Thursday, April 18, 2019

Academy of Laser Dentistry Installs New President & Officers During Annual Meeting in Dallas

 

Mel Burchman, DDS to Preside as ALD President from May 2019- May 2020

The Academy of Laser Dentistry (ALD) the only independent and unbiased non-profit association dedicated to improving patient care with the proper use of laser technology, recently installed its new president and officers for 2019-2020. The announcement was made during the ALD’s recent 26th annual meeting in Dallas.

Mel Burchman, DDS, President: Dr. Burchman has maintained a private dental practice in Langhorne, Pennsylvania, for 38 years. He has been using lasers for more than 18 years and has 8 lasers in his office. He has served on the Board of Directors for one 3-year term, and in numerous chairmanship positions including 2019 Conference Chair for the Annual Meeting, and as Certification Committee Chair, Secretary and Treasurer. Dr. Burchman has volunteered as a mentor and examiner for more than 15 years. In 2012, he was the honored recipient of the ALD Leon Goldman Award for Clinical Excellence. Dr. Burchman also holds ALD Mastership status.

Ed Kusek, DDS, President-Elect: Dr. Kusek graduated from the University of Nebraska College of Dentistry in 1984. He has served as ALD Communications Chair and Testing subcommittee Chair. He holds the titles of Diplomate of the American Board of Oral Implantology/Implant Dentistry, Fellow of the American Academy of Implant Dentistry, Mastership in Academy of General Dentistry and Academy of Laser Dentistry, and Diplomate of the International Congress of Oral Implantologists. Dr. Kusek is in private general practice in Sioux Falls, South Dakota.

Arun Darbar, BDS, DGDP (UK), Treasurer: Dr. Darbar is at the forefront of laser dentistry in the United Kingdom and lectures on the subject worldwide. He has been a clinical laser user for nearly 25 years and provides cutting-edge dentistry to his patients. Dr. Darbar is an accredited member of the British Academy of Cosmetic Dentistry Credentialing Committee. He holds ALD Mastership and Educator status and has served as co-chair of Education and Certification, and International Relations Committees. He is a published author, and some of his concepts in low-level laser therapy (LLLT) data have been published as proceedings of SPIE in 2006, 2007, and 2009/10; WALT 2008 South Africa and 2012 Australia; and in UK dental publications. Dr. Darbar is the first and only laser dentist in the UK to be invited to the House of Lords for a charity fundraiser organized by Lasers for Life. Dr. Darbar maintains a private dental practice in Leighton Buzzard, UK.

Samuel B. Low, DDS, MS, M.Ed., Secretary: Dr. Low is Professor Emeritus, University of Florida College of Dentistry, and Associate faculty member of the Pankey Institute with 30 years of private practice experience in periodontics and implant placement and 12 years with laser management of the periodontal patient. He is also a Diplomate of the American Board of Periodontology and past President of the American Academy of Periodontology. Dr. Low provides dentists and dental hygienists with the tools for successfully managing the periodontal patient in general and periodontal practices and is affiliated with the Florida Probe Corporation. He was selected “Dentist of the Year” by the Florida Dental Association, Distinguished Alumnus by the University of Texas Dental School, and recipient of the Gordon Christensen Lecturer Recognition Award. He is a Past President of the Florida Dental Association and past Trustee of the American Dental Association.

Raminta Mastis, DDS, Immediate Past President: Dr. Mastis graduated from the University of Illinois College of Dentistry in 1987. She maintains a private dental practice, Michigan Cosmetic and Laser Dentistry, in St. Clair Shores, Michigan. Raminta previously served in each Officer role as ALD President 2018, President-Elect 2017, Vice President 2016, Treasurer 2015 and Secretary in 2014. Prior to her service as an Officer, Dr. Mastis served as Co-Chair of Certification and Education Committees, Chair of Laser Safety and Communications Committees, and was the 2014 General & Scientific Sessions Chair of the Annual Meeting. Dr. Mastis has been using lasers since 2000 and has 18 lasers of various wavelengths in her practice. She holds ALD Standard Proficiency certifications in Er:YAG, diode, Er,Cr:YSGG, and CO2 laser wavelengths, and has achieved ALD Advanced Proficiency in the Er:YAG wavelength. In addition to laser dentistry, her practice is focused on implant surgery and restoration, laser dentistry, esthetic and cosmetic dentistry, and integration of advanced technologies into practice. Dr. Mastis also holds ALD Mastership status.

Gail S. Siminovsky, CAE, Executive Director: Ms. Siminovsky is a leadership professional and has served as executive director of the Academy of Laser Dentistry since 1999. She raises awareness of the role of lasers as beneficial tools that dentists and hygienists have for treating dental disease. Gail serves the ALD Board as an advisor and is a member of ALD’s 22 committees. She earned and maintains the credential Certified Association Executive (CAE) from the American Society of Association Executives (ASAE) and served on ASAE’s Small Staff Advisory Committee. Gail graduated from the State University of New York in Binghamton, serves on the Board of Directors for the Florida Society of Association Executives (FSAE), and is a member of the American Dental Association’s Committee on Dental Meetings and National Coalition of General Dental Organizations (NCGDO). Gail has a passion for helping dentists revitalize the way they interact with patients by providing new and improved solutions for dental care. She speaks on governance and board leadership, building strategic alliances, and the importance of associations being knowledge brokers.

Note: These newly-installed ALD officers will serve a term that concludes with the installation of a new slate of officers during ALD 2020 in San Diego, that will take place from April 4-6th, 2020.

Wednesday, April 17, 2019

Isolite 3 Evaluation Currently in Progress

 
 
 
 
Starting a few days ago, we began evaluating the Zyris Isolite 3 system in the office.
 
For those of you who may not be completely knowledgable about the system, the Isolite 3 is a retraction, vacuum, and illumination device.  It provides a bite block, tongue, and cheek retraction in a disposable mouthpiece.  The system is connected to the office vacuum pump.  The mouthpiece has several holes that provide incredible removal of water and saliva leaving a dry well isolated field in which to work.  The non-disposable part of the system has 2 high intensity LEDs.  One of the LEDs is bright white from illumination of the field while the other is orange and works as illumination while performing procedures with light sensitive materials such as composites.  It allows the field to be brightly defined without worry of premature photo polymerization.
 
The concept of the device is a good one.  It has been around for several years and each generation seems to build on the success of the previous one.  I intend to put it through clinical testing here in a variety of situations and then report back on progress.  I can definitely say that it is working quite well, but that is only from a limited number of cases.  Definitely stay tuned for more information on this one...

Tuesday, April 16, 2019

OmniCore from Henry Schein the All-In-One IT Solution for Dental Offices

 
 
 
Keeping your hardware up to date and functioning properly can be difficult.  The IT piece of the healthcare business requires a high degree of diligence and monitoring.  Not only to keep you office running efficiently, but also to avoid things like malware, ransomware, and potential data breaches.  Hospitals and large medical clinics have dedicated IT teams that keep things up to date and running smoothly, but dental offices do not have that luxury.
 
To help with this situation, Henry Schein has developed a solution they are calling “OmniCore”.  I was given a sneak peek at the technology in August of last year, and I was impressed.  Now that it is available to the market, I think it’s important that all of you know about it.
 
Here is what the folks at Schein have to say about it:
Your OmniCore computer network comes complete with a virtualized server, network-attached storage (NAS), a business-grade wireless access point and firewall and hybrid data backup, all contained in a sleek, mobile, low-profile rack that can easily be rolled into an office. With OmniCore, TechCentral will provide, monitor and maintain your network for a low, regular monthly cost that’s easy to budget in, so you don’t have to give the IT that runs your practice a second thought.
 
TechCentral now has an innovative proposition to simplify and streamline IT: OmniCore, a hardware as a service offering. OmniCore is an all-in-one “dental office network in a box.” The network hardware and services are all supplied, maintained, monitored and cared for by TechCentral, for a low monthly subscription cost.

With OmniCore, practices don’t have to worry anymore about which à la carte equipment and services they need, what to do when their network isn’t working, when to replace or update components or how to budget for IT surprises. OmniCore is a set-and-forget solution that enables dentists to get back to focusing on the wonderful care they give their patients, while TechCentral keeps an eye on their network with remote monitoring, proactively resolving any issues that may arise.

OmniCore comes with high-quality, business-grade equipment, with the services and support that practices need for a comfortable IT experience. It’s optimized to work with other TechCentral and Henry Schein One solutions but can integrate with other third-party hardware as well as most practice management software solutions.
 
Basically the OmniCore system does everything to run your network.  In the most basic terms, you install it in your server closet, plug your network connections into it, and you are good to go.  The system runs a server, backup, antivirus, and more.  The system is monitored by Henry Schein remotely so they can perform updates when needed and also make sure everything is running exactly as it should.  IF there is a problem, they are on it.  No need to call in your own IT people.
 
Dental IT is tough.  Hiring companies that do not necessarily understand all the nuances of dentistry and HIPAA can make things difficult.  I’ve always been a fan of dental specific IT for your mission critical systems and all of the things covered by OmniCore are definitely mission critical.
 
Also, when the system ages and needs to be updated, they simply send a new unit.  An all in one solution for a simple monthly fee makes this a system that offers a lot to the profession.  I love technology and am a diehard “gear head” but even as much as I love tinkering with technology, I don’t have the time to guard and configure my systems.  That’s a difficult task to perform when you already have a full time job taking care of your patients and running your business.
 

Monday, April 15, 2019

The MoonRay S High Resolution DLP 3D Printer from SprintRay Will be Going Through Clinical Testing Soon




Shhhhhhh… do you hear that?  That noise you hear is the sound of an approaching change in technology in dentistry.

Digital 3D printing is coming to dentistry and it is coming in a big way.  In the past 2-3 years we’ve seen its arrival in a lot of different ways and it is only getting better.

3D printing can be used for models, occlusal guards, surgical guides, stents, even dentures.  You can even print in materials that can be used in a burnout oven to perform similar to the lost wax technique, which “sort of” allows for digital printers to be involved in the fabrication of permanent prostheses.  However, no one yet has come cup with a material that can print a permanent restoration… not yet anyway.

The technology promises a lot for our profession and not in some faraway future, but right now.  There are several companies that have entered the dental space and are looking to gain market share with reliable, accurate, and easy to use hardware.  One of those companies is SprintRay.
This week I’m going to be installing and then I’ll be using their MoonRay 3D printer.  The device is incredibly accurate in its printing due to the fact that the light curing unit is a UV DLP projector named RayOne.  It virtually eliminates distortion that is a problem with regular DLP and laser SLA 3D printing.  There is an array of tiny mirrors that reflect the light and cure with uniform precision.  If you don’t have the best quality DLP projector, you don’t get a good quality 3D rendering.
Here are some specs:

RAYONE PROJECTOR TECHNICAL SPECIFICATIONS
  • 100 Microns XY Resolution (Pixel Density)
  • 1280 by 800 Pixels
  • Glass + Polycarbonate Lens Construction
  • Texas Instruments DLP Chip
  • 405nm Blue-Violet Light
  • LED-based Light Source
  • 50,000 Hours Expected Lifetime
  • Machined Aluminum Structure
MOONRAY S TECHNICAL SPECIFICATIONS
  • Build area: 13 x 8 x 20 cm
  • Layer Thickness Options: 20 x 50 x 100 Microns
  • Minimum Feature Size: 100 Microns
  • Print Speed: 1 in/hour at 100 Micron z height
  • Wireless: LAN or Ad-Hoc WiFi b/g/n
  • Wired Connectivity: LAN via Ethernet
  • Unit Size: 38 x 38 x 50 Cm
  • Unit Weight: 14 kg
I’m excited to begin integrating this system into our clinical workflow including our CBCT 3D x-ray unit, digital impression acquisition unit, and now the MoonRay 3D printer.

I’ll be putting the device through some testing in the office and have it work on a variety of projects for me.  I’m planning on his evaluation taking a while, but rest assured that I’ll be back with some thoughts and opinions after I’ve taken adequate time to experiment and test.  The MoonRay is available from SprintRay.

Thursday, April 11, 2019

Porphyromonas Gingivalis Infections Underline Association of Periodontitis with Systemic Diseases

 



Since January of 2019 there has been a lot of talk about Alzheimer’s and the probable link between the disease and the bacteria Porphyromonas Gingivalis.  It seems that there are more and more pieces of the puzzle falling into place that show a definitive link.  Now there is a new study the is tying things even more closely together.
The study with is a work between the University of Louisville School of Dentistry and Poland’s University in Krakow, show what the researchers are calling “the strongest evidence of the link yet”.  The researchers performed examinations of brain tissue on deceased individuals some of whom suffered from Alzheimer’s and some who did not.
What they found was that Porphyromonas Gingivalis was much more common in the Alzheimer’s group than in the healthy group.  PG leaves a genetic marker call “gingipains” which is a positive indication of that the bacteria had been present.  
Here is the abstract:
Porphyromonas gingivalis, the keystone pathogen in chronic periodontitis, was identified in the brain of Alzheimer’s disease patients. Toxic proteases from the bacterium called gingipains were also identified in the brain of Alzheimer’s patients, and levels correlated with tau and ubiquitin pathology. Oral P. gingivalis infection in mice resulted in brain colonization and increased production of Aβ1–42, a component of amyloid plaques. Further, gingipains were neurotoxic in vivo and in vitro, exerting detrimental effects on tau, a protein needed for normal neuronal function. To block this neurotoxicity, we designed and synthesized small-molecule inhibitors targeting gingipains. Gingipain inhibition reduced the bacterial load of an established P. gingivalis brain infection, blocked Aβ1–42 production, reduced neuroinflammation, and rescued neurons in the hippocampus. These data suggest that gingipain inhibitors could be valuable for treating P. gingivalis brain colonization and neurodegeneration in Alzheimer’s disease.

Wednesday, April 10, 2019

Office of Civil Rights Puts Healthcare Sector on Alert Regarding Cyber Security

 



The Office of Civil Rights is the government entity that is responsible for enforcing the HIPAA rules and, of course, one of the main problems that healthcare entities face today is cyber security.  Data theft and ransomware are rampant in the healthcare sector.
To help the industry as much as possible, OCR releases a Cybersecurity Newsletter every quarter.  The most recent deals with Advanced Persistent Threats and Zero Day Vulnerabilities.  Here is what the OCR newsletter has to say:

Advanced Persistent Threats and Zero Day Vulnerabilities
An advanced persistent threat (APT) is a long-term cybersecurity attack that continuously attempts to find and exploit vulnerabilities in a target’s information systems to steal information or disrupt the target’s operations.1  Although individual APT attacks need not be technologically sophisticated, the persistent nature of the attack, as well as the attacker’s ability to change tactics to avoid detection, make APTs a formidable threat.
APTs are a serious threat to any information technology (IT) system, but especially those that are part of the health care field.  Healthcare services are part of a multibillion dollar industry that utilizes data to develop new drugs and treatments.  Medical research information, experimental treatment testing results, and even genetic data are valuable targets for theft because of their value in driving innovation.  Further, health information is used by healthcare providers and insurers to provide and pay for healthcare services for individuals.  If compromised, health information can be used for identify theft that could lead to financial fraud including theft of health insurance coverage benefits.  Also, because an individual’s health information can contain details concerning the most private and personal aspects of one’s life, the compromise of one’s health information could also lead to an ability to blackmail an individual based on their sensitive health information. Any security incident impacting the confidentiality, integrity, or availability of protected health information (PHI), can directly affect the health and safety of citizens.  APTs have already been implicated in several cyberattacks on the healthcare sector in the U.S. and around the world.
Zero Day Exploits
One of the most dangerous tools in a hacker’s arsenal is the “zero day” exploit or attack which takes advantage of a previously unknown hardware, firmware, or software vulnerability.  Hackers may discover zero day exploits by their own research or probing or may take advantage of the lag between when an exploit is discovered and when a relevant patch or anti-virus update is made available to the public.
These exploits are especially dangerous because their novel nature makes them more difficult to detect and contain than standard hacking attacks.  The possibility of such an attack emphasizes the importance of an organization’s overall security management process which includes monitoring of anti-virus or cybersecurity software for detection of suspicious files or activity.  Though hackers may exploit zero day vulnerabilities to gain unauthorized access to an organization’s computer system, appropriate safeguards, including encryption and access controls, may mitigate or even prevent unauthorized access to, or loss of, protected information.  Once zero day vulnerabilities are made public, this information becomes accessible to both good and bad actors alike which means entities should have measures in place to be aware of new patches and for assessing the need to apply them.  In the event a timely patch is not available, or cannot be immediately implemented (such as when testing is needed to ensure that the patch works with components of an entity’s information systems), an entity  may consider adopting other protective measures such as additional access controls or network access limitations to mitigate the impact of the zero day vulnerability until a patch is available.
A Dangerous Combination
APTs and zero day threats are dangerous enough by themselves. An APT using a zero day exploit can threaten computers and data all over the world. One such example is the EternalBlue exploit.  EternalBlue targeted vulnerabilities in several of Microsoft’s Windows operating systems. Soon after the EternalBlue exploit became publically known, the WannaCry ransomware was released and began spreading, eventually infecting hundreds of thousands of computers around the world. The damages due to WannaCry infections are estimated to be in the billions of dollars. Analysis of WannaCry found that it used EternalBlue to spread and infect other systems. One of the organizations most impacted was the United Kingdom’s National Health Service (NHS) which had up to 70,000 devices infected, forcing healthcare providers to turn away patients and shut down certain services. Several HIPAA covered entities and business associates in the United States were also affected by this cyberattack.
What Can HIPAA Covered Entities and Business Associates Do?
There are many security measures that organizations can proactively implement to help mitigate or prevent the damage that an APT or zero day attack may cause. The HIPAA Security Rule requires security measures that can be helpful in preventing, detecting and responding to cyberattacks such as those perpetrated by APTs or hackers leveraging zero day exploits. The HIPAA Security Rule includes the following security measures that can reduce the impact of an APT or zero day attack:
  • Conducting risk analyses to identify  risks and vulnerabilities (See 45 CFR § 164.308(a)(1)(ii)(A));
  • Implementing a risk management process to mitigate identified risks and vulnerabilities (See 45 CFR § 164.308(a)(1)(ii)(B));
  • Regularly reviewing audit and system activity logs to identify abnormal or suspicious activity (See 45 CFR § 164.308(a)(1)(ii)(D));
  • Implementing procedures to identify and respond to security incidents (See 45 CFR § 164.308(a)(6));
  • Establishing and periodically testing contingency plans including data backup and disaster recovery plans to ensure data is backed up and recoverable (See 45 CFR § 164.308(a)(7));
  • Implementing access controls to limit access to ePHI (See 45 CFR § 164.312(a));
  • Encrypting ePHI, as appropriate, for data-at-rest and data-in-motion (See 45 CFR §§ 164.312(a)(2)(iv), (e)(2)(ii)); and
  • Implementing a security awareness and training program, including periodic security reminders and education and awareness of implemented procedures concerning malicious software protection, for all workforce members (See 45 CFR § 164.308(a)(5)).

Additional Resources:
  • Guidance on Software Vulnerabilities and Patching
  • https://www.hhs.gov/sites/default/files/june-2018-newsletter-software-patches.pdf - PDF
  • HHS Update: International Cyber Threat to Healthcare Organization
  • https://files.asprtracie.hhs.gov/documents/hhs-update-4-international-cyber-threat-to-healthcare-orgs.pdf - PDF
  • An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities
  • https://www.nist.gov/publications/efficient-approach-assessing-risk-zero-day-vulnerabilities
  • Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
  • https://csrc.nist.gov/publications/detail/sp/800-160/vol-1/final
* In general, OCR’s newsletters do not establish legally enforceable responsibilities. Instead, these newsletters should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited.

Tuesday, April 9, 2019

Amazon Announces New Alexa Healthcare Skills

 



In an effort to help consumers keep better track of their own health, Amazon has announced new special Alexa skills that are in compliance with HIPAA.  This allows consumers to receive updates on different aspects of their health directly via Amazon Echo products utilizing the Alexa voice system.

Here is what Amazon announced:

Today, we’re excited to announce that the Alexa Skills Kit now enables select Covered Entities and their Business Associates, subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), to build Alexa skills that transmit and receive protected health information as part of an invite-only program. Six new Alexa healthcare skills from industry-leading healthcare providers, payors, pharmacy benefit managers, and digital health coaching companies are now operating in our HIPAA-eligible environment. In the future, we expect to enable additional developers to take advantage of this capability. If you are interested in getting updates, click here.

New Healthcare Skills
Every day developers are inventing with voice to build helpful and convenient experiences for their customers. These new skills are designed to help customers manage a variety of healthcare needs at home simply using voice – whether it’s booking a medical appointment, accessing hospital post-discharge instructions, checking on the status of a prescription delivery, and more.

The new healthcare skills that launched today are:
  • Express Scripts (a leading Pharmacy Services Organization): Members can check the status of a home delivery prescription and can request Alexa notifications when their prescription orders are shipped.
  • Cigna Health Today (by Cigna, the global health service company): Eligible employees with one of Cigna's large national accounts can now manage their health improvement goals and increase opportunities for earning personalized wellness incentives.
  • My Children's Enhanced Recovery After Surgery (ERAS) (by Boston Children's Hospital, a leading children's hospital): Parents and caregivers of children in the ERAS program at Boston Children's Hospital can provide their care teams updates on recovery progress and receive information regarding their post-op appointments.
  • Swedish Health Connect (by Providence St. Joseph Health, a healthcare system with 51 hospitals across 7 states and 829 clinics): Customers can find an urgent care center near them and schedule a same-day appointment.
  • Atrium Health (a healthcare system with more than 40 hospitals and 900 care locations throughout North and South Carolina and Georgia): Customers in North and South Carolina can find an urgent care location near them and schedule a same-day appointment.
  • Livongo (a leading consumer digital health company that creates new and different experiences for people with chronic conditions): Members can query their last blood sugar reading, blood sugar measurement trends, and receive insights and Health Nudges that are personalized to them.
Voice as the Next Frontier for Conveniently Accessing Healthcare Services

Developers of the new healthcare skills are excited to enable their customers to access their healthcare services in the comfort of their own homes simply by asking Alexa. These skills are just the first step in making it easier for customers to manage their healthcare needs using just their voice – we’re excited to see what developers build next. Here’s what they had to say:
  • Express Scripts:“With our new Express Scripts skill, we are trying to make it easier for people to make better informed health care decisions. In particular, we believe voice technology, like Alexa, can make it easy for people stay on the right path by tracking the status of their mail order prescription, helping us further solve the costly and unhealthy problem of medication non-adherence.” - Mark Bini, Vice President of Innovation and Member Experience, Express Scripts.
  • Cigna:“With our industry-leading voice skills, we are meeting customers where they are – in their homes, in their cars - and making it simpler to create healthier habits and daily routines. Through our Amazon Alexa skill, customers can simply use voice to understand the full range of their health benefits and receive personalized wellness incentives for meeting their health goals, empowering them to take control of their total health.”- Stephen Cassell, Senior Vice President of Global Brand and Customer Communications, Cigna.
  • Boston Children's Hospital:“Boston Children’s Hospital has long believed that voice technology has the potential to substantially improve the healthcare experience for both consumers and clinicians. We began this journey with one of the first Amazon Alexa skills from a hospital four years ago and are thrilled to participate in the initial launch of Amazon Alexa’s HIPAA-eligible service for developers. The My Children’s Enhanced Recovery After Surgery (ERAS) skill, launching today, allows patients and caregivers to easily share recovery progress with their care team post-surgery. We believe it is just one example of how voice technology can extend the care and support of our patients beyond the four walls of the hospital.” – John Brownstein, Chief Innovation Officer, Boston Children’s Hospital.

Monday, April 8, 2019

American Hospital Association Concerned About Vulnerabilities in Health Care Sector

 
 
The American Hospital Association (AHA)has some serious concerns about the safety of patient data and also the security of legacy devices that become more and more vulnerable to hacks as time marches on.  In February of 2019, Senator Mark Warner reached out to several healthcare organizations including the AHA and the AMA asking for their opinions on how to battle the security issues facing the industry which is now working on being totally digital and becoming a huge target for all kinds of nefarious hackers and ransomware.
The AHA responded with the letter below.  Give it a read.
 

On behalf of our nearly 5,000 member hospitals, health systems and other health care
organizations, our clinician partners – including more than 270,000 affiliated physicians,
2 million nurses and other caregivers – and the 43,000 health care leaders who belong
to our professional membership groups, the American Hospital Association (AHA)
appreciates the opportunity to respond to your letter regarding cybersecurity in the
health care sector.

Hospital and health system leaders recognize the information and resources held by
health care organizations are highly sensitive and valuable, and they are taking
cybersecurity challenges extremely seriously. They have implemented important
security steps to safeguard clinical technologies and information systems while they
continue to enhance their data protection capabilities. And hospitals and health systems
have made great strides to defend their networks, secure patient data, preserve the
efficient delivery of health care services and, most importantly, protect patient safety.

The AHA has focused its efforts on providing up-to-date cybersecurity information – for
both technical and non-technical audiences – to our member hospitals and health
systems. This information assists hospitals and health systems as they face the
continuing challenges of ensuring the privacy and security of patients’ health care data
in an environment of increasingly networked technology and expanded connectivity that
offers significant benefits for care delivery, but also increases the potential for exposure
to possible additional cybersecurity threats.

As the global WannaCry ransomware attack in 2017 underscored, the cybersecurity
risks hospitals and health systems continue to face include the extent to which medical
devices are vulnerable to threats and, in turn, can create serious risks for the security of
hospitals’ overall information systems and the delivery of patient care.

Below, we discuss our efforts to assist members with cybersecurity risk reduction and
mediation, as well as federal government efforts to stimulate and promote additional
cybersecurity risk reduction strategies to the health field. We also offer
recommendations for reducing cybersecurity vulnerabilities in health care.

AHA EFFORTS TO ADDRESS CYBERSECURITY

Cyber threats are a major risk issue for hospitals and health systems. The AHA began
raising awareness on cybersecurity issues in 2014 with resources directed at both
hospital and health system leaders and trustees.

In 2018, the AHA expanded on its provision of educational opportunities for members,
and we now also provide them with targeted and customized information, including
strategic cybersecurity and risk advisory services. Specifically, the AHA created a new
role, senior advisor for cybersecurity and risk, to assist the field. We hired a nationally
recognized health care cybersecurity expert who has nearly 30 years of highly-
accomplished service with the Federal Bureau of Investigation (FBI).
The AHA offers many cybersecurity education opportunities to hospital and health
system leaders, including both in-person and web-based presentations discussing
specific cybersecurity topics. We have prioritized raising awareness for board members,
hospital leaders and staff, in addition to providing information to technical audiences.
In addition, the AHA reviews government policy, regulation and legislation to provide
analysis pertaining to cybersecurity and risk implications for hospital and health
systems. We monitor pending criminal and national security investigations and liaise
with law enforcement and the intelligence community, as needed. The AHA also offers
support and advice to members during ransomware and extortion incidents, including
communications and response to adversaries.

The AHA has worked closely with federal government partners to help increase the
coordination and sharing of information to identify possible vulnerabilities and prevent
attacks on hospitals. The AHA serves as both a distribution channel to disseminate
threat information, as well as a conduit to federal agencies and departments highlighting
hospitals’ and health systems’ on-the-ground experiences. This was especially
important during the WannaCry attack when the AHA provided critical information to
many government partners regarding the impact on the health care sector.

FEDERAL GOVERNMENT AND PRIVATE-SECTOR EFFORTS TO ADDRESS
CYBERSECURITY

The AHA offers many cybersecurity education opportunities to hospital and health
system leaders, including both in-person and web-based presentations discussing
specific cybersecurity topics. We have prioritized raising awareness for board members,
hospital leaders and staff, in addition to providing information to technical audiences.
Both Congress and the Administration have worked to address cybersecurity
vulnerabilities in recent years. There are numerous efforts underway in several
departments and agencies. The Administration has used executive orders to name 16
critical infrastructure sectors ─ including health care and public health ─ deemed
essential to the security of the nation and directed federal agencies to prioritize securing
federal systems.
The Department of Health and Human Services (HHS) is designated as the liaison for
the health care sector. More broadly, the FBI has been designated as the lead authority
on investigating cybercrime. Other agencies, including the Department of Homeland
Security (DHS) and the Secret Service, also play key roles in combatting cybercrime
and providing guidance. Coordination across these federal agencies is critical to ensure
threat intelligence and defensive strategies are shared widely, effectively and in a timely
manner. In addition, these agencies must be given the resources to not only respond to
attacks, but help vulnerable health care targets prevent attacks from occurring and
succeeding.

The Cybersecurity Information Sharing Act of 2015 (CISA) allowed for information
sharing among private-sector and federal government entities and provided a safe
harbor from certain liabilities related to that information sharing. Information sharing is a
critical way to help prevent future attacks by allowing organizations to share real-time
threat information. Several private-sector entities, such as the Health Information
Sharing and Analysis Center (H-ISAC) and Health Information Trust Alliance
(HITRUST), provide information-sharing opportunities for organizations. The Health
Sector Coordinating Council Joint Cybersecurity Working Group, which the AHA
participates in, also serves an important role in bringing stakeholders together and
coordinating across public and private sectors.

In addition, the federal government has provided information sharing resources through
its cybersecurity initiatives, including health care and public health facilities. With that
said, the goals of information sharing have yet to be fully realized. Expedited and
tailored cyber threat information sharing from the federal government would benefit all
health care and public health organizations. Providers need actionable information that
identifies specific steps they can take to secure against new threats. Large volumes of
more generalized information can prove challenging to interpret and even become a
distraction.

In September 2018, the Administration released the National Cyber Strategy to address
the larger cyber ecosystem. Action is needed to address the cybersecurity challenges
facing all sectors, including health care. As a nation, we must bolster the security of our
cyber ecosystem, not just place the burden on individual institutions. The magnitude of
the challenges and the growing sophistication of the attacks suggest that the federal
government must provide additional resources.

Department of Health and Human Services. Under CISA, HHS is directed to work
with the private sector and other federal agencies to establish voluntary, consensus-
based best practices. To carry out this directive, HHS convened the Health Care
Industry Cybersecurity (HCIC) Task Force in March 2016 to examine the cybersecurity
challenges in the health care sector and determine recommendations to address them.
The following year, the Task Force released a report detailing six areas of focus along
with recommendations for both public and private partners to increase security in the
health care sector. In addition, in 2017, HHS convened the CISA 405(d) Task Group to
align industry approaches by developing a common set of voluntary, consensus-based,
and industry-led guidelines, practices, methodologies, procedures and processes that
health care organizations can use to enhance cybersecurity. The group is comprised of
more than 150 members from both the public and private sector, including the AHA.

In January 2019, the task group released the Health Industry Cybersecurity Practices:
Managing Threats and Protecting Patients to help continue to raise awareness and
provide best practices. The Health Industry Cybersecurity Practices provides essential
guidance for organizations of varying size and resource level to mitigate cybersecurity
threats. HHS also opened the Health Sector Cybersecurity Coordination Center (HC3)
in October 2018 to coordinate activities across the sector and report threats, profiles
and preventive strategies to DHS.
Food and Drug Administration (FDA). The FDA provides oversight to ensure that
medical devices are safe and effective. As a regulator, FDA has a leadership role in
creating expectations that manufacturers proactively minimize risk by building security
into products by design, providing security tools to their end-users, and updating and
patching devices as new intelligence and threats emerge. Manufacturers must share
with end-users the responsibility for safeguarding the confidentiality of patient data,
maintaining data integrity, and ensuring the continued availability and functionality of the
device system itself.

While no actions can completely eliminate cybersecurity risks from health care, swift
action by FDA to improve the security of legacy and new medical devices will aid in
reducing significant sources of vulnerability. We were pleased to see FDA include
cybersecurity steps in its May 2018 Medical Safety Action Plan and release a draft of
new pre-market authority requiring manufacturers to build capability to update and patch
device security into product design and providing a “Software Bill of Materials” that
identifies the information technology solutions in a device so that end-users can better
manage the devices. It also included consideration of new post-market authority to
require manufacturers to adopt policies and procedures for coordinated disclosure of
vulnerabilities when they are identified. In our comments to the agency, we noted that
the outlined steps would make important improvements to FDA’s oversight of medical
device manufacturers with respect to the security of their products and offered
suggestions for improvement. The AHA also urged FDA to move as quickly as possible
to implement these steps and make public its timeline for the benefit of all stakeholders.
FDA also has worked collaboratively with the private sector to advance medical device
security. In January 2019, the Healthcare and Public Health Sector Coordinating
Councils released the Medial Device and Health IT Joint Security Plan as a result of the
recommendation in the 2017 HCIC Task Force report. It will be important to continue
this work.

AHA RECOMMENDATIONS TO REDUCE CYBERSECURITY VULNERABILITIES IN THE HEALTH CARE SECTOR

The AHA supports recommendations included in the HCIC report, particularly continuing
to increase the security and resilience of medical devices and developing the health
care cybersecurity workforce capacity. We also support the development of a safe
harbor to protect HIPAA-covered entities that have complied with cybersecurity best
practices and making sure victims of attacks receive support and resources while
enforcement efforts are focused on investigating and prosecuting the attackers.
Additional recommendations in certain areas follow.
Medical Devices. A health system can have tens of thousands of devices from
hundreds of manufacturers connected to its network, leading to significant security
management challenges. Legacy devices remain a key vulnerability for hospitals and
health systems. Given their useful lifespans, many legacy devices were not built with
cybersecurity in mind and may use outdated or insecure software, hardware and
protocols, leaving them vulnerable to attack. To remediate this problem, manufacturers
must support end-users in providing a secure environment for safe patient care. This
support should include wrapping security precautions around these devices, adding
security tools and auditing capabilities where possible, conducting regular updates and
patching all software, and communicating security vulnerabilities quickly through
consistent channels.

While FDA has released both pre- and post-market guidance to device manufacturers
on how to secure systems, and released updated pre-market guidance for comment,
there are still concerns surrounding legacy devices and supported lifetimes that have
yet to be resolved. Given that legacy devices have already been sold, there is little
incentive for manufacturers to address the security of their installed base of products.
FDA must make clear that security measures to protect legacy devices are required, not
optional. Last year, we provided detailed comments to the House Committee on Energy
and Commerce with additional recommendations on the security of legacy medical
devices.

Workforce. Hospitals and health systems have emphasized the challenges they face in
securing their information systems, given the limited financial resources they have to
devote to cybersecurity and the current cybersecurity workforce shortages. These
challenges are even more acute for smaller and rural facilities. As discussed earlier,
recommendations to address this concern were included in the June 2017 HCIC Task
Force report. These recommendations discuss the need for the Administration and
Congress to provide resources and programs to increase and improve the cybersecurity
workforce in health care and to address the challenges of small and rural facilities. The
AHA would support developing and promoting workforce training programs specific to
cybersecurity in health care, as well as funding for targeted internships or other
programs to place cybersecurity professionals in small and rural facilities.

Safe Harbor. Despite complying with HIPAA rules and implementing best practices,
hospitals and health care providers will continue to be the targets of sophisticated
cyberattacks, and some attacks will inevitably succeed. Whether exploiting previously
unknown vulnerabilities or taking advantage of an organization with limited resources,
attackers will continue to be successful. The AHA believes that victims of attacks should
be given support and resources, and enforcement efforts should rightly focus on
investigating and prosecuting the attackers. Merely because an organization was the
victim of a cyberattack does not mean that the organization itself was in any way at fault
or unprepared. Similarly, a breach does not necessarily equate to a HIPAA security rule
compliance failure. Moreover, an aggressive regulatory enforcement approach could be
counter-productive and hinder valued cooperation by the victims of cyberattack with
other parts of the government, such as DHS, FBI and the intelligence community.
Instead, successful attacks should be fully investigated, and the lessons learned should
be disseminated widely to prevent successful similar future attacks.

We urge the HHS Office of Civil Rights (OCR) to consider ways to develop a safe-
harbor for HIPAA-covered entities that have shown, perhaps through a certification
process, that they are in compliance with best practices in cybersecurity, such as those
promulgated by HHS, in cooperation with the private sector, under section 405(d) of the
CISA. Those best practices were developed through broad public/private collaboration
after months of deliberation and development. A safe harbor would give covered entities
clarity about the level of diligence they need to exercise, including when they agree to
share and exchange protected health information with other systems/organizations
through tools like health information exchanges, to avoid OCR enforcement when an
attacker gains access.

General Cyber Defenses. In addition to activities specific to the health care sector, the
AHA supports efforts to bolster nationwide cyber defenses. These include building
capacity and devoting federal resources to:
Develop and disseminate coordinated national defensive measures, both within
government and to the private sector.
Identify and disrupt bad actors through law enforcement activities.
Increase the consequences for those who commit cybercrimes.
Identify and support best practices by the private sector.



Hospitals and health systems have made great strides to defend their networks, secure
patient data, preserve the efficient delivery of health care services and, most
importantly, protect patient safety. The AHA supports improving the cybersecurity of
medical devices to help reduce vulnerabilities, increasing the cybersecurity workforce to
ensure needed experts can help prevent attacks, and the developing of a safe harbor to
give reassurance to facilities with exemplary cyber practices. The AHA is pleased to
continue sharing information from the field to help the federal government effectively
combat cyber threats. We look forward to working with you and others in Congress to
reduce cybersecurity vulnerabilities in the health care sector.

Thank you for the opportunity to comment and for your leadership on this issue. Please
contact me if you have questions or feel free to have a member of your team contact
Mark Seklecki, vice president of political affairs, at mseklecki@aha.org or (202) 626-
2341.

Sincerely,
/s/

Thursday, April 4, 2019

Patients Sue UConn Health over Data Breach Caused by Phishing Attack


 

The University of Connecticut and its affiliated teaching hospital are facing a class-action lawsuit, following its report that a phishing attack potentially breached the data of about 326,000 patients.
A hacker accessed a number of employee email accounts, which potentially compromised patient names, dates of birth, addresses, and limited medical information. For 1,500 patients, Social Security numbers were compromised.

UConn Health concluded its investigation on December 24 and began notifying patients at the end of February. At the time, officials said, “because we cannot isolate exactly what, if any, information may have been accessed, we notified individuals whose information was in the impacted accounts.”
In response, Yoselin Martinez, on behalf of herself and the other patients impacted by the breach, filed suit against UConn Health on March 18. Martinez is pursuing legal action after a fraudulent charge was made from her bank account and caused an overdraft, after she received UConn’s breach notification.

The lawsuit argued that UConn Health failed to properly secure and safeguard personally identifiable information and protected health information. Further, officials failed to provide a timely, accurate, and adequate notice that a data breach had occurred.

The crux of the argument is that patients have not been told when the breach occurred, the lawsuit argued. But UConn Health officials told the public that the breach first occurred in August 2018: four months before the investigation concluded and another six months before patients were notified.
The patients noted that phishing attacks on healthcare organizations are well-known and common. However, they argued that UConn Health’s breach only occurred due to their failure to “implement adequate and reasonable cybersecurity procedures and protocols.”

“Among other things, [UConn Health] failed to exercise reasonable care, and to implement adequate cybersecurity training, including, but not limited to, how to spot phishing emails from unauthorized senders,” according to the lawsuit.

“The deficiencies in [UConn Health]’s data security protocols were so significant that the breach likely remained undetected for months,” it continued. “Intruders, therefore, had months to access, view and steal patient data unabated.”

Further, the health system failed to discover its systems were breached and that “intruders were stealing data on hundreds of thousands of current and former patients. Timely action by UCONN would likely have significantly reduced the consequences of the breach.”

The lawsuit argued that the health system “intentionally, willfully, recklessly, or negligently” failed to take adequate steps to ensure its systems were protected, and officials failed to tell patients it didn’t have “adequate computer systems and security practices to safeguard their PII.”

Further, the health system failed to take available precautions to prevent the breach, including monitoring and timely detection of unauthorized access, according to the suit.

The patients are seeking remedies for “harms suffered” as a result of the security incident and assurance that their data, still held by UConn, “is protected from further breaches.”

“No one can know what else the cybercriminals will do with the compromised PII/PHI,” according to the lawsuit. “However, what is known is that UCONN Health patients will be for the rest of their lives at a heightened risk of further identity theft and fraud.”

“Defendants’ conduct gives rise to claims for breach of contract and negligence,” it continued. “Plaintiff, individually, and on behalf of those similarly situated, seeks to recover damages, equitable relief, injunctive relief designed to prevent a reoccurrence of the Data Breach and resulting injuries, restitution, disgorgement, reasonable costs and attorney fees, and all other remedies this Court deems proper.”

Wednesday, April 3, 2019

Omnichroma Test Drive is Complete, Check Out my Review After 6 Months of Hands-On Experience

 



Every once in a while a new product comes along that changes the industry.  These “shape shifters” can be in all shapes, sizes, and product categories.  They don’t always necessarily have to be overly expensive and they don’t have to be gadgets either.  Sometimes they are game changers because of the simple fact that they are not these things!  
I recently completed an article for a product that falls into this outside the box category.  It’s a composite from Tokuyama called Omnichroma.
Why is it such a game changer?  Simply because it provides complete and absolute simplification of the procedure of placing resin based restoratives and that is a procedure we perform many times each day.
I was introduced to the product in a very secret meeting in Hawaii and asked to begin product testing and placing the material in clinical situations.  Six months later, I’ve released my work and opinions in an eBook from Dental Products Report.
I highly recommend you download this eBook and give it a read.  I’m confident that it will be a game changer in the industry and that it deserves consideration as a part of our restorative arsenal.  The page also contains a 5 minute video I shot where I discuss my opinions on the product.
Give this all a look and let me know what you think in the comments section below.  I think this material will help you have better patient outcomes.

Tuesday, April 2, 2019

3M Introduces New Universal Restorative

 

New material ensures strong and esthetic restorations while simplifying
the shading process to improve productivity

For busy dental professionals, a variety of responsibilities and tasks make staying on schedule a challenge. Implementing time-saving products and procedures is crucial to meeting these daily demands and even simple changes can make a significant difference. In order to help dentists increase efficiencies, 3M introduces 3M™ Filtek™ Universal Restorative – a new universal composite that offers a modernized approach to anterior and posterior restorations, with a simplified shading process and advanced composite technology to provide strong and esthetic results.
On average, dentists choose to use a single-shade restoration for roughly 80 percent of the cases they perform.* Knowing efficiency is key, 3M simplified the overall shade selection process. Using NaturalMatch technology, 3M developed eight designer shades, plus an Extra White (XW) that cover the 19 VITA classical and bleach shades1. A Pink Opaquer was also created to mask metal and stained dentition. In addition, the shades have one universal opacity to meet most clinical needs.
Filtek Universal Restorative utilizes NaturalMatch technology, a blend of 3M’s composite technologies for durability and esthetics. Propriety low-stress monomers reduce shrinkage stress, while use of nanofillers creates a TRUE nanocomposite that provides high strength and excellent wear resistance.
“Dentists are pulled in many different directions every day, with countless to-dos that stack up while they serve their patients. That’s why 3M wanted to create a solution that helped them cut down on steps and removed some of that stress,” said Sebastian Arana, President & General Manager, Oral Solutions Division of 3M. “The new Filtek Universal Restorative combines a unique shading system in an innovative material that not only provides efficiency, but also a highly esthetic and long-lasting result.”
Filtek Universal Restorative also features capsules that can be warmed2 and an improved tip design that allows the material to extrude like a flowable composite, and then become more viscous for shaping. At 8 mm, the tip is longer than our previous universal capsules, which enables good adaptation even in hard to reach areas.
To learn more about the new 3M Filtek Universal Restorative, please visit www.3M.com/FiltekUniversal.

Monday, April 1, 2019

Using Technology for Better Aesthetic Outcomes

 
Interested in how to incorporate tech in a variety of ways to ensure better cosmetic outcomes?  That’s the concept that I embraced in my latest article for Dental Products Report.  It’s interesting that sometimes, even for me, breaking things down into manageable parts becomes a bit of “forest and trees” when it comes to explaining how I do things.  By that, I mean I’ve been using tech for so long and in a variety of outside the box concepts that I sometimes forget that not everyone is doing it that way.
So for this article, I tried to take a look at the individual tech steps I use/take to get the best possible outcomes possible.  Part of the fun of the tech utilization is that it gives me a chance to embrace new ways of doing things and figuring out better process for better results.  Here’s what I came up for this issue:
Technology is so embedded into everything we do now. The seamlessness of the experience frequently allows us to forget how things “used to be” even just a few years ago.
In the hour prior to starting on this article I’ve emailed multiple people, had a Twitter DM conversation with someone on Oahu, read a story in a Pakistani newspaper, updated some contacts (where those updates immediately appeared on all my devices), and used AirDrop to send a photo from my laptop to my phone. Oh, and not once did I think about how difficult any of those things might be. They just happened with hardly any effort on my part.
We could sure use a bit more of that in dentistry right now. Moving data around is a whole lot easier than it used to be, but with the security concerns we have regarding patient data and HIPAA compliance, reliable encryption by some program that was something of an “industry standard” could certainly help.
Often in dentistry we see tremendous advantages in our practices from technology, but the idea of cross-platform compatibility from one company to another would certainly help things. It would also be tremendous if the data was device agnostic for things such as CBCT scans. I’d love to be able to open them on my Mac without having to use a program from a completely different vendor than what I use on the Windows computers in my office.
However, there are times when we can actually coordinate a “symphony of technology” in our offices. By that term, I mean that we can coordinate different technologies so they blend together in a harmony that works better together for a better overall result. One of the best procedures for this type of “many technologies, one goal” scenario is cosmetics.
More from the author: The best tech to enhance your practice
The education
There are always things we can do to improve. In my book, that’s a lot of what technology is all about, and, personally, I think one of the principle ways we can improve in dentistry is through communication.
Often in the world of cosmetics the patient has an idea of what he or she wants, but he or she really doesn’t know how to get there. Sometimes patients’ expectations can be greater than what can be delivered. Sometimes those results are “possible” but require things like orthodontics or soft tissue surgery. The secret to having an acceptable outcome is often directly related to communication.
I say this all of the time, but that’s because it’s so important. Experts state human beings receive more than 85 percent of their information through their eyes. Translated, that basically means you can talk until you’re blue in the face, but people won’t remember much of it and they probably won’t comprehend much of it either.
What they’ll remember is what they see. So, it’s critically important to use visual tools when you communicate with patients. We have lots of educational models in the office that we can quickly access to show a patient the difference between implants, bridges, crowns, veneers, etc. Many patients know they want a great smile, but most don’t understand how to get one.                                                                                                       

The plan                                                                           
I’m a big fan of the expression “Failing to plan is planning to fail.” When you’re performing large cases, it’s so much easier to accomplish the end if you start with a solid plan.  Once we’ve educated the patient on the options, we then enter the planning phase. I’m an “info hound,” and by that I mean I’d much rather have too much information than too little.
Normally the process of a big case starts in hygiene; however, that’s only the first step. Hygiene helps determine the patient’s wants and needs. Then comes the visual education. At that point the patient is advised to set up a data gathering appointment, which allows us to collect the extensive secondary dataset that we need for the full treatment plan. Hygiene is continually collecting primary data, which is used for routine diagnosis and treatment planning. Secondary data is what we need to provide superior extensive or elective treatment.
At the secondary appointment, we’ll get a cone beam scan and also scan the full mouth with our iTero® Element unit (itero.com/en-us). We’ll have the iTero scans converted into study models.  I like this process for two reasons:

For the remainder of the article follow this link.