of contingency plans to ensure organizational readiness to execute such plans and provide confidence they will be effective. See 45 C.F.R. 164.308(a)(7).

During the course of responding to a ransomware attack, an entity may find it necessary to activate its contingency or business continuity plans. Once activated, an entity will be able to continue its business operations while continuing to respond to and recover from a ransomware attack. Maintaining confidence in contingency plans and data recovery is critical for effective incident response, whether the incident is a ransomware attack or fire or natural disaster.

Security incident procedures, including procedures for responding to and reporting security incidents, are also required by HIPAA. See 45 C.F.R. 164.308(a)(6). An entity’s security incident procedures should prepare it to respond to various types of security incidents, including ransomware attacks. Robust security incident procedures for responding to a ransomware attack should include processes to4:

  • detect and conduct an initial analysis of the ransomware; 
  • contain the impact and propagation of the ransomware; 
  • eradicate the instances of ransomware and mitigate or remediate vulnerabilities that permitted
  • the ransomware attack and propagation; 
  • recover from the ransomware attack by restoring data lost during the attack and returning to
  • “business as usual” operations; and 
  • conduct post-incident activities, which could include a deeper analysis of the evidence to
  • determine if the entity has any regulatory, contractual or other obligations as a result of the incident (such as providing notification of a breach of protected health information), and incorporating any lessons learned into the overall security management process of the entity to improve incident response effectiveness for future security incidents. 

4. How can covered entities or business associates detect if their computer systems are infected with ransomware?

Unless ransomware is detected and propagation halted by an entity’s malicious software protection or other security measures, an entity would typically be alerted to the presence of ransomware only after the ransomware has encrypted the user’s data and alerted the user to its presence to demand payment. However, in some cases, an entity’s workforce may notice early indications of a ransomware attack that has evaded the entity’s security measures. HIPAA’s requirement that an entity’s workforce receive appropriate security training, including training for detecting and reporting instances of malicious software, can thus assist entities in preparing their staff to detect and respond to ransomware. Indicators of a ransomware attack could include:

  • a user’s realization that a link that was clicked on, a file attachment opened, or a website visited may have been malicious in nature; 
  • an increase in activity in the central processing unit (CPU) of a computer and disk activity for no apparent reason (due to the ransomware searching for, encrypting and removing data files); 
  • an inability to access certain files as the ransomware encrypts, deletes and re-names and/or re- locates data; and 
  • detection of suspicious network communications between the ransomware and the attackers’ command and control server(s) (this would most likely be detected by IT personnel via an intrusion detection or similar solution).

If an entity believes that a ransomware attack is underway, either because of indicators similar to those above or other methods of detection, the entity should immediately activate its security incident response plan, which should include measures to isolate the infected computer systems in order to halt propagation of the attack.

Additionally, it is recommended that an entity infected with ransomware contact its local FBI or United States Secret Service field office. These agencies work with Federal, state, local and international partners to pursue cyber criminals globally and assist victims of cybercrime.

5. What should covered entities or business associates do if their computer systems are infected with ransomware?

The presence of ransomware (or any malware) on a covered entity’s or business associate’s computer systems is a security incident under the HIPAA Security Rule. A security incident is defined as the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system. See the definition of security incident at 45 C.F.R. 164.304. Once the ransomware is detected, the covered entity or business associate must initiate its security incident and response and reporting procedures. See 45 C.F.R. 164.308(a)(6).

HIPAA covered entities and business associates are required to develop and implement security incident procedures and response and reporting processes that they believe are reasonable and appropriate to respond to malware and other security incidents, including ransomware attacks. Entities seeking guidance regarding the implementation of security incident procedures may wish to review NIST SP 800- 61 Rev. 2, Computer Security Incident Handling Guide5 for additional information.

An entity’s security incident response activities should begin with an initial analysis to: 

  • determine the scope of the incident to identify what networks, systems, or applications are affected; 
  • determine the origination of the incident (who/what/where/when); 
  • determine whether the incident is finished, is ongoing or has propagated additional incidents
  • throughout the environment; and 
  • determine how the incident occurred (e.g., tools and attack methods used, vulnerabilities
  • exploited).

These initial steps should assist the entity in prioritizing subsequent incident response activities and serve as a foundation for conducting a deeper analysis of the incident and its impact. Subsequent security incident response activities should include steps to:

  • contain the impact and propagation of the ransomware; 
  • eradicate the instances of ransomware and mitigate or remediate vulnerabilities that permitted
  • the ransomware attack and propagation; 
  • recover from the ransomware attack by restoring data lost during the attack and returning to
  • “business as usual” operations; and 
  • conduct post-incident activities, which could include a deeper analysis of the evidence to
  • determine if the entity has any regulatory, contractual or other obligations as a result of the incident (such as providing notification of a breach of protected health information), and incorporating any lessons learned into the overall security management process of the entity to improve incident response effectiveness for future security incidents.

Part of a deeper analysis should involve assessing whether or not there was a breach of PHI as a result of the security incident. The presence of ransomware (or any malware) is a security incident under HIPAA that may also result in an impermissible disclosure of PHI in violation of the Privacy Rule and a breach, depending on the facts and circumstances of the attack. See the definition of disclosure at 45 C.F.R. 160.103 and the definition of breach at 45 C.F.R. 164.402.

6. Is it a HIPAA breach if ransomware infects a covered entity’s or business associate’s computer system?

Whether or not the presence of ransomware would be a breach under the HIPAA Rules is a fact-specific determination. A breach under the HIPAA Rules is defined as, “...the acquisition, access, use, or disclosure of PHI in a manner not permitted under the [HIPAA Privacy Rule] which compromises the security or privacy of the PHI.” See 45 C.F.R. 164.402.6

When electronic protected health information (ePHI) is encrypted as the result of a ransomware attack, a breach has occurred because the ePHI encrypted by the ransomware was acquired (i.e., unauthorized individuals have taken possession or control of the information), and thus is a “disclosure” not permitted under the HIPAA Privacy Rule.

Unless the covered entity or business associate can demonstrate that there is a “...low probability that the PHI has been compromised,” based on the factors set forth in the Breach Notification Rule, a breach of PHI is presumed to have occurred. The entity must then comply with the applicable breach notification provisions, including notification to affected individuals without unreasonable delay, to the Secretary of HHS, and to the media (for breaches affecting over 500 individuals) in accordance with HIPAA breach notification requirements. See 45 C.F.R. 164.400-414.

7. How can covered entities or business associates demonstrate “...that there is a low probability that the PHI has been compromised” such that breach notification would not be required?

To demonstrate that there is a low probability that the protected health information (PHI) has been compromised because of a breach, a risk assessment considering at least the following four factors (see 45 C.F.R. 164.402(2)) must be conducted:

1. the nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification;

2. the unauthorized person who used the PHI or to whom the disclosure was made;

3. whether the PHI was actually acquired or viewed; and

4. the extent to which the risk to the PHI has been mitigated.

A thorough and accurate evaluation of the evidence acquired and analyzed as a result of security incident response activities could help entities with the risk assessment process above by revealing, for example: the exact type and variant of malware discovered; the algorithmic steps undertaken by the malware; communications, including exfiltration attempts between the malware and attackers’ command and control servers; and whether or not the malware propagated to other systems, potentially affecting additional sources of electronic PHI (ePHI). Correctly identifying the malware involved can assist an entity to determine what algorithmic steps the malware is programmed to perform. Understanding what a particular strain of malware is programmed to do can help determine how or if a particular malware variant may laterally propagate throughout an entity’s enterprise, what types of data the malware is searching for, whether or not the malware may attempt to exfiltrate data, or whether or not the malware deposits hidden malicious software or exploits vulnerabilities to provide future unauthorized access, among other factors.

Although entities are required to consider the four factors listed above in conducting their risk assessments to determine whether there is a low probability of compromise of the ePHI, entities are encouraged to consider additional factors, as needed, to appropriately evaluate the risk that the PHI has been compromised. If, for example, there is high risk of unavailability of the data, or high risk to the
integrity of the data, such additional factors may indicate compromise. In those cases, entities must provide notification to individuals without unreasonable delay, particularly given that any delay may impact healthcare service and patient safety.

Additionally, with respect to considering the extent to which the risk to PHI has been mitigated (the fourth factor) where ransomware has accessed PHI, the entity may wish to consider the impact of the ransomware on the integrity of the PHI. Frequently, ransomware, after encrypting the data it was seeking, deletes the original data and leaves only the data in encrypted form. An entity may be able to show mitigation of the impact of a ransomware attack affecting the integrity of PHI through the implementation of robust contingency plans including disaster recovery and data backup plans. Conducting frequent backups and ensuring the ability to recover data from backups is crucial to recovering from a ransomware attack and ensuring the integrity of PHI affected by ransomware. Test restorations should be periodically conducted to verify the integrity of backed up data and provide confidence in an organization’s data restoration capabilities. Integrity to PHI data is only one aspect when considering to what extent the risk to PHI has been mitigated. Additional aspects, including whether or not PHI has been exfiltrated, should also be considered when determining the extent to which the risk to PHI has been mitigated.

The risk assessment to determine whether there is a low probability of compromise of the PHI must be thorough, completed in good faith and reach conclusions that are reasonable given the circumstances. Furthermore, in accordance with 45 C.F.R. 164.530(j)(iv)), covered entities and business associates must maintain supporting documentation sufficient to meet their burden of proof (see 45 C.F.R. 164.414) regarding the breach assessment – and if applicable, notification - process including:

  • documentation of the risk assessment demonstrating the conclusions reached; 
  • documentation of any exceptions determined to be applicable to the impermissible use or disclosure (see 45 C.F.R. 164.402(1)) of the PHI; and 
  • documentation demonstrating that all notifications were made, if a determination was made that the impermissible use or disclosure was a reportable breach. 

8. Is it a reportable breach if the ePHI encrypted by the ransomware was already encrypted to comply with HIPAA?

This is a fact specific determination. The HIPAA breach notification provisions apply to “unsecured PHI” (see 45 C.F.R. 164.402), which is protected health information (PHI) that is not secured through the use of a technology or methodology specified by the Secretary in guidance. If the electronic PHI (ePHI) is encrypted by the entity in a manner consistent with the Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals7 such that it is no longer “unsecured PHI,” then the entity is not required to conduct a risk assessment to determine if there is a low probability of compromise, and breach notification is not required.

However, even if the PHI is encrypted in accordance with the HHS guidance, additional analysis may still be required to ensure that the encryption solution, as implemented, has rendered the affected PHI unreadable, unusable and indecipherable to unauthorized persons. A full disk encryption solution may render the data on a computer system’s hard drive unreadable, unusable and indecipherable to unauthorized persons while the computer system (such as a laptop) is powered down. Once the computer system is powered on and the operating system is loaded, however, many full disk encryption solutions will transparently decrypt and encrypt files accessed by the user.

For example, if a laptop encrypted with a full disk encryption solution in a manner consistent with HHS guidance8 is properly shut down and powered off and then lost or stolen, the data on the laptop would be unreadable, unusable and indecipherable to anyone other than the authenticated user. Because the PHI on the laptop is not “unsecured PHI”, a covered entity or business associate need not perform a risk assessment to determine a low probability of compromise or provide breach notification.

However, in contrast to the above example, if the laptop is powered on and in use by an authenticated user, who then performs an action (clicks on a link to a malicious website, opens an attachment from a phishing email, etc.) that infects the laptop with ransomware, there could be a breach of PHI. If full disk encryption is the only encryption solution in use to protect the PHI and if the ransomware accesses the file containing the PHI, the file containing the PHI will be transparently decrypted by the full disk encryption solution and access permitted with the same access levels granted to the user.

Because the file containing the PHI was decrypted and thus “unsecured PHI” at the point in time that the ransomware accessed the file, an impermissible disclosure of PHI was made and a breach is presumed. Under the HIPAA Breach Notification Rule, notification in accordance with 45 CFR 164.404 is required unless the entity can demonstrate a low probability of compromise of the PHI based on the four factor risk assessment (see 45 C.F.R. 164.402(2)).




1 United States Government Interagency Guidance Document, How to Protect Your Networks from Ransomware available at https://www.justice.gov/criminal-ccips/file/872771/download.
2 Exfiltration is “[t]he unauthorized transfer of information from an information system.” NIST SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations. (April 2013).


Available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf.

3 Firmware refers to “[c]omputer programs and data stored in hardware... such that the programs and data cannot be dynamically written or modified during execution of the programs.” NIST SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations. (April 2013).
Available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf. 

4 Adapted from NIST SP 800-61Rev. 2, Computer Security Incident Handling Guide. 

5 Available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf 

 See also Section 13402 of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

 Available at http://www.hhs.gov/hipaa/for-professionals/breach-notification/guidance/index.html 

Wednesday, August 29, 2018

Kerr SonicFill 3 is Now on the Market!

Sonic Fill 3.jpg

KaVo Kerr is excited to announce the launch of new SonicFill™ 3 SingleFill™ Composite System. SonicFill™ 2 enabled thousands of dentists to simplify and speed up the time-consuming, multi-stage process of crafting quality posterior restorations. SonicFill 3 takes that performance to the next level. Dentists will appreciate the improved adaptation and handling, and easier extrusion during placement.

The new, advanced SonicFill 3 fills cavities in seconds, is non-sticky and slump-free. In addition, cavities up to 5mm in depth can be filled in a single increment, without a need for a liner or capping layer. SonicFill 3 contains a nano-scale zirconsil (zirconium oxide + silica oxide) filler system, which provides effective blending, wear resistance, strength and reliability to ensure lasting restorations.

The new SonicFill3 SingleFill Composite System is the only sonic-activated bulk fill composite that acts both as a flowable composite during placement, and as a sculptable material after the sonic energy is removed increasing the speed and efficiency of restorative procedures.

“Simply put, SonicFill will allow you to become extremely efficient, increase your speed, and deliver improved adaptation and  lasting marginal integrity for predictable outcomes,” writes Dr. Philip Chahine, DMD, FAGD. “It’s a win-win for everyone involved.”

“The implementation of SonicFill bulk fill composite in my day-to-day patient care has met the need for placing posterior composite restorations that are completed in a quarter of the time of conventional layered composites”, added Dr. Scott Coleman, DDS, MAGD.

“SonicFill has changed the game forever in restorative dentistry. SonicFill 3 is another major step forward in our commitment in delivering quality products our customers have come to expect from KaVo Kerr,”  said Phil Prentice, VP of Marketing, KaVo Kerr Corporation.

For more information on SonicFill 3 or to schedule a free trial, call 800‐KERR123, or visit www.kerrdental.com

Tuesday, August 28, 2018

New app is the one-stop shop for all things Dentsply Sirona World 2018

DentsplySirona logo.png
Dentsply Sirona World is approaching.  As it does, I’ll be sure to have as many updates as possible just to keep you all informed.  Here’s the latest.  Hats off to the organizers for putting together an app for the entire meeting!

Dentsply Sirona, the Dental Solutions CompanyTM, today announced the launch of the Dentsply Sirona World 2018 app for mobile devices.

Registered DSW18 attendees are encouraged to download and begin using the app immediately to get a jumpstart on planning their schedules, register for courses, learn more about speakers and sessions, and be among the first to get all the latest event details.

“Not only does this app provide vital information, but it further builds the close-knit Dentsply Sirona World community,” said Digital Media Manager Megan Lynch. “Through the app, users can register for courses, post event-related selfies, read comments, get updates from friends and colleagues – and do all of this in real time! This app is truly a great way to experience ALL of Dentsply Sirona World 2018.”

Some of the features of the DSW18 app include:

  • Review the full event schedule, including all Breakout and General Sessions, including dates and times. 
  • Register for preferred sessions and build your daily agenda. 
  • No need to worry about getting lost – access hotel and conference maps to learn your way around the Rosen Shingle Creek Resort before your arrival! 
  • Bookmark any of the remarkable speakers and exhibitors you don’t want to miss - all on your mobile device! 
  • Make sure you don’t miss any of the once-in-a-lifetime entertainment events, including private performances by Grammy-nominated singer Katy Perry and Grammy- nominated comedian Jim Gaffigan. 


Dentsply Sirona is the world’s largest manufacturer of professional dental products and technologies, with a 130-year history of innovation and service to the dental industry and patients worldwide. Dentsply Sirona develops, manufactures, and markets a comprehensive solutions offering including dental and oral health products as well as other consumable medical devices under a strong portfolio of world class brands. As

The Dental Solutions Company TM, Dentsply Sirona’s products provide innovative, high-quality and effective solutions to advance patient care and deliver better, safer and faster dentistry. Dentsply Sirona’s global headquarters is located in York, Pennsylvania, and the international headquarters is based in Salzburg, Austria. The company’s shares are listed in the United States on NASDAQ under the symbol XRAY. Visit www.dentsplysirona.com for more information about Dentsply Sirona and its products.

• Show Dentsply Sirona and your fellow attendees just how much fun you’re having by posting pictures and interacting with each other on the app’s Activity Feed.

Registered DSW18 attendees receive an email with instructions on how to download the app onto their preferred IOS or Android device, as well as information on how to use the mobile web version of the app.

If you have any difficulty downloading the app, please call the Dentsply Sirona World information desk at 1.844.462.7476.

Registration for Dentsply Sirona World 2018 is still open; to learn more, visit www.dentsplysironaworld.com, contact the Dentsply Sirona World hotline at 1.844.462.7476 or email events@dentsplysironaworld.com

Monday, August 27, 2018

T-Mobile Announces Data Breach 08-20-2018 That Affected 2 Million Users

T-Mobile Logo.jpg
In the world we live in, data moves fast.  Unfortunately, that also applies to data involved in data breaches.  The bad guys with highspeed ‘net connections can just perform mayhem and thievery faster.  It’s sad, but it’s true.  The double edged sword that allows us to get so much done in less time, allows hackers to do the same… and to download the data faster as well.
Also, it seems like the faster this type of thing happens, the slower companies are to report it to their customers.  To that end I give a lot of credit to T-Mobile.  The suffered a breach four days ago, and they already have reported it and the info is available to the public.  I’m not going to use this post to blast T-Mobile, in the world that exists today, breaches are going to happen.  I’m saluting them for getting the info to their customers so quickly.
Here is what they have to say in their press release… and actually this could have been a lot worse.

Dear Customer –

Out of an abundance of caution, we wanted to let you know about an incident that we recently handled that may have impacted some of your personal information.

On August 20, our cyber-security team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities. None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised. However, you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).

If you have questions about this incident or your account, please contact Customer Care at your convenience. If you are a T-Mobile customer, you can dial 611, use two-way messaging on MyT-Mobile.com, the T-Mobile App, or iMessage through Apple Business Chat. You can also request a call back or schedule a time for your Team of Experts to call you through both the T-Mobile App and MyT-Mobile.com. If you are a T-Mobile For Business or Metro PCS customer, just dial 611 from your mobile phone.

We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access. We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.

What Happened?

On August 20, our cyber-security team discovered and shut down an unauthorized capture of some information, including yours, and promptly reported it to authorities. No financial data (including credit card information) or social security numbers were involved, and no passwords were compromised. However, some personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).

I got a notification.  What do I need to do?

We wanted you to be aware of this situation. If you have questions, please call Customer Care at your convenience. If you are a Metro PCS customer, just dial 611 from your mobile phone. If you are a T-Mobile customer, you can dial 611, use two-way messaging on MyT-Mobile.com, the T-Mobile App, or iMessage through Apple Business Chat. You can also request a call back or schedule a time for your Team of Experts to call you through both the T-Mobile App and MyT-Mobile.com. As a reminder, it’s always a good idea to regularly change account passwords.

I didn’t get a notification!  Should I be worried?

All affected customers have been, or shortly will be, notified. If you don’t receive a notification than that means your account was not among those impacted by this incident. If you need assistance or have questions about this incident or your account, please contact Customer Care at your convenience. If you are a T-Mobile customer, you can dial 611, use two-way messaging on MyT-Mobile.com, the T-Mobile App, or iMessage through Apple Business Chat. You can also request a call back or schedule a time for your Team of Experts to call you through both the T-Mobile App and MyT-Mobile.com. If you are a T-Mobile For Business or Metro PCS customer, just dial 611 from your mobile phone.

What is T-Mobile doing to prevent this from happening again?

We have a number of safeguards in place to protect your personal information from unauthorized access, use, or disclosure. For more information on how we protect your information, please check out our privacy policy. We also provide security tips for you at: https://www.t-mobile.com/responsibility/privacy.


Thursday, August 23, 2018

New Henry Schein One Service Bundles Announced

Dentrix Article.png

For you Dentrix users who are blog readers, this is some important info.  I’ve just returned from the Henry Schein One Summit and the company has some incredible enhancements and offerings coming soon.  I’ll do my best to bring you up to date on these.  Here’s the first one, give it a read.


Henry Schein Practice Solutions recently joined with a select group of industry-leading companies to form a new company called Henry Schein One. This organization, which includes Demandforce, Officite, Sesame and Dental Plans, combines leading practice management, revenue tools, and patient recruitment and engagement solutions all in one company to help you improve every aspect of your dental business.

Helping your business thrive remains our top priority. With one connected platform, your technology tools can talk to each other, share more data and automate more tasks. So your team can work smarter and faster—and improve each step of the patient experience.

Henry Schein One Service Bundles combine traditional Dentrix eServices with industry-leading solutions to help you boost profits, enhance patient care and set your practice apart from the competition. The new service bundles include:

Optimum Pro - Optimum Pro gives you our proven software support and payment management services and adds a complete set of tools, powered by Demandforce, that allow you to communicate with your patients more efficiently.
Ultimate - Ultimate is the top of the line for dental practices that not only want to succeed with revenue cycle management and patient engagement but truly understand the value of digital marketing to maintain and grow their patient base. Along with the eServices included in Optimum Pro, Ultimate pushes practice management into customer retention and acquisition with expertly crafted online marketing, powered by Officite.
For a detailed list of the features in each of the new service bundles from Henry Schein One, click on this web link:


To learn more or to purchase a Henry Schein One bundle, contact us at 800.336.8749.

Wednesday, August 22, 2018

How new technology will impact treatment planning


One of the true game changers in our profession as of late has been the development of cone beam computed tomography (CBCT). That combined with the market penetration of digital radiography, which is now well over 50 percent, has created an environment of visual co-diagnosis that has dramatically changed the way we communicate with patients and the way we diagnose.

I’m a huge supporter of visually-based technologies for the simple reason that human beings rely heavily on their sense of sight. Whether it’s computer images, photos or working under high magnification, the ability to see well gives you the ability to “do” well.

Combining multiple factors of visually-based practice systems allows for greater efficiency of treatment and greater predictability of outcomes…

For the rest of my latest article that is appearing in this issue of DPR, head over to the Dental Products Report website.  

Tuesday, August 21, 2018

Westminster Pharmaceuticals, LLC. Issues Voluntary Nationwide Recall of Levothyroxine and Liothyronine (Thyroid Tablets, USP) Due to Risk of Adulteration

While I try to keep most info here dealing with tech topics or advancements, every once in a while I come across some healthcare info that, while isn’t strictly tech, for sure needs to be disseminated to all of you.  So, for today I think it’s important to get the word out on a FDA recall on dosages of a common thyroid medication.
Here is the report from the FDA website:

Westminster Pharmaceuticals, LLC is voluntarily recalling all lots, within expiry, of Levothyroxine and Liothyronine (Thyroid Tablets, USP) 15 mg, 30 mg, 60 mg, 90 mg, & 120 mg to the wholesale level. These products are being recalled as a precaution because they were manufactured using active pharmaceutical ingredients that were sourced prior to the FDA’s Import Alert of Sichuan Friendly Pharmaceutical Co., Ltd., which as a result of a 2017 inspection were found to have deficiencies with Current Good Manufacturing Practices (cGMP). Substandard cGMP practices could represent the possibility of risk being introduced into the manufacturing process.

To date, Westminster Pharmaceuticals has not received any reports of adverse events related to this product.

Levothyroxine and Liothyronine (thyroid tablets, USP) for oral use is a natural preparation derived from porcine thyroid glands. Thyroid tablets contain both tetraiodothyronine sodium (T4 levothyroxine) and liothyronine sodium (T3 liothyronine). Levothyroxine and Liothyronine tablets (thyroid tablets, USP) are indicated as replacement or supplemental therapy in patients with hypothyroidism. Appropriate adjustments of the various therapeutic measures directed at these concomitant endocrine diseases are required. Thyroid is not associated with serious adverse reactions and does not have a known tumorigenic potential.

Because these products may be used in the treatment of serious medical conditions, patients taking the recalled medicines should continue taking their medicine until they have a replacement product.

The products subject to recall are packed in 100-count bottles. To best identify the product the NDC’s, Product Description, Lot numbers and Expiration dates are listed below. These lots were distributed nationwide in the USA to Westminster’s direct accounts.

Levothyroxine and Liothyronine (Thyroid Tablets, USP) 15mg X 100ct
Levothyroxine and Liothyronine (Thyroid Tablets, USP) 30mg X 100ct
Levothyroxine and Liothyronine (Thyroid Tablets, USP) 60mg X 100ct
Levothyroxine and Liothyronine (Thyroid Tablets, USP) 90mg X 100ct
Levothyroxine and Liothyronine (Thyroid Tablets, USP) 120mg X 100ct
Westminster is notifying its direct accounts by email and by phone to immediately discontinue distribution of the product being recalled and to notify their sub-wholesale accounts of this product recall and make arrangements for impacted product to be returned to Westminster. Instructions for returning recalled products are given in the Recall Notice Letter and Recall Response Form. Consumers that have these products which are being recalled should not discontinue use before contacting their physician for further guidance.

Customers and patients with medical-related questions, information about an adverse event or other questions about the Westminster’s product’s being recalled should contact Westminster’s Regulatory Affairs department by phone at: 888-354-9939

Live calls are received Monday-Friday, 9:00AM - 5:00PM EST with voicemail available 24 hours/day, 7 days/week or email recalls@wprx.com.
Adverse reactions or quality problems experienced with the use of this product may be reported to the FDA's MedWatch Adverse Event Reporting program either online, by regular mail or by fax.

Complete and submit the report Online: www.fda.gov/medwatch/report.htm
Regular Mail or Fax: Download form www.fda.gov/MedWatch/getforms.htm or call 1-800-332-1088 to request a reporting form, then complete and return to the address on the pre-addressed form, or submit by fax to 1-800-FDA- 0178

Monday, August 20, 2018

Use of Mobile Devices in the Issuance of EPCS

Doc with phone.jpg
Here is important info from the Drug Enforcement Agency regarding using mobile devices for issuing electronic prescriptions for controlled substances (EPCS).  If any of you are using your mobile devices to issue prescriptions, this info is a very important read.  This notice was issued just last we from the DEA Diversion Control Division.

The DEA is issuing the following statement regarding the use of mobile devices for issuing electronic prescriptions for controlled substances (EPCS) due to confusion surrounding this issue.

At this time, the DEA does not preclude the use of a mobile device, for the issuance of an electronic prescription for a controlled substance, if the encryption used on the device meets the latest security requirements set out in Federal Information Processing Standards (FIPS 140-2).   The DEA will allow the use of a mobile device as a hard token, that is separate from the computer or device running the EPCS application, if that device meets FIPS 140-2 Security Level 1 or higher.  The device used to create the prescription cannot be the same device that serves as the hard token in the two-factor authentication. 

A practitioner who uses a mobile or other electronic device for EPCS, and who does not wish to carry a hard token on a separate device, must use biometrics, and a password or a challenge question.  See 21 C.F.R. §§ 1311.115 and 1311.116.

A practitioner may issue an electronic prescription for a Schedule II, III, IV, or V controlled substance when all of the requirements under 21 C.F.R. Part 1311 (Subpart C) are met. 

Please note that while this document reflects DEA’s interpretation of the relevant provisions of the Controlled Substances Act (CSA) and DEA regulations, to the extent it goes beyond merely reiterating the text of law or regulations, it does not have the force of law and is not legally binding on registrants.  Because this document is not a regulation that has the force of law, it may be rescinded or modified at DEA’s discretion.

For more information contact DEA Policy & Liaison Section at ODLP@usdoj.gov.

Thursday, August 16, 2018

Kid’s Nite Out offers fun and safe childcare during Dentsply Sirona World 2018

Kid's Nite Out 2.jpg

Here’s a great piece of news for those of you that are planning on attending the Dentsply Sirona World event that’s coming up in September.  The event is being held in Orlando this year and Orlando, of course, beckons with family vacations.  To help facilitate things for families, the meeting is providing day care in a safe environment.  Read on for the details.


For one low price, parents can experience every day of the Ultimate Dental Meeting stress-free knowing their children are spending the whole day safe and entertained in the same venue

If you have children, there is no need to worry about missing Dentsply Sirona World, Sept. 13-15 at the Rosen Shingle Creek Resort in Orlando, because your children now get a chance to have their own fun and educational experience. For just a one-time fee of $600 per child, attendees can drop their children off all day Thursday-Saturday in the Lake Toho room of the Rosen Shingle Creek Resort with Kid’s Nite Out, a family-operated business providing quality and safe childcare during conventions and vacations.

While you are mingling with and learning from the industry’s finest at this year’s Ultimate Dental Meeting, dedicated caregivers and the best staff in the childcare business are keeping your children safe and entertained.

“We understand the struggle of finding quality childcare during conventions like Dentsply Sirona World, and that’s why Kid’s Nite Out is important,” said Vice President of Marketing Ingo Zimmer. “We want to make sure everyone has an equal chance to attend all of the captivating educational opportunities we’re offering.”

Kid’s Nite Out is providing services:

  • Thursday, Sept. 13, 8:30 a.m. – 11 p.m. 
  • Friday, Sept. 14, 8 a.m. – 11 p.m. 
  • Saturday, Sept. 15, 8:30 a.m. – midnight

While Kid’s Nite Out is offering lunch and snacks, parents are expected to give their children breakfast and dinner. The dinner break each day is between 5:30-7 p.m. Kid’s Nite Out will not be responsible for the children during this time.

Wednesday, August 15, 2018

Canadian Dental Practice Consolidation Continues According to 2018 DIAC Survey

DIAC Logo.png
Here is some pretty interesting info from the Dental Industry Association of Canada.  This information comes from the Twenty-Second Annual Future of Dentistry Survey.  The things you can glean from this definitely point to some trends that I’m confident others are seeing in countries outside of Canada.  It’s well worth reading.

 – The fundamental shift in the make-up of the Canadian dental practice detected in previous reports is continuing, according to results from the DIAC (Dental Industry Association of Canada) Twenty-Second Annual Future of Dentistry Survey. All of the following points may reflect on the impact of the current economic situation on the dental practice in Canada:

  Trend towards increasing numbers of dentists in the practice continues, with 11% of practices with five or more dentists. This was 3.4% in 2016 and an average of 6.3% the last 14 years.
  Growing percentage of respondents describing their location as Urban (now 62% as compared to 56% last year and 51% in 2016) (average of 53% over past ten years). Drop off is in Suburban locations (falling to 22% from 29% last year and an average of 25% over the past 10 years).
  Practices with three or fewer operatories had been generally in steady decline since the survey began, a real drop of 40.2% since 1997.
  28% of respondents planning to add at least one operatory as opposed to 22% last year.
  The number of hygiene days per practice is increasing overall (with more days being added by

those who only had one or two per week previously) - 46% of respondents in 2018 had 5 or more

hygiene days per week, as compared to 44% last year and the average of 38.6% the last ten years).
  At the same time, the average number of patients treated per day continues to decline. Unlike last

year, where a higher number of specialists responded, the GP/Specialist split on response returned to historical norms in 2018. On an overall basis, dentists treated 11 patients in an average day as compared to the average of 12.5 patients over the last ten years. 89% stated they treated less than 15 patients a day (as opposed to 83% last year and an average of 78.6% over the last four years).
  Reinforcing the 2017 results, dentists continue to move into Multi-practice (Group Practice). While the majority (63%) of respondents stated they were in a solo practice, more than a third (34%) are now in a group practice – and these group practices are getting bigger with 24% having 5 or more operatories (as opposed to 17% in 2017). While the two key advantages attracting those in a multi-practice structure were Associate Support (57%) and Buying Power (20%), “Better hours for patients” had growing support this year with 12% of response. The majority of Group Practice respondents (63%) felt they offered a higher standard of care than a solo practitioner. However, a substantial 23% said they did not. This finding is reinforced by the response to the main drawbacks of a multi-practice (Group practice) structure with 21% citing Consistency of Care (#2 response with Conflict with management style #1 at 29%).

It is little wonder that “Financial/paying bills/overhead” was the top challenge that respondents intended to address in 2018 (as well as the Top Metric for Success in the opinion of 78% of respondents), with “Getting more patients/keep busy” a close second. The majority (60%) of dental practices now offer patient financing in some fashion, reinforcing results from 2017 (almost one-half (45%) of respondents offered in-house financing while 15% used third party financing) as a way to get those patients.
Financial concerns also appear to have impacted on dentists Practice Management CE activities. The top focus is on building “the Numbers”. The highest rated Practice Management topics for 2018 involve building the business of the practice (ranked in order from highest: Leadership Team Development; Revenue Enhancement/Expense Management; Fraud Protection; and Communication/Case Presentation).

For the first time, Social Media was mentioned by over 50% of respondents as one of the most popular Practice-Building Tools utilized, still second to “Asking for referrals” but trending rapidly upward from 13% in 2012. This movement to on-line promotion mirrors where dental patients are telling practitioners they are getting information on dental treatment options. According to the survey, Internet achieved another all-time high rating and was ranked as the top patient source for the third straight year. This was followed by the more traditional sources of Family members, friends, etc. and Dentist/Dental Team presentations.

A total of 414 practicing Canadian dentists responded to this year’s survey with a good proportional distribution across all regions of the country. Based on this response rate, overall 2018 survey results have an accuracy of +/- 4.7% 19 times out of 20.

Tuesday, August 14, 2018

Beware of iOS Phishing Scam that Promises to Connect You to "Apple Care"

Ars Technica Logo.png
The smart people at website Ars Technica lately have uncovered and reported on a pretty sneaky way that bad guys are using to attempt to get users to give away their personal data.
As I’ve preached here many times, usually the most vulnerable chink in the security armor, is the human one.  Social engineering goes back about as long as humans do and nobody knows that quite like the nefarious types that inhabit the online criminal world.
To that end, now the crooks have come up with a way to trick iPhone users into calling into the bad guy call centers and actually “volunteering” to give away their information.
Are tells us:
This particular phish, targeted at email addresses associated with Apple's iCloud service, appears to be linked to efforts to fool iPhone users into allowing attackers to enroll them into rogue mobile device management services that allow bad actors to push compromised applications to the victim's phones as part of a fraudulent Apple "security service."
So… basically the user is tricked into thinking their phone is compromised and will be shutoff unless they call a number.  Once you call, they use social engineering tactics to get your username and password or to install rogue applications.  Either way, once that happens… they own your device.
So be alert!  There are lots of scams out there and the only reason they exist is because, sadly, they work on more than enough honest people to make the effort profitable.
Here’s a link to the entire Ars Technica story on the issue.  It’s a somewhat complicated read due to some short descriptions on coding & the web pages involved, but I feel it’s well worth your time to read it.

Monday, August 13, 2018

It Appears that Healthcare Data Breaches are More Common in Larger Facilities

According to a recent study that appeared in JAMA Internal Medicine, larger medical facilities are more likely to suffer from data breaches.
This makes a certain degree of sense.  Larger institutions certainly have more patient data stored in the EHR (Electronic Health Record) and, therefore, make a more practical target for attackers.  By going after larger databases, hackers can get more info per intrusion.  Obviously, even in the world of data theft, economies of scale exist.  There is also the matter of simple computer security.  Larger organizations will have more computers, connected devices, etc that need to be patched and kept updated with the latest security enhancements.  One small door is all that is needed and in big hospitals, there are more “electronic doors” and therefore, greater odds of finding a device to exploit.  Then there is the matter of employees and security protocols.  The sheer number of people with access to data means more opportunities for a phishing attack or any of a myriad other things that might leave data exposed.
While I agree with the odds increasing as the amount of patient data increases, it should be noted here that data breaches, hacking, and RansomWare are an all to frequent occurrence in small practices as well.  My good friends at DDS Rescue tell me that their help is frequently required by customers that have either been locked out of their data by RansomWare or some type of malicious hacking break in.  These situations can happen to anyone.  You need to be prepared and DDS Rescue can help you with hacking incidents.
Here is an abbreviated version of the article:

As the adoption of electronic record and health information technology rapidly expands, hospitals and other health providers increasingly suffer from data breaches.1 A data breach is an impermissible use or disclosure that compromises the security or privacy of the protected health information and is commonly caused by a malicious or criminal attack, system glitch, or human error.2,3 Policy makers, hospital administrators, and the public are highly interested in reducing the incidence of data breaches. In this retrospective data analysis, we use data from the Department of Health and Human Services (HHS) to examine what type of hospitals face a higher risk of data breaches.

Under the Health Information Technology for Economic and Clinical Health Act of 2009, all heath care providers covered by the Health Insurance Portability and Accountability Act must notify HHS of any breach of protected health information affecting 500 or more individuals within 60 days from the discovery of the breach. The Department of Health and Human Services publishes the submitted data breach incidents on its website, with the earliest submission date as October 21, 2009. We were able to link 141 acute care hospitals to their 2014 fiscal year Medicare cost reports filed with the Centers for Medicare and Medicaid Services (CMS). The unlinked hospitals include long-term care hospitals, Veterans Affairs and military hospitals, hospital systems, and hospitals unidentifiable in the CMS data set. We applied multivariable and regression analyses to compare these 141 hospitals with other acute care hospitals to understand what type of hospitals face a higher risk of breaches.4 Statistical analysis was performed with SAS 9.4 (SAS Institute Inc) and STATA 14 (StataCorp LLC). For statistical analysis, t tests were used, and P < .05 was considered significant.

Between October 21, 2009, and December 31, 2016, 1798 data breaches were reported.5 Among them, 1225 breaches were reported by health care providers and the remaining by business associates, health plans, or health care clearing houses. There were 257 breaches reported by 216 hospitals in the data, with median (interquartile range [IQR]) 1847 (872-4859) affected individuals per breach; 33 hospitals that had been breached at least twice and many of which are large major teaching hospitals (Table 1). Table 2 lists hospitals with more than 20 000 total affected individuals. For the 141 acute care victim hospitals linked to their 2014 CMS cost reports, the median (IQR) number of beds was 262 (137-461) and 52 (37%) were major teaching hospitals. In contrast, among 2852 acute care hospitals not identified as having breaching incidents, the median (IQR) number of hospital beds was 134 (64-254), and 265 (9%) were major teaching hospitals. Hospital size and major teaching status were positively associated with the risk of data breaches (P < .001).

A fundamental trade-off exists between data security and data access. Broad access to health information, essential for hospitals’ quality improvement efforts and research and education needs, inevitably increases risks for data breaches and makes “zero breach” an extremely challenging objective. The evolving landscape of breach activity, detection, management, and response requires hospitals to continuously evaluate their risks and apply best data security practices. Despite the call for good data hygiene,6 little evidence exists of the effectiveness of specific practices in hospitals. Identification of evidence-based effective data security practices should be made a research priority.

This study has 3 important limitations. First, data breaches affecting fewer than 500 individuals were not examined. Second, since each victim hospital was matched to CMS cost report based on the name and state, the matching might be incomplete or inaccurate for some hospitals. Finally, our analysis is limited to the hospital industry. Future studies that examine the characteristics of other types of health care entities that experienced data breaches are warranted.