Is it Time to Say Goodbye to our DSLR Cameras?

By Dr. Anthony M. Puntillo, DDS, MSD

When I first graduated from my orthodontic residency, now more than 23 years ago, a standard set of initial records included plaster models, facial and intraoral photographs taken with film, developed, then trimmed and placed into mounts and panoramic and lateral cephalometric radiographs taken with film and developed in darkrooms. The digitization of our society has made the process of gathering and storing this important diagnostic information much more efficient for most orthodontists. In fact, more than four years ago (November 2012) I wrote a Tech Blog article on digital retainers and the impressionless orthodontic practice. Since then the use of intraoral scanners and 3D printing in our profession has grown exponentially. It is now not hard to imagine a day in the near future when impressions will disappear completely from the practice of dentistry.  As I near the end of my 8 year term on the CTECH committee, I can’t help but wonder what is next.   Where else can we use technology to eliminate inefficient processes from our practices?

The most obvious next step for me is the elimination of intraoral photographs. All of those intraoral scanners, now used by most orthodontists, take multiple photographs of our patients’ teeth to create the 3D digital images. Several of these scanners can capture images in true, or close to true color. It can’t be long before we come to the realization that digital images taken with a good intraoral scanner are a better alternative to the standard set of 5-7 intraoral 2D photos we have been taking for decades. The 3D digital image is not only a better diagnostic record of the patient’s current dental state, it also is more versatile in that it can also be used to create and fabricate appliances (i.e. clear aligners, indirect bonding setups, retainers, etc.). If a good intraoral scan can consistently be completed in less than 10 minutes, aren’t we wasting our time and that of our patients’ taking 2D photos. I concede that we are all very accustomed to diagnosing our patients with these 2D photographic images. However, it was not that long ago when most thought that multiple radiographic exposures were necessary on the majority of our patients.   Now most of our patients are diagnosed with a single, quick radiograph taken on a CBCT machine and from that single exposure we derive a much higher level of diagnostic information.

To be honest, I am not yet ready to mothball our cameras. For starters, I still think that facial 2D photos are necessary. I know that there are 3D cameras available that will someday eliminate the need for our extraoral series of facial photos. However, for whatever reason (I believe primarily cost) these have not yet caught on. So for now we will still be taking a series of three 2D digital photos of our patients’ faces. Additionally, 2D intraoral pictures still play a significant role in our new patient consultations. We have not yet found the best way to display and share the captured 3D dental images (STL files) to educate our patients. I anticipate that this last hurdle will be overcome in 2017 and when that happens our DSLRs are going to see much less action and our IOSs are going to play an even larger role in our new patient process.

Reevaluating Your Password Management

By Dr. Matthew Larson

We live in an amazing age where the world is at our fingertips… if only we could remember our password.

It’s no surprise that passwords can be a frustrating part of our digital lives. Websites can have different requirements for passwords and then have to be changed at different intervals. In theory, there are clearly good reasons to have high standards for strong passwords. However, in real life this often means the same password is used for multiple websites and are frequently saved in other locations to remember them.

Here are a few questions to ask yourself about how you handle passwords in your office:

  1. Do you use strong passwords when needed?
  2. Do you have UNIQUE passwords for different sites?
  3. Do you change passwords when you have changes in staff?
  4. Do you keep important passwords private? (This means not posted in plain sight! In many practices the private WiFi password or Invisalign login can be easily found by opening the drawer or cabinet near the computer.)

If you answered no to most of the questions above you may want to consider a password manager app. (If you answered yes to all the questions and do NOT use some form of password manager, I would love to have your memory.) There are many good password manager programs – some are built into web browsers (Internet Explorer, Google Chrome, and Safari all have password managers) while some are 3rd party programs (some of the more popular ones are LastPass, Dashlane, 1Password, and Password Safe). These programs and apps can help manage your existing passwords and help create strong new passwords.

Here are my personal thoughts when selecting a password manager program:

  • Select a program that requires a strong master password to open the app. This rules out most default password managers within web browsers, although there are browser extensions available for many of the 3rd party programs which do require a separate logon. This master password unlocks all your other passwords, so carefully create a unique and very strong.
  • Select a company that has a strong history with good reviews. You want a company with a strong reputation that will continue to maintain high security.
  • Expect to pay a small fee for a high quality company. These programs are inexpensive overall (most range from free to about $5 for the app), so don’t get too caught up trying to find a bargain. A bargain price typically means they are either trying to grow (and then will likely increase fees later) or they are making money through other venues (and the priority may not be the password management program).
  • Use a program that works on mobile devices, Windows computers, and Macs so you can utilize it on all your devices. Additionally, make sure you can sync your database files easily in the cloud between devices.

Related to the database files, ensure the program you choose maintains an encrypted database file. This requires that you have the program and the master password to open the database. All the 3rd party programs mentioned about are encrypted with AES-256 encryption (which is much better than a word document on dropbox).

Currently, I personally use 1Password (https://1password.com/ ), mainly because I like the “Teams” option that allows you to share passwords between team members. You do this using shared “Vaults” as shown below. They charge per user so currently I only have one account for my personal use and one account that the staff uses for ordering and insurance. The program also allows you to save credit card information and profiles, so entering information on a new website goes much quicker. It is also a great way to organize NPI and license numbers for you and your team.

Another nice benefit of these managers is that you can actually load the sites and passwords very quickly and efficiently. I found myself actually saving time going through and paying bills after switching to a password manager because loading every site basically just takes a couple clicks of the mouse. A couple screenshots of how this looks on a mobile device are shown below. (I use this as quick access to my office Facebook account, since the app on my phone has my personal account saved.)

Some may have security concerns by having all your passwords stored in one spot. However, keep in mind that this is the focus of the company and they likely can manage it better than most people can with the little time they realistically devote to it. The first step to deciding if this type of program is right for you and your practice is an honest look at the security and efficiency of your current systems. If managing these passwords is stressful or they are not being stored securely, take a look into what current password manager programs can add to your practice.

2017 Winter Conference – Technology: Balancing Profit, Lifestyle & Patient Care

By Dr. Doug Depew

The 2017 AAO Winter Conference is quickly approaching. Our theme of this year’s meeting Technology: Balancing Profit, Lifestyle and Patient Care.  It promises to be a meeting filled with information for both newer and established practices to help make those tough decisions on what technology is important to use in our practices and when we may wish to invest in it.

The meeting will begin with keynote speaker Jack Shaw.   Mr. Shaw is a world- renowned technology futurist who will be discussing how cutting edge and disrupting technologies will change the way we do business and run our practices in the coming years.

IT guru Steve McEvoy will be answering some of those pesky questions we all have about computer hardware, effective and cost-efficient data backup, and security.   In the ever changing world of computers, what you hear at this meeting will certainly be different than what Mr. McEvoy would have talked about even a couple of years ago.

On Friday afternoon we’ll have a lively discussion by Drs. Greg Jorgensen and Neil Kravitz regarding building our practices through social media, websites, and Internet marketing. Their success in these areas has been paramount in growing their thriving practices.

Saturday morning will begin with Dr. Aaron Molen sharing his experience and thoughts on bringing emerging technology into our practices to help create more efficient and more comfortable patient care.

We’re excited to have Drs. Ed Lin and Christian Groth discussing how to integrate some of the latest technology hardware into our orthodontic practices. This includes workflows for using CBCT, Scanners and 3D Printing.

The conference will conclude with Chris Bentson and Charles Loretto with a discussion on how technology can affect the value and profitability in our practices. This should help answer the question about at what stage of practice a doctor might consider investing in advanced technology.

The location for the meeting is at the gorgeous Marriott Harbor Beach Resort and Spa in Ft. Lauderdale, Florida. The dates are February 10-11, 2017. The schedule is organized in a way to allow some time for afternoon recreation.

There will be plenty of time allotted for attendees to ask questions of the speakers to be sure all bases are covered.   To learn more and to register, visit https://www.aaoinfo.org/meetings/2017-winter-conference-technology-balancing-profit-lifestyle-patient-care

How Can Patients Contact You During an Office Relocation?

By Dr. Dan Grauer

member_on-phoneMoving your office to a new location is a tedious process involving many tasks and some headaches. A critical moment during the move is the transfer of your main phone number to the new location. Unfortunately not all numbers can be transferred to certain areas. Phone carriers have rules regarding the assignment of specific numbers to defined geographical areas that are beyond the purpose of this blog. Luckily there are solutions to this problem.

One way of transferring your number in an undetectable way is using a cell phone as a proxy. You will need to call your old office phone carrier a few days before the transfer and assign your old office number to a cell phone. This process could take from 3 to 5 days. Once your number has been assigned to a cell phone it automatically disconnects from the physical location of your old office. The last step is to forward your calls from the cell phone to the new office number. This is done through the setting menu of the cell phone, and it can be activated or deactivated on demand. The cost of this transaction will depend on the cell phone plan and the cell phone purchased. Advantages of this solution include that your patients will automatically reach the new office and you will maintain your old number regardless of your new geographical location.  Another advantage is that by deactivating the call forwarding function on the cell phone, it becomes an emergency phone for your new office.

Am I legally responsible if I receive a patient referral from another dentist and it is sent to me unsecured?

By: Charlie Frayer, JD, MS, HCISPP, CIPP, CIPM

DISCLAIMER: Protected Trust cannot and does not provide legal advice, and the following question(s) and response(s)—like everything else we publish—are not intended as legal advice or opinion. If you need legal assistance, you should contact an attorney licensed to practice law in your jurisdiction.

For the purpose of this answer, we assume that “sent” means “emailed.” Yes, it is possible that you could be responsible if something bad happens to the patient’s electronic protected health information (ePHI) contained in the email referral, but only if it happens after you receive it.

Under HIPAA, a health care provider is called a “covered entity”. The HIPAA Privacy Rule defines “treatment” to include, “…the referral of a patient for health care from one health care provider to another.” The Privacy Rule also states that, “A covered entity is permitted to use or disclose protected health information…[f]or treatment…”. Therefore, under the scenario you describe, neither the referring dentist nor you are violating HIPAA by merely sending (disclosing) or receiving a patient’s ePHI as part of a referral. Given this good news, the core question now becomes, “Does a covered entity violate HIPAA by sending (or receiving) ePHI in an “unsecured” manner?” Again, the answer is mostly good news, but BE VERY CAREFUL AND READ THE REST OF THIS RESPONSE!!!

First, we have to know what makes ePHI “unsecured” vs. “secured”. Then, we need to know whether HIPAA requires ePHI to be secured (seems like a silly question, but you’ll probably be surprised). And, lastly, if HIPAA does not require ePHI to be secured, then what risks do you have if you face by choosing to leave it unsecured?

Unsecured vs. Secured ePHI
The HIPAA Breach Notification Rule states that, “Unsecured protected health information means protected health information that is not rendered unusable, unreadable, or indecipherable to unauthorized persons through the use of a technology or methodology specified by the Secretary [of HHS] in the guidance issued…”. The HHS guidance emphasizes the use of encryption to make ePHI secure. So, technical details aside, the simple answer is that “unsecured” means unencrypted, and “secured” means encrypted.

HIPAA: Encryption Is NOT Required…What?!?
That’s the title of one of our blog posts from Feb.-Mar. 2016—republished by AAO, which we highly recommend that you read immediately (here or here). Although you would be crazy to not use encryption when emailing ePHI—because the risks are enormous, it is true that HIPAA does not literally require encryption (again, read our blog post here or here right now). Rather, what the federal government decided to do was strongly encourage the use of encryption by making it a get-out-of-jail-free card (apologies to Parker Bros.). Under the HIPAA Breach Notification Rule, you must notify certain persons and/or entities whenever you have a breach (e.g., a loss or theft) of unsecured (unencrypted) ePHI. For example, depending on the breach details, HIPAA requires notifying not only the affected patients, but also the federal government (HHS) and prominent members of the media. But—and here’s the GREAT NEWS—if you have a breach of secured (encrypted) ePHI, you do not have to notify anyone. Why? Because the loss or theft of encrypted ePHI—which cannot be read without the key(s)—is not considered a breach at all. So, encryption=no breach=no notifications=no problems for you.

Risks of NOT Encrypting ePHI Emails
If you’ve already read the above-mentioned blog post—and, if you haven’t, stop now and do so immediately (here or here), then you already know the frightening list of risks you face for not using encryption. In summary, in the event of a breach of ePHI:

No Encryption = Notification(s)

Notification(s) = Investigations, Fines, Lawsuits, PR Disaster, and Lost Business

Investigations, Fines, Lawsuits, PR Disaster, and Lost Business = Wasted $,$$$,$$$.

Our Recommendations

  1. Never email ePHI without using Protected Trust Healthcare Email Encryption.
  1. Require all of your fellow covered entities (e.g., health care providers and insurers), other business associates, and patients to use Protected Trust Healthcare Email Encryption.

IMPORTANT REMINDER: As a Protected Trust client, all of these third-party persons and entities can communicate securely with you, free of charge, and forever. No catch!

  1. To comply with HIPAA, make sure everyone in your office has their own Protected Trust Healthcare Email Encryption account (shared accounts are not permitted by HIPAA).

Google My Business

By Dr. Doug Depew

unnamedGoogle my Business is another way Google has made it easy for us to let prospective patients know about the level of care we offer. It complements your website by giving your practice an identity and presence on Google. If you previously used Google Places for Business or Google+ Pages Dashboard, you may not have noticed it, but your account has already been automatically upgraded to Google My Business. The information you provide about your practice in Google My Business will appear on Google Search, Google Maps, and Google+ to those searching for an orthodontist.   And if you had multiple Google+ Pages they will all show up on the Google My Business Dashboard as long as they are associated with the same email address.

The Google My Business Dashboard makes it easy to manage multiple locations from one central webpage. All you have to do it go to https://www.google.com/business/ and sign in using your email address and password associated with your previous Google+ Pages. From your Dashboard, you will be able to do a number of things.

Locations
For each of your locations, you can add, edit, and verify your practice information. This includes your practice name, phone number, website, and hours.   When you do so, it will automatically update as well in Google Search and Google Maps. For each of your locations, you can easily add pictures of yourselves, your logo, the exterior of your office, the interior of your office, and any other photos you feel will help others learn about your practice. When people search Google, they can learn a lot about you before even going to your website. From your Dashboard, you can also post directly to your Google+ Pages.

Reviews
In the Reviews section, you can see all the reviews patients have posted about your practice. The best part of this is that you can respond to those reviews. Experts in this arena recommended that we respond to at least three reviews a week. This can be to thank patients for especially kind compliments, but more importantly, we should promptly respond to any reviews that are less than stellar. Since negative reviews may inaccurately reflect the level of care you give, it’s important to attempt to set the record straight. In doing so it’s important to thank the reviewer for their feedback and respond in a way that is generic without referring directly to that patient’s experience in your office and their treatment details. Author Helen Overland stated “Respond to reviews, don’t let them sit. If someone sat outside your store telling people about your bad service, you would address it, right? So don’t let people sit outside your virtual door on Google Maps telling people about your bad service without addressing it. Addressing complaints is just good business.” And Google My Business makes it easy to do so.

Insights
In the section called Insights, you can learn how people are finding out about you, from what type of device they are viewing your profile, their demographics, and much more insightful information that may help in your marketing efforts. You can also see viewer activity trends such as how many people call your office from your Google profile, how many click to your website, and how many are asking for directions to your office.

Google Analytics
No longer do you have to log in separately to Google Analytics to see viewing trends on your practice website. This is now right there within Google My Business.   Google Analytics will tell you a lot of useful information such as how many new viewers, how they found your website, viewer demographics, length of their visit, and page views. Having this information on hand can help you in tweaking your website for the most effective and useful visits for prospective patients.

Adwords Express
Like many things Google, Google My Business is free to use. If you choose to make Google ads however, that’s a paid function. These are the ads that show up on the top or right side of a Google search. And Google My Business allows you to manage your Ads from your Dashboard since they should be under the same email.

Virtual Tour
From your Google My Business Dashboard, you are able to learn about how to incorporate a Virtual 3D tour of your office onto your Google listing. These can also be placed directly onto your practice website.

Going Mobile
By downloading the Google My Business app, you can perform most of these functions right from your mobile phone.

I have personally found Google My Business to be a great tool in my efforts to monitor and improve our practice’s online presence. It has consolidated many functions into one place, saving time and energy. I encourage you to look into it and see how it can help you.

 

HIPAA: Encryption is NOT Required…What?!?

By Charles E. Frayer[1], JD, MS, HCISPP, CIPP, CIPM

Introduction
cfrayer
No, that headline is not a misprint. Contrary to common assumptions—and what many email encryption providers may tell you, Congress, in its infinite wisdom (stop laughing, please) decided that the Health Insurance Portability and Accountability Act (HIPAA) should not—and, therefore, it does not—require the use of encryption to secure your patients’ private medical data (aka, electronic Protected Health Information or ePHI).

WARNING: IF YOU STOP READING NOW AND SIMPLY DECIDE THAT YOU DO NOT NEED ENCRYPTION, YOU MAY WAKE UP ONE DAY TO THE WORST FINANCIAL AND PUBLIC RELATIONS NIGHTMARE IMAGINABLE. SO, READ ON…

Required vs. Addressable: What’s the Difference?
In HIPAA, Congress adopted two types of implementation specifications—“required” and “addressable.” Those labeled “required” must be implemented or it will be deemed an automatic failure to comply with the HIPAA Security Rule. On the other hand, those labeled “addressable” must be implemented only if, after a risk assessment, the covered entity (that’s you, if you’re a Health Care Provider, a Health Plan, or a Health Care Clearinghouse) has determined that encryption is a reasonable and appropriate safeguard for managing risks to the confidentiality, integrity and availability (CIA) of ePHI. A brief sidebar about the CIA triad: confidentiality protects against unauthorized disclosure; integrity protects against unauthorized modification or destruction; and availability protects against disruptions to access and use of ePHI. Okay? Now, back to our story…

However, if you determine that encryption is not reasonable and appropriate (think about this carefully), then you must document your rationale for that decision and do one of the following: (a) implement an equivalent alternative to encryption that is reasonable and appropriate; or (b) if safeguarding ePHI can otherwise be achieved, then HIPAA even allows you to choose not to use encryption or any equivalent alternative measure, provided that you also document the rationale for this decision.[1] Shocking, isn’t it? Yes, Congress effectively (is that an oxymoron?) allows you to do nothing, provided you can and do back it up.

Now, if you’ve thought about that carefully, you’re probably wondering something like, “What if HHS audits me and they don’t agree with my carefully documented rationale for deciding that encryption is not reasonable and appropriate to protect my patients’ private medical data?” Perfect question! And therein lies the problem. It is difficult (impossible?) to even imagine a situation for which it would be “reasonable and appropriate” to decide not to use encryption to protect ePHI (remember, that lowercase “e” stands for “electronic”). So, even though HIPAA does not literally require encryption, it effectively requires encryption because there is no reasonable and appropriate alternative for protecting ePHI.

In other words, when it comes to using encryption to protect ePHI, there is little (if any) difference in Congress labeling it as “addressable” rather than “required” because not using encryption is simply too risky for your patients’ ePHI and, therefore, even riskier for your business.

Encryption: HIPAA’s Data Breach Safe Harbor
Under the HIPAA Breach Notification Rule, there are essentially two types of ePHI—unsecured (i.e., unencrypted) and secured (i.e., encrypted). Under HIPAA, every breach of unencrypted ePHI requires you to provide time-bound notifications to: (1) affected patients; (2) the Secretary of HHS (i.e., the federal government); and/or (3) prominent local/state media outlets. This, of course, will put you at risk of federal and/or state investigations, fines, possible lawsuits, and the worst kind of public relations disaster imaginable, which will almost certainly result in lost business.

But there is good news…no…GREAT NEWS!!! Under the Breach Notification Rule, encrypted ePHI that is “breached” (e.g., lost, stolen, or accidentally/intentionally sent to the wrong recipient) is not considered a breach at all because ePHI that is encrypted cannot be read or otherwise used without the key(s) required to decrypt it. Consider some of the risks of emailing your patients’ ePHI unencrypted versus sending it via encrypted email, as follows:

Screen Shot 2016-02-18 at 4.27.19 PM

So, if you use it, encryption is your lawful HIPAA-endorsed safe harbor against everything you want to avoid in the event of a breach of ePHI. Going back to our previous segment, even if you somehow came up with that rarest of all situations—where using encryption to protect ePHI was not reasonable and appropriate, you still need to use it because doing so gives you a complete “out” when the worst of all possible ePHI scenarios—a data breach—occurs (i.e., you get to simply walk away).

In summary, although HIPAA does not literally require encryption, Congress nonetheless has effectively mandated its use because (i) it is all but impossible to think of a real-world situation where encrypting ePHI is not reasonable and appropriate; and (ii) if you choose not to use it, you are exposing your business to a plethora of regulatory, legal, public relations, and/or financial risks that are easily avoidable—by simply using encryption.

[1] Charlie Frayer is a Michigan licensed attorney and Florida Authorized House Counsel serving as General Counsel and Chief Privacy Officer at Protected Trust, LLC, the leading provider of Simple Email Encryption with 24×7 free and unlimited support via phone, email, and chat.

[1] See: 45 CFR § 164.306(d)(3) detailing the difference between “Addressable” and “Required” implementation specifications at http://www.ecfr.gov/cgi-bin/retrieveECFR?n=sp45.1.164.c#se45.1.164_1306;

45 CFR § 164.312(a)(2)(iv) labeling encryption and decryption as “Addressable” at http://www.ecfr.gov/cgi-bin/retrieveECFR?n=sp45.1.164.c#se45.1.164_1312; and
the HHS HIPAA Encryption FAQ at http://www.hhs.gov/hipaa/for-professionals/faq/2001/is-the-use-of-encryption-mandatory-in-the-security-rule/index.html

Have You Talked to Your Telecom Vendors Recently?

By Anthony M. Puntillo DDS, MSD

Dr.-Puntillo-PictureMany of you have no doubt seen the television commercials announcing the merger of AT&T and Direct TV. This merger is just another sign of the digital transformation the United States telecommunication industry is undergoing. This transformation is being driven largely by an insatiable consumer desire for data and bandwidth. If you have transitioned your practice to digital, and many have, chances are high that you discovered your office hard drive was full and needed to be upgraded. Furthermore, single location practices are becoming more rare and it can be challenging to access all of this additional data when and where you need it. This issue is even more pronounced in the increasing number of practices that utilize 3D CBCT machines, as the DICOM files generated by these machines can be as large as 700 megabytes.

My practice consists of four office locations, three doctors, and three CBCT machines. All our locations are networked to a single sever and all patient data is securely accessible at each location and externally via a virtual private network (VPN). Our Voice over IP (VoIP- see Dr. William Engilman’s post from May 2012) telephone system connects all our offices and staff seamlessly. To make all these systems work we require stable bandwidth and lots of it. That bandwidth comes at a significant monthly fixed cost for our practice. Recently, in an effort to make sure we were getting the most for our money, we asked our IT consultant to review our contracts and plans with all our telecommunication network providers (i.e. AT&T, Comcast, etc.). Their review found that by bundling some services (i.e. phone, internet access, etc.) additional bandwidth, and subsequently improved efficiency, was available for a similar monthly cost. In the cellular world, companies such as AT&T, Verizon, T Mobile, and Sprint are investing heavily in infrastructure upgrades. These upgrades are being used to offer consumers deals that were unheard of just 12 months ago. If you have not reviewed you offices telecommunication vendors and plans within the last 12 months, I would encourage you to use the slower time in your office this fall to do so. You may find significant cost savings or improved services are also available.

Simplifying Management of Satellite Offices

By Matthew Larson, DDS, MS

Matt LarsonIn the current economy, satellite offices are frequently utilized by orthodontists to increase their area of draw and patient base. Most orthodontists and consultants feel that the additional income offsets the additional overhead expense, but managing multiple office locations clearly requires more effort than maintaining only one location. However, current technology has helped make managing multiple locations easier. One dramatic example that most orthodontists now utilize is electronic charting, so that patient information is easily available at all office locations. Here are a few other tips and tricks to consider:

  • Centralized/Cloud-Based Documents: Most offices ensure that all patient information in their practice management software is either on a centralized server or cloud-based, but many offices are not as attentive to all of their supporting documents. Your satellite office should be able to run exactly like your primary office if desired. It is relatively easy with current technology to ensure all computers have access to centralized training manuals, patient handouts, and current projects. More limited access can be setup for the doctor and select staff to access more confidential information. Multiple methods can be used to achieve this, such as a shortcut to a shared document folder on the server (if a terminal server is used at the satellite office) or online cloud-based storage such as iCloud, Google Drive, or Dropbox. Please note that iCloud and Dropbox are not HIPAA compliant and Google Drive requires some adjustments to be HIPPA compliant, so these are not ideal solutions for PHI. The goal is that each practice location should have electronic resources in the same location for easy reference and there should be little to no effort to keep them synchronized.
  • Mileage tracking mobile apps: Deducting business mileage or tracking business miles on the company vehicle can provide a nice tax savings, but maintaining an accurate ledger to satisfy the IRS can be difficult. Multiple mobile apps are available to help keep an accurate log of business miles, such as Mileage Log+, MileagePad, Auto Miles, and Triplog. Some apps will automatically track when you are driving and then miles can be categorized later. Most allow you to export spreadsheets or expense reports for a nice end-of-year summary. Prices are generally under $10.
  • Remote locks and thermostats: I may be slightly biased since our practice is located in Wisconsin, but having a remote thermostat to ensure that heat is turned down when we are not at our office and that the office is warm when we arrive really helps staff morale at the start of the day! Also, there are coded locks available for your front door that allow you to remotely issue one-time use codes for contractors to access the building. Multiple permanent codes can also be set, which allows you to monitor who is entering your office. For example, cleaning staff can be given a unique code so you are aware of when they are onsite. These generally are a few hundred dollars to install, but avoiding extra trips to let in contractors or paying for additional heating/cooling bills can make it worth the expense.
  • Phone lines: Phone systems are a much larger topic, but it is worth at least briefly mentioning that having lines ring at only one location and going to voicemail if they are not answered is outdated. For offices with multiple locations, some type of VOIP system should be strongly considered, which allow lines to be answered and transferred independent of geography. Even with a traditional phone system, look into the additional features offered by the phone company. Generally, lines can be forwarded on certain days of the week and calls that are not answered in a certain amount of time can be forwarded to the other office (assuming the other office is staffed).

Overall, managing a satellite office can be less stressful using current technology, but some effort must be spent up front to design the correct systems and to implement them.