|
Your Practice Could Be Looking At Heavy Fines |
Have you heard of the HITECH Act? This is a recent law that pertains to patients' personal health information and states that practitioners who break it can face criminal and/or civil penalties for security breaches. The SCDA and SCDA Member Benefits Group is holding a seminar on Friday, September 10th in Columbia to bring Dentists and their staffs up to speed on what is required within the law and how it specifically pertains to dental practices. A breach is any unauthorized acquisition, access, use or disclosure of unsecured protected health information which compromises the security or privacy of such information; even access that creates the potential for misuse could trigger a breach. Administrative and organizational safeguards will be discussed in addition to physical and technical safeguards. The second part of this seminar will be an update on national health care reform and how it will affect you as a small business owner in the coming months and years. Changes such as dependent coverage, pre-existing conditions, rescissions and lifetime dollar limits are taking affect this year, but very soon employers will be required to distribute uniform benefit summaries to participants, provide 60 day advance notice of material modifications and meet many other mandates that are being handed down. Other changes are taking place such as the elimination of Health Savings Accounts (HSA) and Flexible Spending Accounts (FSA) funds being used towards the purchase of over-the-counter medicines, unless they have a prescription by a physician or it is insulin. The list of changes goes on and on! Follow this link to learn more details about this seminar and to print out a registration form. http://www.scda.org/associations/5602/files/HI%20TECH-Health%20Care%20Seminar.doc |
| More PCI News... | Over the past several years the Card Associations (Visa/MC/Discover/Amex) have focused heavily on the protection of cardholder information. There are guidelines in place to protect this information from theft including what terminals and pin pads can be used, what application is inside the equipment running it, how receipts are printed, how cards are handled by staff, how receipts and card data is held in your files and office, how cardholder information is stored in your computer, how the data is transmitted or received over the internet or wireless environments and how staff in offices are trained to adhere to these guidelines.
At this point, ALL merchants are expected to be compliant; processors that you each work with have taken time to update/upgrade your equipment and/or notify you of need for such. If you're not in updated equipment it's a good time to take care of that issue!
Up until July, 2010 only HIGH VOLUME merchants (PCI qualifies them as Level 1, Level 2, and Level 3 merchants) have had to go through formal certification that they were adhering to these requirements. Now the certification is moving into the Level 4 realm-which is where millions of small to medium size merchants fall-including the majority of dentists.
EACH merchant will work with their CURRENT processor to manage their certification; the process is not as daunting as it sounds! Processors are submitting plans to Visa/MC outlining how they will make access to Certification Vendors that can assist merchants with the process and communication of these programs are beginning to occur now. Processors realize this will be an ongoing project; merchants will not all certify on day one, merchants will not be shut off for non-certification likely for many years.
When a merchant does decide to certify through the access offered by their processor, in general, most merchants will complete a short survey of questions validating they protect the data correctly. It can usually be done online in 10 or 15 minutes. The vendor the processor offers to you will have information about your program to help you answer the questions. Some merchants based on how they process may also need a scan of their web connection - this is done virtually, does not require involvement of the merchant, and checks to make sure that the connection is safe. Once the survey is complete, the vendor assesses that the responses meet the requirements, works with the merchant on correcting any items that do not, and then formally certifies the merchant. The scan works the same way.
Once the merchant is certified, the Certification Vendor notifies the processor who provided the access and the process is complete FOR THAT PERIOD OF TIME. PCI is not a stagnant state-it's a continual process, so depending on type of merchant the process will be repeated annually or quarterly. It's important to note ALL PROCESSORS have this same requirement and all will be contacting their own merchants with the details on how to formally certify. Processors are required to document that a program for certification is available to their merchants, NOT YET that every merchant is in fact certified.
There are hard costs for the processors to offer this service. The Certification Vendors involved have to be certified by Visa/MC to perform these assessments and certify merchants and they charge the processors/merchants for their assistance, the systems, the scans, etc. Pricing may range, depending on your processor, from $75 to $150 as an annual cost. If a merchant wanted to do it on their own, they could search out a vendor and contract by themselves, but the costs would be considerably higher because they don't represent the volume of business that each processor does!
Two of the SCDA endorsed vendors, TransFirst and CareCredit, both will be offering this service to their merchants. CareCredit notices are being sent out now and TransFirst will be getting information out in the month of July. PLEASE NOTE - merchants will likely receive notices from ANY PROCESSOR they've ever worked with if accounts were not formally closed from their system. Processors are taking the better safe than sorry approach and notifying everyone they show on their systems even if there is not current processing volume. |
| Help Get The Word Out |
The SCDA Member Benefits Group has worked hard to secure discounts up to 65% for new-to-practice dentists looking to obtain malpractice insurance, so if you have a student graduating dental school or if you are bringing a new graduate into your practice, have them call 1-800-327-2598 to learn how they can save approximately $700 in the first year alone. In addition, a 10% discount can be extended to them for their second year in practice. |
|
As always, contact me at 1-800-327-2598, ext. 100 with any questions or visit us at www.scda.org
Sincerely,
Mark K. Brown
SCDA Member Benefits Group Manager |
|
|
|
