Data security in substance abuse treatment is serious business. Fortunately, SMART’s Cloud-Based EHR complies with HIPAA’s security rule, which requires specific protections to safeguard patient electronic health record information. Our EHR Platform – powered by AWS – builds in these safeguards and AWS adheres to all HIPAA protocols. Moreover, world-class companies like Adobe Systems, Siemens, Expedia, and Netflix rely on AWS. However, this cloud infrastructure is impossible to replicate for on-premises software users. We know there are concerns when considering a move to a cloud-based EHR. But many of these concerns are addressed by the inherent advantages of the platform. Below is a list of security benefits that can add value and give organizations peace of mind.
Top Security Advantages of SMART’s Cloud-Based EHR Platform
- Audit Controls – Maintains audit logging for all data assets to detect inappropriate access, tracking unauthorized disclosures, measuring performance problems, detecting intrusion attempts, and for the support of investigations.
- Data Integrity Controls – Includes a complete set of HIPAA policies for administrative controls. These include physical protections, staff training, and maintaining a “culture of security.”
- Malware Protection – Employs multiple layers of protection throughout our on-premises systems and AWS cloud presence.
- Encryption – Encrypts all protected health information (PHI) to the NIST AES-256 standard or better. This occurs at-rest as well as in motion within SMART’s AWS Cloud presence.
- Backup & Data Storage – Provides point-in-time recovery for cloud-based customers. In the unlikely event that a database restore is necessary, the latest backup is no older than 7 minutes with the next-oldest full database backup being from the previous night. We maintain one year of daily database backups and migrate older backups to the AWS Glacier for long-term retention. Specific data is retrievable from any of the available backup copies. (A fee applies for this service)
- Automatic Logoff – Configurable auto-logoff feature in compliance with this HIPAA rule.
- Security Incidents – Comprehensive procedures to detect and respond to security incidents. A HIPAA-compliant detailed breach analysis and reporting process support our systems.
- Contingency Operations – Adheres policies and procedures for responding to emergencies and disasters. This process focuses on helping you to regain access to your software and data quickly.
As you can see, SMART’s Cloud provides significant advantages and tremendous value. Clinics gain confidence in data security and accessibility allowing them to focus on operations and patient care.