Consulting

Tech Advice for the Dental Practice

HARDWARE

noun_Computer_666789 - Copy (2) (1)

Business-Class Servers

It is recommended to use only business-class servers manufactured by DELL or HP. The server has an important role of providing a robust and reliable platform for your Practice Management Software, Imaging and other vital data.

  • We recommend the DELL PowerEdge with a separate RAID controller, hot swappable solid state drives, and dual Xeon processors. The estimated price is $3,200 plus $1,192 to configure and install.
  • The most common failure points on a server are a corrupt OS, hard drives, power supplies, fans and RAID controllers.
  • We recommend replacing the server on your terms (at least every five years) using a business-class IT service.

Business-Class Workstations

We recommend using only business-class workstations manufactured by DELL, HP or Lenovo. The workstation provides a vital role for the employees to take images, input data and invoice patients. While they are not as critical as a server, they can cause a major interruption when they fail. 

  • We recommend the DELL Optiplex. The estimated price is $850 plus $300 to configure and install.
  • The most common failure points are the hard drives, power supplies and fans.
  • We recommend replacing the workstation at least every five to seven years using a business-class IT service.
  • We recommend creating a domain on the server if the practice management software is compatible.
  • We recommend using a professionally managed VPN or encrypted remote access software, such as Splashtop, to access the server remotely.
noun_transfer_2252419

BDR vs. File-Level Backup

A good backup for dental offices is a must. They are the only thing that can save you from a failed hard drive, a corrupt OS, a mistaken file deletion or a ransomware attack. 

 

Experts recommended having a BDR backup system in place if you’re running a dental practice and host the data locally. File-level backups such as Carbonite, Backblaze and many others only back up the data from your computer to an external hard drive, and in some cases, an offsite cloud. A BDR backup backs up the entire server and provides you with an onsite server to run the practice in the event of an emergency. 

Let’s Review!

  • BDR backups can completely recover your data and network in 60 minutes or less. File-level backups can take over a week.
  • DDS Rescue does a verification backup daily. File-level backup is impossible to validate without doing an in-depth recovery, which causes a substantial interruption to the client network–which is why businesses avoid doing them.
  • DDS Rescue tech support has seen many dental networks that do not have a backup in place at all!
  • DDS Rescue monitors the client backups 24/7. Most file-level backups are not monitored.
  • DDS Rescue offers a $1,000 guarantee: If we can’t get your network up and running in less than an hour, we’ll pay you $1,000!*
noun_Security_957672 - Copy

Business-Class Firewalls

  • It is recommended to have a business-class firewall with an active security subscription installed and configured by a professional IT provider on the network which contains PHI. Common business-class firewalls include, but are not limited to, Dell Sonicwall, Watchguard, Meraki and Cisco. 
  • RDP connections that are not setup properly may be a security risk. 
  • Safely connecting to the dental office remotely is commonly done using remote software, including but not limited to, Logmein, TeamViewer and Splashtop.
  • We recommend a Dell TZ 270, which costs approximately $749. The annual security subscriptions are approximately $350. A firewall does not provide protection without a paid subscription and is a huge security risk.
  • We recommend replacing the firewall every three years.

Wifi that Transmits PHI

  • If you have a wireless network that transmits PHI, it should be secure and a procedure should be established to change the password on a routine basis. 
  • There should be established procedures to change the Wifi password on the network that manages PHI in the event of termination of an employee.

Guest Wireless

  • Experts recommend that you separate the guest wifi on a separate network from the network that contains PHI.

Battery Backups

A battery backup is a device that your computer or device is plugged into in order to minimize the effect of brownouts, surges and electrical outages. Once a surge or an outage occurs, a battery backup goes into effect immediately to be able to power the computers and devices for a short period of time.

  • We recommend the Tripp Lite device, which costs approximately $249.

Physical Security

We recommend physical locks for the server and any other device that contains PHI.

Building Security

We recommend having a security system in place at your practice to defend against stolen servers.

SOFTWARE

Software

Business-Class Email

  • Best practice is to use Microsoft Office 365 email or the paid version of Gmail (G suite). Both are encrypted and are HIPAA compliant. Both entities will agree to a Business Associates Agreement (BAA).
  • Business-class email can easily encrypt messages to prevent a breach.
  • Business-class email provides better protection from ransomware and other threats.
  • If your office is using Microsoft Outlook locally on your network and a PST/OST file is being created and managed, it is best practice to move the PST/OST file to the server in the network or a computer which has been physically secured or encrypted.
  • Experts recommend that a business-class IT firm manage this service.

Server Encryption

Server encryption is recommended if the device can’t be physically locked up. We recommend speaking with a well-trained IT professional to help with server encryption if required. Encryption can cause issues with server performance and potential data loss if not implemented properly.

Antivirus

  • Antivirus experts recommend having a centrally managed business-class antivirus installed and managed by a professional IT provider on every computer in the network. The software should have an active security subscription. Common business-class antivirus includes but is not limited to Webroot, Symantec Endpoint, Norton and Eset. 
  • Experts recommend that a business-class IT firm manage this service.

Security Patch Summary (Windows Updates)

  • Microsoft Windows should be updated on a regular basis as prescribed by a professional IT provider. Some operating systems are no longer supported and are deemed to be non HIPAA compliant, including but not limited to Windows XP, Windows Server 2003 and Server 2008.
  • In many cases, it is much more economical and beneficial to replace computers and servers with outdated operating systems rather than perform an upgrade.
  • Experts recommend that a business-class IT firm manage this service.

Operating Systems

We recommend always using up-to-date operating systems. Using out-of-date operating systems can result in poor performance, security risks and HIPAA compliance issues. It is important to use the latest operating systems that are also compatible with your PMS and imaging software.

  • We recommend Server 2018 for servers and Windows 10 for workstations.
  • In some cases, the server OS can be upgraded if the age of the server is less than three years.

PAPERWORK

Legal,Document,Hipaa,Business,Associate,Agreement,On,Paper,Close,Up.

HIPAA Policies and Procedures

To be HIPAA compliant, you must have:

  • Policies and procedures to ensure protection of PHI that comply with state and federal law.
  • An annual enterprise-level Risk Assessment that meets the HIPAA standards. 
    • It is highly recommended to have this managed by a third-party compliance company. 
    • Most IT providers do not have the experience to perform this properly and they may have a bias if they manage the network. It is a similar concept to having outside auditors audit the financials vs an in-house accounting team.

Business Associates Agreements (BAAs)

  • It is recommended by HIPAA to have up-to-date Business Associates Agreements in place for service providers to your practice that may come in contact with any form of PHI including but not limited to:
    • IT providers
    • Outside billing entities who access PHI
    • Data backup services

DDS Rescue Consulting Services

If you would like DDS Rescue to offer a second opinion on a project or evaluate your network or if you have questions on hardware purchases, we are here for you. Our current consulting rate is $150 per hour.

Contact us for more information about Consulting Services

Or fill in the form below