Acadia chose SMART’s electronic health record for its 100% paperless functionality. This EHR solution is a reliable, secure, and flexible cloud-based paperless software. It improves ease and speed of access to patient records, allowing for increased collaboration amongst treatment team members. Additionally, the billing module helps OTPs maximize revenue by processing insurance billing in-house. It also enables authorization management, self-pay billing and account management, unit-based fee for service, payment due notifications, and reporting to both cash- and accrual-based accounting.
Going paperless in Tacoma
Simplifying Electronic Health Record Implementations
Following the earlier Spokane, WA implementation, Office Manager Tami said, “This was a fantastic training team, great software, and overall very positive experience.” This reaction is precisely what SMART’s Team strives for in every implementation of the SMART Solution. Being in business for over 25 years and having operated a network of treatment facilities, SMART knows the challenges that can occur during implementations. That is why SMART has established a thorough and continuously vetted process to ensure that clinics get up and running quickly and efficiently.
Support for Clinics using Addiction Treatment EHR Software
Genuinely understanding the unique operational needs of opioid treatment programs, from one state to the next, requires dedication. This commitment ensures that SMART stays current with Partner’s requirements. Ultimately, their needs drive development and inspire continuous improvement.
SMART upholds this everchanging understanding by providing:
The short answer is yes, but the level of security depends on how your EHR is hosted. If it’s cloud-based, there are many failsafe measures in place to protect your clinic and patient data. On-premises solutions, on the other hand, are less advanced and don’t have the capabilities to stay current with security, performance, and reliability.
Whether a substance abuse treatment clinic’s data is hosted on-premises or in a cloud environment, hackers will try to find a way to ruin your day. Recovering from an attack can be significantly more challenging for on-premises users. Let’s discuss two real-life scenarios we’ve encountered.
On-Premises Electronic Health Record Security
Scenario #1 – Clinic’s central server infected during a ransomware attack
In the middle of the night, a ransomware virus infected a clinic’s central server, encrypting any file that was not actively in use. Fortunately, the SMART database was in use at that time and thus impervious to infection or alteration. Had it not been in use, SMART would have also been susceptible to the virus. They were able to copy their SMART data to a secure location and restore their entire server from a snapshot made the night before. If the virus had affected their SMART database or if a server backup wasn’t available, the results would have been very different – the clinic would be forced to pay the ransom for a decryption key or lose an entire day’s worth of data.
Scenario #2 – Clinic’s entire server and workstations infected by a ransomware virus
A different clinic got hit quite a bit harder. A ransomware virus infected their workstations and their entire server. This affected their main SMART folder and database. Next, it spread to their external backup device encrypting all previous backups.
The clinic had two choices – they could either pay the ransom and hope to get a decryption key or start from scratch with a blank database. At this point, they did not have access to SMART for over two days. If they could not decrypt the data, they wanted to be ready to start from scratch. SMART worked with the clinic to help build out a new server. After two days, they finally received the decryption key and access to their files. In total, they were unable to use SMART for four whole business days.
This was a frustrating and time-consuming situation for both organizations. On-premises users are responsible for recovering from these attacks. Not only must they worry about getting SMART back up and running, but they also must repair and restore any infected workstations.
How cloud-based EHR protects patient healthcare data
Security concerns with cloud-based users are much different. Since SMART’s Cloud launched in 2016, there have been zero attacks on cloud partners. It is important to note that if a virus infects a cloud-based user, there is still a chance of unauthorized patient information access. However, the odds of this occurring are far less likely because of the separation between user and data as well as the inherent stringent cloud security measures.
The fact of the matter is that cloud security is far more advanced than traditional on-premise tactics. Choosing a cloud-hosted environment means increased security, period. Security is one of the most significant benefits of moving to the cloud, along with uniformity, operational cost savings, and scalability. Learn more in this article’s top ten benefits list.
The first layer is the Virtual Private Cloud (VPC). Data is stored in an encrypted environment. Only SMART data can pass in and out of this environment. Custom-built firewall rules allow us to prevent unwanted access.
SMART Dedicated Servers
The servers that run SMART in the cloud are “purpose-built”; they run SMART only. This prevents the risk of end-users downloading malicious files from the internet. If a user opens a bad email or web link, only their computer will be affected.
In a shared environment, downloading a corrupt file or opening a malicious email can cause a virus to spread throughout the organization bringing productivity to a halt.
Amazon Aurora provides point-in-time recovery for cloud-based customers. In the unlikely event that a database restore is necessary, the latest backup is no more than 7 minutes old with the next-oldest full database backup being from the previous night.
SMART maintains one year of daily database backups and migrates older backups to the AWS Glacier for long-term retention. Specific data is retrievable from any of the available backup copies. *A fee applies for this service.
Trend Micro is a leader in providing cloud system and application security. This solution equips our servers with antivirus and malware protection, as well as intrusion detection, file integrity monitoring, and vulnerability scanning.
Armor Cloud Security
SMART has teamed up with ARMOR to take our cloud security to the next level. ARMOR provides SMART with Security-as-a-Service.
A team of security engineers continuously monitor the environment responding immediately to potential threats and provide recommendations based on the latest developments in cloud security. Their expertise in the security field helps prevent attacks before they happen. They were able to detect and prevent the WannaCry virus two months before it spread worldwide. Armor allows SMART to focus on delivering the best application experience while also providing an industry-leading security solution.
Best EHR Security Measures
In conclusion, the best EHR security measure that you can take is to choose a cloud-hosted environment. In the event of an attack, cloud-based EHR users are only responsible for their local environment’s security. SMART takes ownership of getting the EHR back up and running. Learn more about SMART’s Cloud-Based EHR Software.
HIPAA affects both EHRs and end-users. There are precise rules and regulations about the sharing and storing of electronically protected health information (ePHI) that, if broken, can result in civil violations, criminal penalties, hefty fines, and even jail time. The following details the best ways to safely store PHI and the responsibilities of treatment programs and EHRs like SMART.
Let’s start by looking at HIPAA’s two primary rules:
The Privacy Rule: This establishes standards for the protection of individuals’ medical records and other personal health information.
The Security Rule: This requires appropriate administrative, physical, and technical safeguards to ensure confidentiality, data integrity, and the security of electronically protected health information (ePHI).
EHRs’ responsibility under HIPAA
As a cloud-based EHR provider, SMART is responsible for addressing many of the Privacy Rule provisions and all the provisions of the Security Rule. These provisions include securing, encrypting, and backing up our Partners’ ePHI to ensure its security and integrity, and by periodically testing our readiness for possible threats.
We accomplish this by performing routine, thorough Security Risk Assessments to ensure we are appropriately safeguarding all ePHI we receive, maintain, transmit, or process on behalf of treatment providers.
Performing Security Risk Assessments
Understanding how to address HIPAA requirements begins with a full Security Risk Assessment, defined by HIPAA as “a thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic health information.” (1)
The following questions are adapted from NIST Special Publication (SP) 800-66. These are examples of what you should consider as part of the analysis:
Have you identified all the e-PHI within your organization, including e-PHI you create, receive, maintain, or transmit?
What are the external sources of e-PHI? In other words, do your vendors or consultants create, receive, maintain, or transmit e-PHI?
What are the human, natural, and environmental threats to information systems that contain e-PHI?
How does HIPAA Affect Addiction Treatment Providers?
Addiction treatment providers are required by law to abide by 42 CFR Part 2 regulations but, as Covered Entities, providers are also responsible for addressing all provisions of both the Privacy Rule and the Security Rule. Many of the Privacy Rule requirements must be addressed outside the realm of the EHR itself, such as having a sound set of HIPAA policies, providing training to all workforce members, posting notices, and supporting the patients’ rights granted by HIPAA.
To ensure compliance, consider the answers to the three questions listed above to ensure that all your e-PHI is protected against any reasonably anticipated threats and vulnerabilities. Doing this will help to protect both your organization and your patients.
Storing Protected Health Information (PHI)
Electronic vs. paper health records
Do you process every document in your clinic electronically, or are you still hanging on to those paper charts? Electronically entering, searching, and storing data makes being audit-ready and HIPAA–compliant much more manageable.
There are three main benefits to being 100% paperless. The first is organizational efficiency; being electronic helps ensure that staff has access to the same up-to-the-minute patient information at the same time. Next, you can implement quality control processes like providing forms standardization and auto-scheduling regulatory services. And finally, improve data collection standards by creating service type templates with required questions built-in.
Cloud vs. on-premises hosting
Beyond just electronic data processing, how you host your data is incredibly vital to data security. Moreover, cloud-hosted solutions, by-far, providebetter security capabilities than traditional on-premises hosting. For example, clinics with PHI hosted on-premise are much more vulnerable to data loss during malicious attacks because of the inability to perform tasks like point-in-time recovery.
The SMART way
SMART’s Cloud-Based EHR – Powered by Amazon Web Services – helps covered entities subject to HIPAA, maintain, and store protected health information. SMART employs several layers of security like our virtual private cloud (VPC), Amazon Aurora, Trend Micro, and Armor Cloud Security that protect data stored in the cloud.
Our EHR platform builds in safeguards, and AWS adheres to all HIPAA protocols. As a result, end users benefit from audit and data integrity controls, malware protection, PHI encryption, backup and storage, automatic logoff, security incident detection and response, and contingency operations processes. Learn more about SMART’s Cloud-Based EHR Software.
What happens to your EHR when there is a power outage?
Recently, one of SMART’s on-premise partners experienced EHR downtime when they lost power at their addiction treatment clinic. This sudden outage caused corruption of their server and database. While repairing the database, nurses had to dose manually for the day. Luckily, the database was recoverable; if it weren’t, the clinic would have lost the entire days’ worth of data. Regardless, the nurses had to re-enter every dose poured that day into the system. Had this on-premise clinic been operating in the cloud, they would have been better protected against the potential for data loss.
Why are Cloud-Based EHR’s more reliable during power outages, natural disasters, or security incidents?
When data is critical to an organization’s operations, it is vital to plan for the worst. That is why SMART’s EHR is hosted on the Amazon Web Services (AWS) Cloud. Amazon is known to have some of the best data centers in the world, providing multiple sources of redundancy to keep your servers up and running. Redundant systems for water, power, and internet connectivity significantly reduce the risk of server downtime. Constant monitoring of those systems ensures they are always ready to kick in if an issue arises. With multiple layers of security like database back-ups, network isolation, and encryption, there is a dramatic reduction in the risk of data loss. SMART’s Aurora database platform, powered by AWS, provides precise data protection with nightly back-ups and point-in-time recovery. This recovery means, in the event of database corruption or issue, we can restore data typically within 7-10 minutes.
What problems are associated with unexpected downtime?
Aside from frustrating patients, staff, and leadership, the risks associated with EHR downtime can be severe and costly. The most concerning problem may be patient safety. All other issues ultimately affect patient care in one way or another. In the event of an outage, particularly within a clinic operating an on-premises solution, data is at a higher risk of being compromised or lost. Critical information about a patient’s health history could be missed during treatment, negatively affecting their care and well-being.
Patient care may also be a challenge when staff is forced to endure the tedious process of inputting and searching for data in paper charts. Moreover, clinic operations suffer from the lack of quality control associated with performing procedures manually. To avoid these challenges, some organizations who have experienced wide-spread downtime have opted to invest in expensive back-up systems.1 While this may be effective, switching to a cloud environment is the most efficient solution.
How to prepare with a back-up plan
Plan for downtime occurrences like you would for any disaster. Central to your plan’s success is making sure your staff members use a standardized approach to providing patient care during these incidents. Run regular EHR downtime drills among your clinicians and staff. These will help to reinforce your incident response plan – keeping it top-of-mind.
You may already have a process in place, but this won’t do you any good if the staff does not remember the steps to take. Also, your team will be more at ease if they are prepared with a plan when downtime occurs. Finally, document and review the results with leadership. Their support is essential to overall staff buy-in.2
All-in the Cloud
Many different events could disrupt server operations. From power outages to flooding or fire, even someone tripping over a wire could bring work to a halt. Regardless of how it happens; this is just one of the reasons why SMART is committed to moving our partners’ servers and data into the AWS Cloud. Learn more about SMART’s Cloud-Based EHR Software.
The SMART Solution is a 100% paperless electronic health records (EHR) software. This digital health record specializes in opioid addiction treatment programs providing methadone and buprenorphine maintenance. Substance abuse treatment programs choose SMART to improve clinic management and workflow automation. Contact us to learn about streamlining admissions, billing, inventory management, and more.
SMART Management, Inc.
66 Pavilion Avenue 2nd Fl
Providence, RI 02905