Kipp Dye, MSPT, owner of OrthoSportsMED Physical Therapy in Needham, Mass, is a licensed PT, not a certified computer technologist. He holds a master's of science degree, but he studied biology, anatomy, and therapy, not computer science. Still, Dye, who admittedly had no idea what he was getting into, has incorporated technology so thoroughly into his practice that it is completely paperless.

"Technology is so much more powerful than somebody flipping through charts," Dye says. The electronic administration has meant greater efficiency, less cost, and a strong recruiting tool. With all of his data in an electronic format, Dye is now focused on security measures. He is developing a security solution he expects to have in place by this article's publication and that has been designed to protect the practice's information from whoever might try to steal it—whether curious kids or malicious hackers. It is a never-ending job. "As soon as you think you've arrived in Internet security, you fail," Dye says.

His focus might lead some to call him paranoid; others would term him savvy. "Some people might call me an alarmist. I am an alarmist. I want to make sure I'm not missing anything for my patient security and data management, as well as my conscience and integrity as a company moving forward. It's really important to me," Dye says.

The Practice

Incorporated in 2003, OrthoSportsMED has three locations and averages 280 visits per week. Patients range in age from 7 to 92 years old. "We specialize in shoulder conditions and are well-known for treating frozen shoulders," Dye says. Unique methods employed in this treatment include sound-assisted soft-tissue mobilization and company-developed methods to release stiff knees, shoulders, and ankles. Additional services include balance and coordination training, core stabilization, electric stimulation, iontophoresis, joint mobilization, presurgical and postsurgical therapy, phonophoresis, soft-tissue massage, traction, and ultrasound.

A Paperless Trial

But these are tools in most PTs' bags. What really sets OrthoSportsMED apart is its paperless environment. The practice has been electronic since it was founded 3 years ago. "It's been paperless since day one. I had the luxury of building the foundation of this practice on the latest software and hardware components," Dye says.

Technology is used for all aspects of scheduling, charting, and billing. The modules were purchased from the same vendor and are completely integrated. "We have just one system which holds all of our treatment notes, scheduling, charting, billing, and collections information," Dye says.

Convenient features include appointment scheduling, patient check-in, clinical documentation, customizable templates, management of insurance/copays, electronic payment posting, expected payment monitoring, and collection tracking. Dye advises those seeking to implement technology to first consider their aims.

"It's like going to the grocery store. There are 500 different choices of what to eat, but you have to figure out what your needs, wishes, wants, and finances are. Initially, it was intimidating. I didn't have any idea what to do with this stuff. And I was more afraid of what it wouldn't do rather than what it could do," Dye says.

Dye worried about backups until he met an information technology (IT) professional who warned him about security concerns. "It's not enough to have a software program. Once you go out on the Internet, it's open season on your data," Dye says.

The knowledge led him to a new understanding of security, one that continues to change over time. "I'm still learning. You are never 100% safe, but you can try to be as secure as you can," Dye says.

The Golden Rule

OrthoSportsMED's system is protected both physically and electronically. "It's fairly involved and has taken me a while to wrap my arms around it," Dye says. But by doing his homework, Dye has managed to master technology, protecting his practice on many levels.

The actual physical spaces are guarded with motion detectors and alarms. Critical data is encrypted on hard drives, and off-site encrypted data backup occurs daily. Security layers at workstations include privacy screens and password protection at multiple levels. Unauthorized access to the office networks is blocked, and additional security measures protect its wireless space. Security patches are critical, and all of those issues are implemented.

"People don't realize it's not enough to have these wonderful software packages residing on their computers without upgrading their software programs and installing optical patches," Dye says. The result could be someone sucking data out of the machine without the user realizing it if these are not done on a timely basis.

Using software set up to monitor the OrthoSportsMED network, Dye has thwarted potential data thievery. "We have had people try to break in," Dye says, offering an unidentified and unexplained Mac address found in an OrthoSportsMED system as an example. The discovery pushed Dye to implement higher levels of security.

Although he is uncomfortable divulging the specifics of his new security measures for security reasons, Dye does share that all aspects of security have to be considered. "Your network can be wired, wireless, or both, and the components need to be looked at independently as well as collectively," Dye says. He advises that practices keep hardware up to date, implement all of the latest security patches, and, if possible, complete software upgrades when released.

"The effort is critical due to the ramifications of loss of data that is so prevalent in corporate America security," Dye says, referring to events such as the data on the missing laptop computer of a Pittsburgh/Philadelphia Veterans Affairs Medical Centers subcontractor or the Citigroup, New York, data on nearly 4 million customers lost in a UPS shipment.

Dye applies the golden rule to data security: "I treat my clients' data as I would want my own data treated. And then I consider HIPAA standards," Dye says, referring to the Health Insurance Portability and Accountability Act of 1996.

The regulation established baseline national standards for the protection of the privacy of patients' personal health information. State requirements for greater protection apply, and if an institution chooses to do more, there is certainly no harm. Dye thinks it's actually good business sense. "I want to be well ahead of the standards. A lot of HIPAA is still based in the paper age," Dye says.

The Benefits

Moving out of the paper age has a lot of benefits. The paperless office is easier and less expensive to manage: Less time is needed to schedule patients or complete clinical documentation, fewer staff are needed, less space can be devoted to administration and paper-file storage, the cost of associated document archiving and retrieval is much lower, and Dye is even able to track the business from his home office. "It's probably the most effective method of cost savings for the future," Dye says.

Dye estimates that without technology to manage the office workflow, he would need to hire two additional full-time administrative personnel just to handle billing. This staff and their paperwork would require about 800 square feet to 1,000 square feet of space. "I estimate that the current digital setup saves me approximately 7% to 10% of my gross income from the business entity," Dye says.

These funds are redirected to retain the best possible staff. "In terms of security and HIPAA, PTs can be held directly liable and should analyze where they are accepting positions. I've been able to attract exceptional professionals, probably due to the fact that I offer more protection," Dye says.

The Cost

As they are hired, staff are internally trained on the company programs. The first group was trained by the vendor. Troubleshooting is managed by an IT professional on staff who handles the responsibility for software and hardware. He also keeps the office firewalls secure, the applications upgraded, and the security patches up to date.

Not everyone may be able to afford an IT professional on staff, but the knowledge that he or she brings can be invaluable. "It's not an absolute requirement, but someone with medical experience can generally develop what you need fairly quickly because he already understands the needs of a medical clinic and may save you money," Dye says.

Do you have a data-security question about electronic medical records? Contact the software vendors listed in our Online Buyer's Guide.

Technology-related expenses, including IT professionals, hardware, and software, can get quite expensive. Security is tantamount, but Dye acknowledges that it is always a point of analysis for the small business owner. "Obviously, you want to get the most value and the most protection for your investment," Dye says.

Without revealing numbers, Dye says he spent "a lot" on OrthoSportsMED technology but it has been worth it. The practice has gained in terms of cost savings, workflow efficiency, staff recruitment and retention, patient privacy protection, and competitiveness. "It's important to get across that OrthoSportsMED has an unrelenting determination to implement technology and data management with comprehensive security measures to continue to improve on all fronts."

Renee DiIulio is a contributing writer for Physical Therapy Products. For more information, contact .