Possible Opportunity for Dental Office

Velvis said:
If each user is logging into their own account on Patterson Eaglesoft dental software, is it really a security concern that they share a login to the computers themselves?
Obviously, this doesn't apply to the front desk staff who are using M365 apps and what not, but the dentists & hygienists who are using strictly the Patterson software.
Click to expand...

HIPAA strongly recommends unique logins per employee. How can you "prove" that nothing was downloading locally on the workstation....that is shared with others? How can you prove who inserted a USB drive that....download something, or uploaded something? How can you prove that.....etc ...etc...
Employee termination or even just..retiring.HIPAA mandates all access be terminated quickly and cleanly.
Without proper setup of unique logins....you have a huge...huge uphill battle.
 
@YeOldeStonecat

I'm not arguing anything about what you've said in regard to HIPAA, but if @Velvis does NOT sign on as their HIPAA compliance officer, and, in fact, put it in writing that he is not such, that should cover him. Note: Anyone who's thinking of doing IT in environments that require HIPAA compliance, and particularly those who are not willing to accept responsibility for compliance, should have the contractual language drawn up by a lawyer. It should be boilerplate, but it's well worth having professionally drawn up boilerplate that's ironclad in insulating you from that role and responsibility.

One of the reasons I refuse to take any of this on is because it is well-nigh impossible to ensure that there is, in actuality, full compliance. And even those who take on the role of HIPAA compliance officer as a third party will often put it in the contract that they are not responsible if the client fails to follow any one of the recommendations that they make.

If someone who doesn't "do HIPAA compliance" for a living gets involved in IT where it's necessary, there had better be contractual language that holds them harmless for compliance violations.

I have hated HIPAA as both a former healthcare provider and as an IT person because virtually no one really understands what compliance really entails and even those who do cannot be held responsible if those "on the ground" work around certain things (e.g., exactly what's being talked about here). It's all a freakin' house of cards! I honestly doubt that virtually any healthcare organization would pass a strict audit for HIPAA compliance and primarily because it's unreasonable to expect that there will be no shared workstations where logins to the workstations themselves isn't going to be at the invidual level. I've never worked in a healthcare setting where things like labs are involved where walk-up workstations are not the norm and no one ever logs in to them with an individual user ID.
 
Last edited:
YeOldeStonecat said:
Business Premium adds many services that do not care if you're hybrid joined, AzureAD registered, or azure AD joined.

Conditional Access is a huge feature I don't want to manage any business client without.
Having the additional Defender protection for inbound spam, phish, safe links, safe attachments, anti impersonation...features I do not want any business to be without
Enforcement of MFA via conditional access...something I don't want to manage a client without
Entra P2 adds important "risk" features I'd not want to support a more risky (compliance) business...without
InTune...actually helps keeps costs lower because you can "automate more". Many IT people fail to grasp that, so they're not able to education the client on....well, yes..this costs more, but...I do things much quicker so in the end it saves you money because there is less labor from my side". Not to mention, proof of...setting up many important security features that compliance requires (proof as in...InTune configuration profiles...and their logging..to show proof things are done).
Click to expand...
Would you think something like Huntress is necessary in addition to Business Premium?
 
Huntress is monthly invoicing....and your price varies greatly on how many endpoints you'll be carrying over. We brought over around 1400 for the EDR, (the EDR is their endpoint detection and remediation)..which is "managed" by them.
They matched our pricing that we had with SentinelOne...as we played the "competitive upgrade game". I think at our volume, the starting point was a "cost" of around 3 bucks an endpoint per month.

I forget what their minimum was...50 endpoints I think...didn't pay attention to that as I knew we'd clear it.
Not sure what the cost is...at a lower volume like that.

The Microsoft 365 monitoring component is another product of theirs, called ITDR....I was trying to get him under a buck per...but he would not go that low.

When you start getting to the "better level" EDRs....custie prices get more towards 7 bucks and upwards. You should see "BlackPoint".
 
Last edited:
YeOldeStonecat said:
Huntress is monthly invoicing....and your price varies greatly on how many endpoints you'll be carrying over. We brought over around 1400 for the EDR, (the EDR is their endpoint detection and remediation)..which is "managed" by them.
They matched our pricing that we had with SentinelOne...as we played the "competitive upgrade game". I think at our volume, the starting point was a "cost" of around 3 bucks an endpoint per month.

I forget what their minimum was...50 endpoints I think...didn't pay attention to that as I knew we'd clear it.
Not sure what the cost is...at a lower volume like that.

The Microsoft 365 monitoring component is another product of theirs, called ITDR....I was trying to get him under a buck per...but he would not go that low.

When you start getting to the "better level" EDRs....custie prices get more towards 7 bucks and upwards. You should see "BlackPoint".
Click to expand...
Thank you!
 
YeOldeStonecat said:
Fast running server...10 gig switch interface to server.
Fast running network
Fast workstation

Dental offices have software that....needs speed.

You want "business continuity" backup...like Datto/Axcient.

HIPAA....HIPAA HIPAA HIPAA.

M365 Business Premium for a minimum license. Stack on Entra ID P2.
Fully leverage conditional access
Get that 365 tenant security score up above 60, above 70...shoot for 80.

Fast response times needed....xray imaging stops working, etc. Need to get them back up and running quick.

Credit card processing....gotta keep that going. I have worked with a small dentist office that ran Patterson Eaglesoft..many years ago. They closed, the other dental offices we manage run on Dentrix and Dexis. Sometimes their credit card service gets sleepy.

Many dental offices open early, taking appointments starting at 0700....so be ready for that.

Set them up on a professional cybersecurity training...one of those "monthly" trainings that's documented with individual employee tracking.

Pretty much their cybersecurity insurance will provide a list.
Click to expand...
Question about Business Premium, would you suggest each person in the office have that even if they would not be taking part in any of the Office apps or need email accounts?

Essentially, a good portion of the employees would only be using the Patterson Dental software and just need the login benefits/Windows Defender that Business Premium brings but not Word, Excel, OneDrive, or an email account. Many of the employees would be using the same computers throughout the day.

Is there a lower tier that would allow something like this?
 
Velvis said:
Question about Business Premium, would you suggest each person in the office have that even if they would not be taking part in any of the Office apps or need email accounts?

Essentially, a good portion of the employees would only be using the Patterson Dental software and just need the login benefits/Windows Defender that Business Premium brings but not Word, Excel, OneDrive, or an email account. Many of the employees would be using the same computers throughout the day.

Is there a lower tier that would allow something like this?
Click to expand...
Depends...

If Entra ID is serving as your central directory, then all users will need a login there. Those users, however, would only potentially require Entra ID P1 if all they need is a Conditional Access–protected login from the cloud directory.

If you want full endpoint management, the best way to go is M365 F3 + F5 Security.

M365 F3 includes a kiosk mailbox, Entra ID P1, Intune P1, Windows 10/11 Enterprise basically everything you need to manage endpoint devices, whether they’re Windows, Android, or iOS. That’s $8/user/month.

Then there’s M365 F5 Security. This is M365 E5 Security for frontline workers: Defender for Endpoint P2, Defender for Identity, Defender for Cloud Apps everything Defender. This license is also $8. So for $16/user/month, you get full enterprise-grade security for users who need a cloud-managed endpoint. If you require compliance, the F5 Security and Compliance bundle is $13. That brings you to $21/user/month still below Business Premium pricing, but in many ways is even more power than Premium Provides!

I use this combo as much as I can, because the environments that need the full stack are otherwise up against M365 E5 (no Teams) + Teams Enterprise, which runs about $60/user/month. Cutting that to a third makes a real difference.

Your bare-minimum setup Entra ID login + Intune + Defender for Endpoint P2 would be Enterprise Mobility + Security E3 ($11.13) + Defender for Endpoint P2 ($5.46), totaling $16.59/user/month. The reason I don’t recommend that combo is the lack of a CASB (Cloud Access Security Broker).

But did you see the other reason? I go with F3 + F5 Security? It’s cheaper by $0.59 / user and does much more. Use and abuse the F-series SKUs wherever possible.

The F-series combo also includes Defender for Cloud Apps, which really needs to be paired with M365 Business Premium. On its own, Defender for Cloud Apps is $4.20/user/month. Defender for Cloud Apps is IMHO the best security investment any org can make after identity itself.

Why do this? If you’re going to use Entra, then you need to use Entra. That means all those web apps your customer depends on? They get SSO integrated with Entra logins. Once that’s in place, you layer on Defender for Cloud Apps and—bam—every one of those apps now has a firewall in front of it. Conditional Access extends over the top.

You can do powerful things like: “Want to log in to Dentrix? OK—but only from the office.”

This is real security coverage. Real risk reduction. But it means not just deploying Business Premium—it means actually using all the features it brings to the table. That’s hard. That’s a ton of work. And that's also where most providers fall short. The SMB has so much power in their hands with Business Premium, but we arne't selling it, and they aren't buying it, because they don't realize the return. Do M365 correctly, and it makes everyone buckets of money, there is simply no competition. Do it wrong, and your customer will run off to anywhere else, just to get away.
 
You must log in or register to reply here.

Similar threads

Velvis
Dentist office using Eaglesoft
Replies
1
Views
329
YeOldeStonecat
YeOldeStonecat
autumn
Outlook (Office) printing to default settings
Replies
1
Views
141
autumn
autumn
thecomputerguy
HIPPA Compliant document portal for dental office recommendation?
Replies
5
Views
621
Sky-Knight
Sky-Knight
HCHTech
GoDaddy again - Outlook error 7ita9
Replies
3
Views
326
callthatgirl
callthatgirl
britechguy
Are you able to invoke free Outlook for Windows using a Windows Search for Mail?
Replies
2
Views
369
britechguy
britechguy
Back
Top