There are three main areas related to EHR usage that can help improve clinic operations and staff performance. The first is your EHR’s hosting, which we will discuss in more detail below.
SMART has an extensive history in supporting influential substance abuse treatment providers. Learn more in our EHR software news about partner stories about how this tool can transform patient care.
SMART’s EHR hosting platform for opioid treatment programs features HIPAA compliant cloud storage powered by Amazon Web Services (AWS) to increase efficiency, safely. AWS helps covered entities subject to HIPAA regulations process, maintain, and store protected health information. Interested? Request a demo.
What You Can Expect from HIPAA Compliant Cloud Storage
Amazon Web Service (AWS) offers a broad set of global services. These include computing, storage, database, analytics, application, and deployment services. This helps organizations move faster, lower IT costs, and scale applications. Moreover, AWS is a trusted and proven solution used by hundreds of thousands of business, operating in 190 countries. Incorporating this technology enables SMART to deliver the most powerful EHR solution yet.
It also improves the speed and performance of dosing and reports by enabling simultaneous read/write processes to occur across multiple replicated endpoints.
Deb R., Acadia Billing Manager
“I love the fact that the billing on Monday is incredibly fast. I mean unbelievably! Tasks that usually take 15-20 minutes now take under a minute!”
Enhances data protection
SMART’s new cloud also leverages Amazon Aurora, a database engine that delivers high-performance and reliability with real-time redundant backups and 99.995% uptime. Moreover, recovery from physical storage failures is transparent, and instant failover typically requires less than 30 seconds. Aurora’s storage is fault-tolerant and self-healing. Amazon continuously backs up six copies of your data and replicates them across three availability zones.
Amazon Aurora also provides SMART’s EHR users multiple levels of database security. The first level is network isolation using Amazon’s virtual private cloud (VPC). Access controls and boundaries from other networks in the AWS Cloud protect Amazon’s VPC. They closely resemble a traditional network that you would operate in your own data center with the benefit of the scalable infrastructure of AWS. Next is encryption-at-rest using keys you create and control through AWS Key Management Services (KMS).
Lastly, the encryption of data in transit using SSL. On an encrypted Amazon Aurora instance, data in the underlying storage is encrypted as are the automated backups, snapshots, and replicas in the same cluster.
SMART’s shift to the highly-scalable, fully-managed AWS cloud database affords partners several advantages. Such as exclusive access to the latest developments like the SMARTBridge™. It also saves on operational costs by decreasing the need for equipment upgrades, IT resources, and EHR updates. Learn more about SMART’s Cloud-Based EHR Software.
A new addiction treatment center is now open as a paperless office in Shelbyville, Kentucky. This Acadia clinic uses SMART’s EHR as their complete clinic management system. SMART trainers and Shelbyville associates set-up the clinic’s operational workflow during this implementation. Clinical Supervisor, David Thomas, shared his experience with our onsite trainer. “Sandy has been wonderful!!! I would very much recommend her, and would absolutely work with her again!”
A Network of Paperless Offices
SMART is proud to partner with Acadia since 2013 and has been the software of choice, since 1992, for clinics now under their management. Our EHR grows with their network as they continue to expand and transition locations. It helps to create consistency across the board by centralizing and storing information in one place. This software is particularly beneficial for managing large addiction treatment center networks.
A Powerful Platform
Amazon Web Services (AWS) powers SMART’s new EHR platform. Hundreds of thousands of businesses, operating in 190 countries trust AWS for their operational needs. This HIPAA compliant cloud storage provides real-time redundant data backups and 99.995% uptime. This platform protects private clinics and networks from data loss. And Amazon’s virtual private cloud (VPC) enables network isolation. Moreover, AWS allows SMART to isolate portions of partner networks for configuration in specific areas. Learn more about the SMART Solution, our implementation process, or get to know other SMART EHR partners.
Anchorage Comprehensive Treatment Center upgraded its digital health records. They chose SMART’s EHR for paperless operations and billing efficiency. This digital health records software improves the workflow of opioid treatment programs through automation. Acadia’s doctors, counselors, and nurses provide treatment to individuals affected by addiction. This includes morphine, prescription pain medications, and heroin. They treat patients with a combination of therapy and medication-assisted treatment.
How This Digital Health Records Software Streamline OTPs
SMART’s EHR helps streamline processes from the first time a patient calls until discharge. For example, it organizes new patient inquiries. This enables a smooth transition from patient screening, to wait-listing, or referral to another agency. And the assessment tool collects all data elements to meet state and modality requirements.
Additionally, the integrated billing module simplifies third-party billing such as insurance eligibility, drug formularies, billing, payment plans, co-payment, and account management. It also maximizes revenue and decreases data entry. By automating essential tasks, clinicians, counselors, and doctors can spend more time on what matters most; patient care.
SMART is proud to partner with Acadia since 2013 and has been the software of choice, since 1992, for clinics now under their management. As their network of treatment facilities grows, SMART’s EHR grows with them. This complete clinic management system has state-specific modules to satisfy local requirements. SMART’s EHR operates in several countries and 28 states and territories. Learn more about the SMART Solution, our implementation process, or get to know other SMART EHR partners.
SMART’s electronic health record system is now operating at Acadia’s four CARF Accredited treatment centers in Wisconsin. These clinics are a part of their more extensive network that provides medically assisted treatment to individuals suffering from addiction. Medications include treatment with Methadone, Buprenorphine, Suboxone, and Vivitrol. Their expert staff supports medically assisted treatment with well-rounded therapy sessions.
Electronic Health Record System for Organizational Uniformity
Acadia chose SMART’s electronic health record system to support paperless operations, insurance billing, and to create uniformity across their network. For enterprise organizations uniformity is crucial. With SMART’s cloud-based EHR storage of all clinic’s information is in one place. By doing this, the establishment of a corporate model and forms, services, and reporting is made easy. And, data-entry-free billing simplifies insurance, self-pay account management, and reporting functions.
Streamlining Transitioning – New Electronic Health Record System
Moving to a new EHR can be challenging. Many of our Training Team members have experience working within clinics. They understand the challenges faced every day. Because of this, they are passionate about making a transition as hassle-free as possible. Acadia Clinical Supervisor, Quillan, shared that, “The Trainers were very personable, professional, and knowledgeable. We enjoyed working with them, their experience and mastery of the system were evident, and their ability to present the information in meaningful and understandable terms was remarkable. We especially appreciate their patience and willingness to work with us individually and walk us thru the steps, in some cases repeatedly, until we were comfortable, and their use of humor as a teaching tool and patience made learning a new system much easier. They were very approachable and were able to answer every question asked of them. Amazing team…”
In addition to being a trusted addiction treatment services provider, Fall River-based Stanley Street Treatment and Resources Inc. ( SSTAR ) has been engaging in addiction research projects for many years and is now helping to vet the next generation of medication-assisted treatment (MAT). SSTAR is investigating the safety and efficacy of injectable buprenorphine. This medication could potentially eliminate the need for daily visits to the clinic to receive doses. Patients who are eligible to participate in this pharmaceutical study will receive free buprenorphine treatment for up to 6 months and individualized weekly counseling. SSTAR’s Dr. Baily pointed out in a recent article that, “Access to cutting edge care through research is especially important to the uninsured and underinsured population by making access to treatment and medication easier and available at little to no cost to participants.”
Since 2002, Buprenorphine is approved for the treatment of pain and opioid addiction in the form of tablets and film. According to the Substance Abuse and Mental Health Services Administration (SAMHSA), the properties of buprenorphine help to:
- Lower the potential for misuse
- Diminish the effects of physical dependence on opioids, such as withdrawal symptoms and cravings
- Increase safety in cases of overdose
One manufacturer, Braeburn Pharmaceuticals and Camurus recently entered into Phase 2 of their study of CAM2038, weekly and monthly subcutaneous buprenorphine injections. Behshad Sheldon, President, and CEO, Braeburn Pharmaceuticals said, “Our goal is to provide a suite of best-in-class, long-acting treatment options tailored to the individual needs of patients suffering from opioid dependence and chronic pain.”
Albert Einstein College of Medicine partners with SMART Management for Electronic Patient Record Management. SMART’s EHR facilitates their needs with a clinical operations software package. Einstein is one of the nation’s premier institutions for medical education, basic research, and clinical investigation. Further, they operate six community health centers in addition to the University Hospital and treat approximately 3200 patients per year.
Paul LeBeau, SMART’s VP of Software, stated, “We are extremely pleased to have this association with the prestigious Albert Einstein group. The addition of Primary Care to our SMART paperless clinic package enables us to become even more useful in medical treatment.”
More than an electronic patient record
The SMART Solution, a 100% paperless EHR, is a complete clinic management system for OTPs. This EHR helps opioid treatment programs become some of the most effective and efficient treatment providers in the industry. The SMART Solution provides the functionality to enable; increased admissions, streamlined-dosing, improved team collaboration, accelerated test results, and maximized revenue. SMART Partners also benefit from the reliability, security, and cost savings associated with this EHR.
Moreover, EHR users receive personalized live and on-call support 24/7/365. SMART’s knowledgeable Support Team provides services personalized to customer needs. Additional services include training, CARF audit preparation, network management, system administration, and custom development. Learn more or get to know more of SMART’s EHR partners.
SMART’s Addiction Treatment EHR Software is now operating at Acadia Healthcare’s six Washington State locations. These CARF accredited sites provide outpatient treatment with caring individual and group therapy sessions. Patients can also receive recovery support with methadone and Suboxone medication-assisted treatment.
Acadia chose SMART’s electronic health record for its 100% paperless functionality. This EHR solution is a reliable, secure, and flexible cloud-based paperless software. It improves ease and speed of access to patient records, allowing for increased collaboration amongst treatment team members. Additionally, the billing module helps OTPs maximize revenue by processing insurance billing in-house. It also enables authorization management, self-pay billing and account management, unit-based fee for service, payment due notifications, and reporting to both cash- and accrual-based accounting.
Simplifying Electronic Health Record Implementations
Following the earlier Spokane, WA implementation, Office Manager Tami said, “This was a fantastic training team, great software, and overall very positive experience.” This reaction is precisely what SMART’s Team strives for in every implementation of the SMART Solution. Being in business for over 25 years and having operated a network of treatment facilities, SMART knows the challenges that can occur during implementations. That is why SMART has established a thorough and continuously vetted process to ensure that clinics get up and running quickly and efficiently.
Support for Clinics using Addiction Treatment EHR Software
Genuinely understanding the unique operational needs of opioid treatment programs, from one state to the next, requires dedication. This commitment ensures that SMART stays current with Partner’s requirements. Ultimately, their needs drive development and inspire continuous improvement.
SMART upholds this everchanging understanding by providing:
- Personalized live and on-call support
- Dedicated account managers to identify solutions
- Business domain experts who understand clinical operations
Are EHR’s Secure?
The short answer is yes, but the level of security depends on how your EHR is hosted. If it’s cloud-based, there are many failsafe measures in place to protect your clinic and patient data. On-premises solutions, on the other hand, are less advanced and don’t have the capabilities to stay current with security, performance, and reliability.
Whether a substance abuse treatment clinic’s data is hosted on-premises or in a cloud environment, hackers will try to find a way to ruin your day. Recovering from an attack can be significantly more challenging for on-premises users. Let’s discuss two real-life scenarios we’ve encountered.
On-Premises Electronic Health Record Security
Scenario #1 – Clinic’s central server infected during a ransomware attack
In the middle of the night, a ransomware virus infected a clinic’s central server, encrypting any file that was not actively in use. Fortunately, the SMART database was in use at that time and thus impervious to infection or alteration. Had it not been in use, SMART would have also been susceptible to the virus. They were able to copy their SMART data to a secure location and restore their entire server from a snapshot made the night before. If the virus had affected their SMART database or if a server backup wasn’t available, the results would have been very different – the clinic would be forced to pay the ransom for a decryption key or lose an entire day’s worth of data.
Scenario #2 – Clinic’s entire server and workstations infected by a ransomware virus
A different clinic got hit quite a bit harder. A ransomware virus infected their workstations and their entire server. This affected their main SMART folder and database. Next, it spread to their external backup device encrypting all previous backups.
The clinic had two choices – they could either pay the ransom and hope to get a decryption key or start from scratch with a blank database. At this point, they did not have access to SMART for over two days. If they could not decrypt the data, they wanted to be ready to start from scratch. SMART worked with the clinic to help build out a new server. After two days, they finally received the decryption key and access to their files. In total, they were unable to use SMART for four whole business days.
This was a frustrating and time-consuming situation for both organizations. On-premises users are responsible for recovering from these attacks. Not only must they worry about getting SMART back up and running, but they also must repair and restore any infected workstations.
How cloud-based EHR protects patient healthcare data
Security concerns with cloud-based users are much different. Since SMART’s Cloud launched in 2016, there have been zero attacks on cloud partners. It is important to note that if a virus infects a cloud-based user, there is still a chance of unauthorized patient information access. However, the odds of this occurring are far less likely because of the separation between user and data as well as the inherent stringent cloud security measures.
The fact of the matter is that cloud security is far more advanced than traditional on-premise tactics. Choosing a cloud-hosted environment means increased security, period. Security is one of the most significant benefits of moving to the cloud, along with uniformity, operational cost savings, and scalability. Learn more in this article’s top ten benefits list.
SMART has several layers of security that protect all data stored in the cloud.
Virtual Private Cloud (VPC)
The first layer is the Virtual Private Cloud (VPC). Data is stored in an encrypted environment. Only SMART data can pass in and out of this environment. Custom-built firewall rules allow us to prevent unwanted access.
SMART Dedicated Servers
The servers that run SMART in the cloud are “purpose-built”; they run SMART only. This prevents the risk of end-users downloading malicious files from the internet. If a user opens a bad email or web link, only their computer will be affected.
In a shared environment, downloading a corrupt file or opening a malicious email can cause a virus to spread throughout the organization bringing productivity to a halt.
Amazon Aurora provides point-in-time recovery for cloud-based customers. In the unlikely event that a database restore is necessary, the latest backup is no more than 7 minutes old with the next-oldest full database backup being from the previous night.
SMART maintains one year of daily database backups and migrates older backups to the AWS Glacier for long-term retention. Specific data is retrievable from any of the available backup copies. *A fee applies for this service.
Trend Micro is a leader in providing cloud system and application security. This solution equips our servers with antivirus and malware protection, as well as intrusion detection, file integrity monitoring, and vulnerability scanning.
Armor Cloud Security
SMART has teamed up with ARMOR to take our cloud security to the next level. ARMOR provides SMART with Security-as-a-Service.
A team of security engineers continuously monitor the environment responding immediately to potential threats and provide recommendations based on the latest developments in cloud security. Their expertise in the security field helps prevent attacks before they happen. They were able to detect and prevent the WannaCry virus two months before it spread worldwide. Armor allows SMART to focus on delivering the best application experience while also providing an industry-leading security solution.
Best EHR Security Measures
In conclusion, the best EHR security measure that you can take is to choose a cloud-hosted environment. In the event of an attack, cloud-based EHR users are only responsible for their local environment’s security. SMART takes ownership of getting the EHR back up and running. Learn more about SMART’s Cloud-Based EHR Software.
Privacy and Security Rules
HIPAA affects both EHRs and end-users. There are precise rules and regulations about the sharing and storing of electronically protected health information (ePHI) that, if broken, can result in civil violations, criminal penalties, hefty fines, and even jail time. The following details the best ways to safely store PHI and the responsibilities of treatment programs and EHRs like SMART.
Let’s start by looking at HIPAA’s two primary rules:
- The Privacy Rule: This establishes standards for the protection of individuals’ medical records and other personal health information.
- The Security Rule: This requires appropriate administrative, physical, and technical safeguards to ensure confidentiality, data integrity, and the security of electronically protected health information (ePHI).
EHRs’ responsibility under HIPAA
As a cloud-based EHR provider, SMART is responsible for addressing many of the Privacy Rule provisions and all the provisions of the Security Rule. These provisions include securing, encrypting, and backing up our Partners’ ePHI to ensure its security and integrity, and by periodically testing our readiness for possible threats.
We accomplish this by performing routine, thorough Security Risk Assessments to ensure we are appropriately safeguarding all ePHI we receive, maintain, transmit, or process on behalf of treatment providers.
Performing Security Risk Assessments
Understanding how to address HIPAA requirements begins with a full Security Risk Assessment, defined by HIPAA as “a thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic health information.” (1)
The following questions are adapted from NIST Special Publication (SP) 800-66. These are examples of what you should consider as part of the analysis:
- Have you identified all the e-PHI within your organization, including e-PHI you create, receive, maintain, or transmit?
- What are the external sources of e-PHI? In other words, do your vendors or consultants create, receive, maintain, or transmit e-PHI?
- What are the human, natural, and environmental threats to information systems that contain e-PHI?
How does HIPAA Affect Addiction Treatment Providers?
As covered entities, treatment providers are responsible for addressing all provisions of both the Privacy Rule and the Security Rule. Many of the Privacy Rule requirements must be addressed outside the realm of the EHR itself, such as having a sound set of HIPAA policies, providing training to all workforce members, posting notices, and supporting the patients’ rights granted by HIPAA.
To ensure compliance, consider the answers to the three questions listed above to ensure that all your e-PHI is protected against any reasonably anticipated threats and vulnerabilities. Doing this will help to protect both your organization and your patients.
Storing Protected Health Information (PHI)
Electronic vs. paper health records
Do you process every document in your clinic electronically, or are you still hanging on to those paper charts? Electronically entering, searching, and storing data makes being audit-ready and HIPAA–compliant much more manageable.
There are three main benefits to being 100% paperless. The first is organizational efficiency; being electronic helps ensure that staff has access to the same up-to-the-minute patient information at the same time. Next, you can implement quality control processes like providing forms standardization and auto-scheduling regulatory services. And finally, improve data collection standards by creating service type templates with required questions built-in.
Cloud vs. on-premises hosting
Beyond just electronic data processing, how you host your data is incredibly vital to data security. Moreover, cloud-hosted solutions, by-far, provide better security capabilities than traditional on-premises hosting. For example, clinics with PHI hosted on-premise are much more vulnerable to data loss during malicious attacks because of the inability to perform tasks like point-in-time recovery.
The SMART way
SMART’s Cloud-Based EHR – Powered by Amazon Web Services – helps covered entities subject to HIPAA, maintain, and store protected health information. SMART employs several layers of security like our virtual private cloud (VPC), Amazon Aurora, Trend Micro, and Armor Cloud Security that protect data stored in the cloud.
Our EHR platform builds in safeguards, and AWS adheres to all HIPAA protocols. As a result, end users benefit from audit and data integrity controls, malware protection, PHI encryption, backup and storage, automatic logoff, security incident detection and response, and contingency operations processes. Learn more about SMART’s Cloud-Based EHR Software.