Posts

8-great-security-benefits

8 Security Benefits | Cloud-Based EHR for Substance Abuse

8-great-security-benefits

Data security in substance abuse treatment is serious business. Fortunately, SMART’s Cloud-Based EHR complies with HIPAA’s security rule, which requires specific protections to safeguard patient electronic health record information. Our EHR Platform – powered by AWS – builds in these safeguards and AWS adheres to all HIPAA protocols. Moreover, world-class companies like Adobe Systems, Siemens, Expedia, and Netflix rely on AWS. However, this cloud infrastructure is impossible to replicate for on-premises software users. We know there are concerns when considering a move to a cloud-based EHR. But many of these concerns are addressed by the inherent advantages of the platform. Below is a list of security benefits that can add value and give organizations peace of mind.

Top Security Advantages of SMART’s Cloud-Based EHR Platform

  1. Audit Controls  Maintains audit logging for all data assets to detect inappropriate access, tracking unauthorized disclosures, measuring performance problems, detecting intrusion attempts, and for the support of investigations.
  2. Data Integrity Controls – Includes a complete set of HIPAA policies for administrative controls. These include physical protections, staff training, and maintaining a “culture of security.”
  3. Malware Protection – Employs multiple layers of protection throughout our on-premises systems and AWS cloud presence.
  4. Encryption – Encrypts all protected health information (PHI) to the NIST AES-256 standard or better. This occurs at-rest as well as in motion within SMART’s AWS Cloud presence.
  5. Backup & Data Storage – Provides point-in-time recovery for cloud-based customers. In the unlikely event that a database restore is necessary, the latest backup is no older than 7 minutes with the next-oldest full database backup being from the previous night. We maintain one year of daily database backups and migrate older backups to the AWS Glacier for long-term retention. Specific data is retrievable from any of the available backup copies. (A fee applies for this service)
  6. Automatic Logoff – Configurable auto-logoff feature in compliance with this HIPAA rule.
  7. Security Incidents – Comprehensive procedures to detect and respond to security incidents. A HIPAA-compliant detailed breach analysis and reporting process support our systems.
  8. Contingency Operations – Adheres policies and procedures for responding to emergencies and disasters. This process focuses on helping you to regain access to your software and data quickly.

    As you can see, SMART’s Cloud provides significant advantages and tremendous value. Clinics gain confidence in data security and accessibility allowing them to focus on operations and patient care.

    New Brunswick Counseling Center Location

    Substance Abuse Software Serving New Jersey


    Substance Abuse Software Serving New Jersey New Brunswick Counseling Center
    SMART’s Substance Abuse Software proudly serves New Jersey opioid treatment provider, New Brunswick Counseling Center. NBCC provides comprehensive, evidence-based, mental health, and substance abuse treatment services. Their caring staff administers outpatient services for prevention, early intervention, and treatment. For instance, through their methadone clinic, NBCC provides individualized assessments and medication-assisted treatment to qualifying individuals. And with SMART’s dosing, dispensing, and inventory modules, NBCC can simplify daily tasks and prepare for DEA audits at any time.

    Implementing EHR Software 

    New Brunswick Counseling Center Associates

    New Brunswick Counseling Center Associates

    SMART works closely with addiction treatment providers to coordinate the adoption of SMART’s Substance Abuse Software. For example, when NBCC implemented SMART’s EHR Software, the first goal was to ease them through the initial transition. Their talented group of employees teamed up with SMART to vigilantly transition their operations to electronic and paperless. Each visit is a learning opportunity for both parties. One SMART Customer Service Representative said, “It’s always great to watch early hesitation over something new give way to a feeling of having made the right choice. It’s already clear that SMART Software is going to make their lives easier.” More than one of the staff noted, “Thank you for making me believe in SMART.” Learn more about SMART’s implementation process.

     

    SMART EHR 10 Security Benefits

    Electronic Health Record Benefits in Addiction Treatment

    Electronic Health Record Benefits in Addiction Treatment

    Having electronic health records software means that you can document all your clinic’s tasks digitally and in real-time without the need for paper charts. Beyond being paperless, there are many other electronic health record benefits to consider. Below we discuss specific advantages to individual addiction treatment clinics and enterprise organizations.

    Electronic health record benefits to individual clinics

    Clinics improve staff collaboration and patient care with easily accessible information and reports automation.

    Individual clinics
    1. Reduces redundancy of data entry; everything is in the system and is only a few clicks away.
    2. Saves physical space and office supply costs without the need for a chart room.
    3. No more time wasted filing and searching for paper charts.
    4. Expedites and automates the receipt of lab test results.
    5. Organizes information making it easy to find simplifying quality control.
    6. Submits co-signatures on treatment plans, service delivery notes, medical orders, and forms remotely which reduces unnecessary travel time.
    7. Auto alerts and reminders help to ensure that you meet patient’s treatment needs on time.
    8. Optimizes admissions capacity with auto-scheduling and pre-admission screening.
    9. Maximizes revenue and decreases data entry with an integrated insurance billing module.
    10. Better tools and technology improve communication, staff retention, and employee satisfaction.

    “SMART provides real-time information that allows staff to feel confident in their clinical decisions.”

    Eileen, Director, Boston Public Health


    Benefits of EHRs to enterprise organizations

    Managing a network of treatment programs can be challenging but with SMART’s cloud-based EHR software, you can create consistency across all locations while scaling to your growing needs.

    Enterprise organizations
    1. Stores all your clinical information safely in one place.
    2. Saves operational costs by decreasing the need for equipment upgrades, IT resources, and EHR updates.
    3. Creates uniformity and consistency across all OTP locations.
    4. Establishes your corporate model of forms, services, and reporting.
    5. Reduces administrative costs by automating processing and reporting.
    6. Simplifies insurance, self-pay account management, and reporting functions with data-entry-free billing.
    7. Scales to your needs allowing you to adjust size and performance with no downtime.
    8. Automatically and seamlessly makes updates and improvements to the system.
    9. Leverages the latest technologies (like SMARTBridge™).
    10. Integrates with billing systems and state reporting eliminating the double entry of data.

    Here are some EHR advantages that clinics often overlook

    Once you are operational with paperless health records, ensure that you are using all the features available. This will help you be even more efficient.

    Create templates wherever possible

    • Service type templates save your teams from writing repetitive notes and allows them to see the exact data they need.
    • Release-of-information templates allow your team to choose a pre-populated template saving time on data entry and disclosure tracking.
    • Agency referral lists (via SMART’s QSOA feature) allow your team to quickly find referral sources and track expiring agreements.

    Leverage our EHR’s secure cloud environment to build your key business rules for:

    Integrate your billing processes

    Outsourcing insurance billing to a third-party often costs more than processing it in-house. SMART’s paperless billing module gives users the ability to successfully manage the revenue cycle in-house.

    Experience matters

    SMART’s 100% paperless health records software has more than 25 years of experience serving opioid treatment programs. SMART has the unique ability to relate to the day-to-day challenges of medication-assisted treatment professionals because we’ve worked there too. President and CEO David L. Piccoli, II, was inspired to help his family’s network of opioid treatment facilities go paperless in the early 90’s. Since then, SMART’s EHR continues to grow with all our partners as they expand and transition more locations to have 100% paperless health records.

     

    Addiction Treatment EHR Supports Narcan Training Providers

    Addiction Treatment EHR Supports Narcan Training ProvidersAs an addiction treatment EHR opioid treatment programs, SMART Management, Inc. is proud to support life-saving recovery initiatives like Narcan training. Our partners deliver treatment services like counseling and medication-assisted treatment. Unfortunately, sometimes, individuals succumb to opioid addiction. This is when other measures, like the delivery of Narcan, are necessary to save lives.

    Increasing Narcan availability

    Narcan (naloxone) blocks or reverses the effects of opioid medication, including extreme drowsiness, slowed breathing, or loss of consciousness…(Narcan) is used to treat a narcotic overdose in an emergency situation.“¹ The availability of this life-saving drug is increasing state-by-state as communities are desperately trying to catch up with the startling number of overdose deaths. The availability of Narcan is no longer limited to hospital ERs. Because of the increase in demand, availability has extended to police, emergency response professionals, school clinics, and even to those who know someone who is addicted and at risk. However, Narcan training is needed for those seeking the ability to carry and administer this drug.

    Staten Island University Hospital and Boston Public Health are just a few addiction treatment facilities that have taken that crucial extra step and are offering certified overdose prevention training, via Narcan, to their communities. Attendees learn how to identify the signs of overdose and how to administer Narcan. Finally, after training, they will receive a free rescue kit. ²,³

    If you or someone you know wants to learn about overdose prevention and Narcan training, please visit SAMHSA’s website.

    Are You and Opioid Addiction Treatment Provider?

    SMART partners with OTPs to streamline operations and improve patient care with a complete clinic management system. Interested in transitioning your services to a paperless, secure, and cloud-based EHR? Contact us today

     

    1.) https://www.drugs.com/mtm/narcan.html

    2.) http://www.brandywinecounseling.org/annoucements/narcan-training-classes

    3.) http://www.bphc.org/whatwedo/Addiction-Services/prevention/Pages/Narcan-Program.aspx

    4.) http://www.siuh.edu/Events-Calendar/Event-Details.aspx?Event=647

    5.) http://www.samhsa.gov/medication-assisted-treatment/treatment/naloxone

    sstar-prevention-services

    EHR for Addiction Treatment Proudly Serving SSTAR

    Passionate About Treatment AND Prevention  

    EHR for Addiction Treatment Proudly Serving SSTAR

    SMART proudly serves SSTAR, since 2010, with a specialized EHR for addiction treatment. This Massachusetts-based non-profit health care agency provides life-saving services to individuals affected by addiction. Beyond treatment, they are also passionate about prevention services. For the past several years, SSTAR has tried to create the space to accommodate the delivery of those services. Unfortunately, the city rejected its previous two building permits. If the city approves permitting is in the future, this would allow them to provide prevention services and other educational efforts. The growing demand for these services at their other locations spurred this undertaking. Learn more about SSTAR 

    Narcan Helps, But Only So Much

    The overdose-reversing drug Narcan is saving lives every day. Firefighters in Taunton have been trained to administer Narcan. Unfortunately, “Some of the fatal deaths in town have been people that were revived with Narcan before, successfully, and then they ended up OD’ing,” according to Tim Bradshaw, chief of the Taunton Fire Department. This is the very nature of addiction.

    This is why many approaches are so critical. Strategies like SSTAR’s efforts toward increasing prevention services in addition to addiction treatment and recovery services help to make help available to people no matter where they are in their journey towards recovery. Prevention and recovery with companies like SSTAR make help available to people no matter where they are in their recovery.

    Technology in Addiction Treatment 

    Since 1991, SMART’s EHfor addiction treatment helps trusted providers like SSTAR streamline care delivery. From admissions, medication dosing, clinical services to patient discharge, this cloud-based software simplifies daily tasks with advanced automation.  

    The SMART Solution is powered by Amazon Web Services (AWS), a trusted and secure HIPAA compliant cloud hosting platform. AWS helps covered entities subject to HIPAA regulations process securely maintain, and store protected health information. Moreover, this hosting platform is scalable to the growing needs of treatment programs. 

    Secures information

    Electronic Health Records Processing in Addiction Treatment

    Electronic-Health-Records-Processing-in-Addiction-Treatment

    The SMARTBridge™ is an electronic health records processing module available in SMART’s cloud-based EHR for opioid addiction treatment. This module provides a secure and automatic transmission of medical records, lab results, and financial data. Managers can track activities through a dedicated portal directly accessible from SMART.

    Benefits of EHR data processing with SMARTBridge™

    Secure Electronic Health Records Processing in Addiction Treatment
    Secures information

    Electronic health records processing with SMARTBridge helps ensure the safety of private patent information. It collects and posts information directly to electronic charts. This tool eliminates the need to enter results manually, saving your time and money.

    This module processes inbound Health Level 7 (HL7) messages from other software applications instantly upon receipt. It also generates outbound HL-7 messages to exchange data securely with other applications. The SMARTBridge is HIPAA compliant and only accessible directly by SMART’s IT team.

    Scaleable Electronic Health Records Processing in Addiction Treatment

    Scales to your needs

    When opening a new clinic, or a network of clinics, scalability of your current technology should be a primary concern. With the SMARTBridge size and performance of your database can be adjusted with no downtime. This feature keeps all your clinics running at peak performance and financial efficiency.

    Makes billing more predictable

    Convenient Billing Electronic Health Records Processing in Addiction TreatmentThe SMARTBridge allows you to process your billing per transaction or as fixed monthly amounts. Consistent, repeating revenue improves predictability, helping to further simplifying your processes.

    HIPAA-Compliant-Cloud-Storage-for-OTPs

    HIPAA Compliant Cloud Storage for OTPs

    HIPAA-Compliant-Cloud

    SMART’s EHR hosting platform for opioid treatment programs features HIPAA compliant cloud storage powered by Amazon Web Services (AWS) to increase efficiency, safely. AWS helps covered entities subject to HIPAA regulations process, maintain, and store protected health information. Interested? Request a demo.

    What You Can Expect from HIPAA Compliant Cloud Storage

    Improves efficiency 

    Amazon Web Service (AWS) offers a broad set of global services. These include computing, storage, database, analytics, application, and deployment services. This helps organizations move faster, lower IT costs, and scale applications. Moreover, AWS is a trusted and proven solution used by hundreds of thousands of business, operating in 190 countries. Incorporating this technology enables SMART to deliver the most powerful EHR solution yet.

    HIPAA-compliant-cloud-storage-efficiency

    It also improves the speed and performance of dosing and reports by enabling simultaneous read/write processes to occur across multiple replicated endpoints.


    “I love the fact that the billing on Monday is incredibly fast. I mean unbelievably! Tasks that usually take 15-20 minutes now take under a minute!”

    Deb R., Acadia Billing Manager

    Enhances data protection

    SMART’s new cloud also leverages Amazon Aurora, a database engine that delivers high-performance and reliability with real-time redundant backups and 99.995% uptime. Moreover, recovery from physical storage failures is transparent, and instant failover typically requires less than 30 seconds. Aurora’s storage is fault-tolerant and self-healing. Amazon continuously backs up six copies of your data and replicates them across three availability zones.

    Boosts security 

    HIPAA-compliant-cloud-security

    Amazon Aurora also provides SMART’s EHR users multiple levels of database security. The first level is network isolation using Amazon’s virtual private cloud (VPC). Access controls and boundaries from other networks in the AWS Cloud protect Amazon’s VPC. They closely resemble a traditional network that you would operate in your own data center with the benefit of the scalable infrastructure of AWS. Next is encryption-at-rest using keys you create and control through AWS Key Management Services (KMS).

    Lastly, the encryption of data in transit using SSL. On an encrypted Amazon Aurora instance, data in the underlying storage is encrypted as are the automated backups, snapshots, and replicas in the same cluster.

    Increases scalability

    HIPAA-compliant-cloud-scalability

    SMART’s shift to the highly-scalable, fully-managed AWS cloud database affords partners several advantages. Such as exclusive access to the latest developments like the SMARTBridge™. It also saves on operational costs by decreasing the need for equipment upgrades, IT resources, and EHR updates. Request more information today!

     

    cloud v on premises

    Electronic Health Record Security | Cloud Vs. On-Premises OTPs

    virus_security graphic

    Are EHR’s Secure? 

    The short answer is yes, but the level of security depends on how your EHR is hosted. If it’s cloud-based, there are many failsafe measures in place to protect your clinic and patient data. On-premises solutions, on the other hand, are less advanced and don’t have the capabilities to stay current with security, performance, and reliability.

    Whether a substance abuse treatment clinic’s data is hosted on-premises or in a cloud environment, hackers will try to find a way to ruin your day. Recovering from an attack can be significantly more challenging for on-premises users. Let’s discuss two real-life scenarios we’ve encountered.

    On-Premises Electronic Health Record Security 

    Scenario #1 – Clinic’s main server infected during a ransomware attack

    In the middle of the night, a ransomware virus infected a clinic’s main server, encrypting any file that was not actively in use. Fortunately, the SMART database was in use at that time and thus impervious to infection or alteration. Had it not been in use, SMART would have also been susceptible to the virus. They were able to copy their SMART data to a secure location and restore their entire server from a snapshot made the night before. If the virus had affected their SMART database or if a server backup wasn’t available, the results would have been very different – the clinic would be forced to pay the ransom for a decryption key or lose an entire day’s worth of data.

    Electronic Health Record Security | On-Premises 

    Scenario #2 – Clinic’s entire server and workstations infected by a ransomware virus

    A different clinic got hit quite a bit harder. A ransomware virus infected their workstations and their entire server. This affected their main SMART folder and database. Next, it spread to their external backup device encrypting all previous backups.

    The clinic had two choices – they could either pay the ransom and hope to get a decryption key or start from scratch with a blank database. At this point, they did not have access to SMART for over two days. If they could not decrypt the data, they wanted to be ready to start from scratch. SMART worked with the clinic to help build out a new server. After two days, they finally received the decryption key and access to their files. In total, they were unable to use SMART for four whole business days.

    This was a frustrating and time-consuming situation for both organizations. On-premises users are responsible for recovering from these attacks. Not only must they worry about getting SMART back up and running, but they also must repair and restore any infected workstations.

    How cloud-based EHR protects patient healthcare data 

    Security concerns with cloud-based users are much different. Since SMART’s Cloud launched in 2016, there have been zero attacks on cloud partners. It is important to note that if a virus infects a cloud-based user, there is still a chance of unauthorized patient information access. However, the odds of this occurring are far less likely because of the separation between user and data as well as the inherent stringent cloud security measures.

    The fact of the matter is that cloud security is far more advanced than traditional on-premise tactics. Choosing a cloud-hosted environment means increased security, period. Security is one of the greatest benefits of moving to the cloud along with uniformity, operational cost savings, and scalability. Learn more in this article’s top ten benefits list.

    patient-profiles- Electronic Health Record Security

    SMART has several layers of security that protect all data stored in the cloud.

    Virtual Private Cloud (VPC)

    The first layer is the Virtual Private Cloud (VPC). Data is stored in an encrypted environment. Only SMART data can pass in and out of this environment. Custom-built firewall rules allow us to prevent unwanted access.

    SMART Dedicated Servers

    The servers that run SMART in the cloud are “purpose-built”; they run SMART only. This prevents the risk of end users downloading malicious files from the internet. If a user opens a bad email or web link, only their computer will be affected.

     

    In a shared environment, downloading a bad file or opening a malicious email can cause a virus to spread throughout the organization bringing productivity to a halt.

    Amazon Aurora

    Amazon Aurora provides point-in-time recovery for cloud-based customers. In the unlikely event that a database restore is necessary, the latest backup is no more than 7 minutes old with the next-oldest full database backup being from the previous night.

    SMART maintains one year of daily database backups and migrates older backups to the AWS Glacier for long-term retention. Specific data is retrievable from any of the available backup copies. *A fee applies for this service.

    Trend Micro

    Trend Micro is a leader in providing cloud system and application security. This solution equips our servers with antivirus and malware protection, as well as intrusion detection, file integrity monitoring, and vulnerability scanning.

     

    Armor Cloud Security

    SMART has teamed up with ARMOR to take our cloud security to the next level. ARMOR provides SMART with Security-as-a-Service.

    A team of security engineers constantly monitor the environment responding immediately to potential threats and provide recommendations based on the latest developments in cloud security. Their expertise in the security field helps prevent attacks before they happen. They were able to detect and prevent the WannaCry virus two months before it spread worldwide. Armor allows SMART to focus on delivering the best application experience while also providing an industry leading security solution.

    Best EHR Security Measures 

    In conclusion, the best EHR security measure that you can take is to choose a cloud-hosted environment. In the event of an attack, cloud-based EHR users are only responsible for their local environment’s security. SMART takes ownership of getting the EHR back up and running.

    How Does HIPAA Impact Electronic Health Records and End Users?

    How HIPAA Affects EHRs & End Users

    Hipaa-privacy-ehr-software

    Privacy and Security Rules

    HIPAA affects both EHRs and end users. There are precise rules and regulations about the sharing and storing of electronically protected health information (ePHI) that, if broken, can result in civil violations, criminal penalties, hefty fines, and even jail time. The following details the best ways to safely store PHI and the responsibilities of treatment programs and EHRs like SMART.  

    Let’s start by looking at HIPAA’s two primary rules: 

    1. The Privacy Rule: This establishes standards for the protection of individuals’ medical records and other personal health information.
    2. The Security Rule: This requires appropriate administrative, physical, and technical safeguards to ensure confidentiality, data integrity, and the security of electronically protected health information (ePHI). 

      EHRs responsibility under HIPAA 

      As a cloud-based EHR provider, SMART is responsible for addressing many of the Privacy Rule provisions and all the provisions of the Security Rule. These provisions include securing, encrypting, and backing up our Partners’ ePHI to ensure its security and integrity, and by periodically testing our readiness for possible threats. 

      We accomplish this by performing routine, thorough Security Risk Assessments to ensure we are appropriately safeguarding all ePHI we receive, maintain, transmit, or process on behalf of treatment providers. 

      Performing Security Risk Assessments 

      How-Does-HIPAA-Impact-Electronic-Health-Records-and-End-Users-

      Understanding how to address HIPAA requirements begins with a full Security Risk Assessment, defined by HIPAA as “a thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic health information.” (1) 

      The following questions are adapted from NIST Special Publication (SP) 800-66. These are examples of what you should consider as part of the analysis: 

      1. Have you identified all the e-PHI within your organization, including e-PHI you create, receive, maintain, or transmit?  
      2. What are the external sources of e-PHI? In other words, do your vendors or consultants create, receive, maintain, or transmit e-PHI?  
      3. What are the human, natural, and environmental threats to information systems that contain e-PHI?  

          How does HIPAA Affect Addiction Treatment Providers?

          As covered entities, treatment providers are responsible for addressing all provisions of both the Privacy Rule and the Security Rule. Many of the Privacy Rule requirements must be addressed outside the realm of the EHR itself, such as having a sound set of HIPAA policies, providing training to all workforce members, posting notices, and supporting the patients’ rights granted by HIPAA. 

          To ensure compliance, consider the answers to the three questions listed above to ensure that all your e-PHI is protected against any reasonably anticipated threats and vulnerabilities. Doing this will help to protect both your organization and your patients. 

          Storing Protected Health Information (PHI)

          Cloud-vs-onpremises-EHR

          Electronic vs. paper health records

          Do you process every document in your clinic electronically or are you still hanging on to those paper charts? Electronically entering, searching, and storing data makes being audit-ready and HIPAAcompliant much more manageable.  

          There are three main benefits to being 100% paperless. The first is organizational efficiency; being electronic helps ensure that staff has access to the same up-to-the-minute patient information at the same time. Next, you can implement quality control processes like ensuring forms standardization and auto scheduling regulatory services. And finally, improve data collection standards by creating service type templates with required questions built-in

          Cloud vs. on-premises hosting

          Beyond just electronic data processing, how you host your data is incredibly vital to data security. Moreover, cloud-hosted solutions, by-far, provide better security capabilities than traditional on-premises hosting. For example, clinics with PHI hosted on-premise are much more vulnerable to data loss during malicious attacks because of the inability to perform tasks like point-in-time recovery. 

          The SMART way

          SMART’s Cloud-Based EHR – Powered by Amazon Web Services – helps covered entities subject to HIPAA, maintain, and store protected health information. SMART employs several layers of security like our virtual private cloud (VPC), Amazon Aurora, Trend Micro, and Armor Cloud Security that protect data stored in the cloud. 

          Our EHR platform builds in safeguards, and AWS adheres to all HIPAA protocols. As a result, end users benefit from audit and data integrity controls, malware protection, PHI encryption, backup and storage, automatic logoff, security incident detection and response, and contingency operations processes. Learn more.

          1.) https://www.hhs.gov/hipaa/for-professionals/index.html