Posts

EHR-Downtime.-Impact,-Recovery,-Preparedness

EHR Downtime. Impact, Recovery, Preparedness

EHR-Downtime-EHR Software Downtime, EHR Power Outage, Database Corruption-What-Happens

What happens to your EHR when there is a power outage?

Recently, one of SMART’s on-premise partners experienced EHR downtime when they lost power at their clinic. This sudden outage caused corruption of their server and database. While repairing the database, nurses had to dose manually for the day. Luckily, the database was recoverable; if it weren’t the clinic would have lost the entire days’ worth of data. Regardless, the nurses had to re-enter every dose poured that day into the system. Had this on-premise clinic been operating in the cloud, they would have been better protected against the potential for data loss.

Why are Cloud-Based EHR’s more reliable during power outages, natural disasters, or security incidents? 

When data is critical to an organization’s operations, it is vital to plan for the worst. That is why SMART’s EHR is hosted on the Amazon Web Services (AWS) Cloud. Amazon is known to have some of the best data centers in the world, providing multiple sources of redundancy to keep your servers up and running. Redundant systems for water, power, and internet connectivity significantly reduce the risk of server downtime. Constant monitoring of those systems ensures they are always ready to kick in if an issue arises. With multiple layers of security like database back-ups, network isolation, and encryption, there is a dramatic reduction in the risk of data loss. SMART’s Aurora database platform, powered by AWS, provides precise data protection with nightly back-ups and point-in-time recovery. This recovery means, in the event of database corruption or issue, we can restore data typically within 7-10 minutes.

What problems are associated with unexpected EHR downtime? 

Aside from frustrating patients, staff, and leadership, the risks associated with EHR downtime can be severe and costly. The most concerning problem may be patient safety. All other issues ultimately affect patient care in one way or another. In the event of an outage, particularly within a clinic operating an on-premises solution, data is at a higher risk of being compromised or lost. Critical information about a patient’s health history could be missed during treatment, negatively affecting their care and well-being.

Patient care may also be a challenge when staff is forced to endure the tedious process of inputting and searching for data in paper charts. Moreover, clinic operations suffer from the lack of quality control associated with performing procedures manually. To avoid these challenges, some organizations who have suffered wide-spread downtime have opted to invest in expensive back-up systems.1 While this may be effective, switching to a cloud environment is the most efficient solution.

How to prepare with a back-up plan 

Plan for downtime occurrences like you would for any disaster. Central to your plan’s success is making sure your staff members use a standardized approach to providing patient care during these incidents. Run regular EHR downtime drills among your clinicians and staff. These will help to reinforce your incident response plan – keeping it top-of-mind.

You may already have a process in place, but this won’t do you any good if the staff does not remember the steps to take. Also, your team will be more at ease if they are prepared with a plan when downtime occurs. Finally, document and review the results with leadership. Their support is essential to overall staff buy-in.2

All-in the Cloud 

Many different events could disrupt server operations. From power outages to flooding or fire, even someone tripping over a wire could bring work to a halt. Regardless of how it happens; this is just one of the reasons why SMART is committed to moving our partners’ servers and data into the AWS Cloud.

1.) https://ehrintelligence.com/news/ehr-downtime-drives-tn-hospital-to-invest-in-backup-system

2.) https://ehrintelligence.com/news/how-to-optimize-ehr-downtime-preparedness-reduce-slowdowns

 

cloud v on premises

Electronic Health Record Security | Cloud Vs. On-Premises 

virus_security graphic

Are EHR’s Secure? 

The short answer is yes, but the level of security depends on how your EHR is hosted. If it’s cloud-based, there are many failsafe measures in place to protect your clinic and patient data. On-premises solutions, on the other hand, are less advanced and don’t have the capabilities to stay current with security, performance, and reliability.  

Whether a clinic’s data is hosted on-premises or in a cloud environment, hackers will try to find a way to ruin your day. Recovering from an attack can be significantly more challenging for on-premises users. Let’s discuss two real-life scenarios we’ve encountered. 

Security of Health Records

On-premises – scenario #1

In the middle of the night, a ransomware virus infected a clinic’s main server, encrypting any file that was not actively in use. Fortunately, the SMART database was in use at that time and thus impervious to infection or alteration. Had it not been in use, SMART would have also been susceptible to the virus. They were able to copy their SMART data to a secure location and restore their entire server from a snapshot made the night before. If the virus had affected their SMART database or if a server backup wasn’t available, the results would have been very different – the clinic would be forced to pay the ransom for a decryption key or lose an entire day’s worth of data.

Electronic Health Record Security | On-Premises 

On-premises – scenario #2

A different clinic got hit quite a bit harder. A ransomware virus infected their workstations and their entire server. This affected their main SMART folder and database. Next, it spread to their external backup device encrypting all previous backups.  

The clinic had two choices – they could either pay the ransom and hope to get a decryption key or start from scratch with a blank database. At this point, they did not have access to SMART for over two days. If they could not decrypt the data, they wanted to be ready to start from scratch. SMART worked with the clinic to help build out a new server. After two days, they finally received the decryption key and access to their files. In total, they were unable to use SMART for four whole business days.

This was a frustrating and time-consuming situation for both organizations. On-premises users are responsible for recovering from these attacks. Not only must they worry about getting SMART back up and running, but they also must repair and restore any infected workstations.

How to protect patient healthcare data – Cloud-Based EHR 

Security concerns with cloud-based users are much different. Since SMART’s Cloud launched in 2016, there have been zero attacks on cloud partners. It is important to note that if a virus infects a cloud-based user, there is still a chance of unauthorized patient information access. However, the odds of this occurring are far less likely because of the separation between user and data as well as the inherent stringent cloud security measures. 

The fact of the matter is that cloud security is far more advanced than traditional on-premise tactics. Choosing a cloud-hosted environment means increased security, period. Security is one of the greatest benefits of moving to the cloud along with uniformity, operational cost savings, and scalability. Learn more in this article’s top ten benefits list.

patient-profiles- Electronic Health Record Security

SMART has several layers of security that protect all data stored in the cloud.  

Virtual Private Cloud (VPC)

The first layer is the Virtual Private Cloud (VPC). Data is stored in an encrypted environment. Only SMART data can pass in and out of this environment. Custom-built firewall rules allow us to prevent unwanted access.

SMART Dedicated Servers

The servers that run SMART in the cloud are “purpose-built”; they run SMART only. This prevents the risk of end users downloading malicious files from the internet. If a user opens a bad email or web link, only their computer will be affected.

In a shared environment, downloading a bad file or opening a malicious email can cause a virus to spread throughout the organization bringing productivity to a halt. 

Amazon Aurora

Amazon Aurora provides point-in-time recovery for cloud-based customers. In the unlikely event that a database restore is necessary, the latest backup is no more than 7 minutes old with the next-oldest full database backup being from the previous night.

SMART maintains one year of daily database backups and migrates older backups to the AWS Glacier for long-term retention. Specific data is retrievable from any of the available backup copies. *A fee applies for this service. 

Trend Micro

Trend Micro is a leader in providing cloud system and application security. This solution equips our servers with antivirus and malware protection, as well as intrusion detection, file integrity monitoring, and vulnerability scanning.

Armor Cloud Security

SMART has teamed up with ARMOR to take our cloud security to the next level. ARMOR provides SMART with Security-as-a-Service.

A team of security engineers constantly monitor the environment responding immediately to potential threats and provide recommendations based on the latest developments in cloud security. Their expertise in the security field helps prevent attacks before they happen. They were able to detect and prevent the WannaCry virus two months before it spread worldwide. Armor allows SMART to focus on delivering the best application experience while also providing an industry leading security solution.

Best EHR Security Measures 

In conclusion, the best EHR security measure that you can take is to choose a cloud-hosted environment. In the event of an attack, cloud-based EHR users are only responsible for their local environment’s security. SMART takes ownership of getting the EHR back up and running.  

10 benefits

Top 10 Benefits of Electronic Health Records | Going Paperless

Benefits-of-Electronic-health-records

Having electronic health records means that you can document all your clinic’s tasks digitally and in real-time without the need for paper charts. Beyond being paperless, there are many other advantages of EHRs to consider. Below we discuss specifically how individual clinics and enterprise organizations benefit from SMART’s Cloud-Based EHR – powered by AWS.

Benefits to individual clinics

Clinics improve staff collaboration and patient care with easily accessible information and reports automation.

Individual clinics
  1. Reduces redundancy of data entry; everything is in the system and is only a few clicks away.
  2. Saves physical space and office supply costs without the need for a chart room.
  3. No more time wasted filing and searching for paper charts.
  4. Expedites and automates receipt of lab test results.
  5. Organizes information making it easy to find simplifying quality control.
  6. Submits co-signatures on treatment plans, service delivery notes, medical orders, and forms remotely which reduces unnecessary travel time.
  7. Auto alerts and reminders help to ensure that you meet patient’s treatment needs on time.
  8. Optimizes admissions capacity with auto-scheduling and pre-admission screening.
  9. Maximizes revenue and decreases data entry with an integrated insurance billing module.
  10. Better tools and technology improve communication, staff retention, and employee satisfaction.

“SMART provides real-time information that allows staff to feel confident in their clinical decisions.”

Eileen, Director, Boston Public Health

Benefits to enterprise organizations

Managing a network of treatment programs can be challenging but with SMART’s cloud-based EHR software, you can create consistency across all locations while scaling to your growing needs.

Enterprise organizations
  1. Stores all your clinical information safely in one place.
  2. Saves operational costs by decreasing the need for equipment upgrades, IT resources, and EHR updates.
  3. Creates uniformity and consistency across all OTP locations.
  4. Establishes your corporate model of forms, services, and reporting.
  5. Reduces administrative costs by automating processing and reporting.
  6. Simplifies insurance, self-pay account management, and reporting functions with data-entry-free billing.
  7. Scales to your needs allowing you to adjust size and performance with no downtime.
  8. Automatically and seamlessly makes updates and improvements to the system.
  9. Leverages the latest technologies (like SMARTBridge™).
  10. Integrates with billing systems and state reporting eliminating the double entry of data.

Here are some advantages that clinics often overlook

Once you are operational with paperless health records, ensure that you are using all the features available. This will help you be even more efficient.

Create templates wherever possible

  • Service type templates save your teams from writing repetitive notes and allows them to see the exact data they need.
  • Release-of-information templates allow your team to choose a pre-populated template saving time on data entry and disclosure tracking.
  • Agency referral lists (via SMART’s QSOA feature) allow your team to quickly find referral sources and track expiring agreements.

Leverage our EHR’s secure cloud environment to build your key business rules for:

Integrate your billing processes

Outsourcing insurance billing to a third-party often costs more than processing it in-house. SMART’s paperless billing module gives users the ability to successfully manage the revenue cycle in-house.

Experience matters

SMART’s 100% paperless health records software has more than 25 years of experience serving opioid treatment programs. SMART has the unique ability to relate to the day-to-day challenges of medication-assisted treatment professionals because we’ve worked there too. President and CEO David L. Piccoli, II, was inspired to help his family’s network of opioid treatment facilities go paperless in the early 90’s. Since then, SMART’s EHR continues to grow with all our partners as they expand and transition more locations to have 100% paperless health records.

8-great-security-benefits

Cloud-Based EHR | 8 Great Security Benefits

8-great-security-benefits

Data Security is serious business. Fortunately, SMART’s Cloud-Based EHR complies with HIPAA’s security rule which requires specific protections to safeguard patient electronic health record information. Our EHR Platform – powered by AWS – builds in these safeguards and AWS adheres to all HIPAA protocols. Moreover, world-class companies like Adobe Systems, Siemens, Expedia, and Netflix rely on AWS. However, this cloud infrastructure is impossible to replicate for on-premises software users. We know there are concerns when considering a move to a cloud-based EHR. But many of these concerns are addressed by the inherent advantages of the platform. Below is a list of security benefits that can add value and give organizations peace of mind.

Top Security Advantages of SMART’s Cloud-Based EHR Platform

  1. Audit Controls  Maintains audit logging for all data assets to detect inappropriate access, tracking unauthorized disclosures, measuring performance problems, detecting intrusion attempts, and for the support of investigations.
  2. Data Integrity Controls – Includes a complete set of HIPAA policies for administrative controls. These include physical protections, staff training, and maintaining a “culture of security”.
  3. Malware Protection – Employs multiple layers of protection throughout our on-premises systems and AWS cloud presence.
  4. Encryption – Encrypts all protected health information (PHI) to the NIST AES-256 standard or better. This occurs at-rest as well as in motion within SMART’s AWS Cloud presence.
  5. Backup & Data Storage – Provides point-in-time recovery for cloud-based customers. In the unlikely event that a database restore is necessary, the latest backup is no older than 7 minutes with the next-oldest full database backup being from the previous night. We maintain one year of daily database backups and migrate older backups to the AWS Glacier for long-term retention. Specific data is retrievable from any of the available backup copies. (A fee applies for this service)
  6. Automatic Logoff – Configurable auto-logoff feature in compliance with this HIPAA rule.
  7. Security Incidents – Comprehensive procedures to detect and respond to security incidents. A HIPAA-compliant detailed breach analysis and reporting process supports our procedures.
  8. Contingency Operations – Adheres policies and procedures for responding to emergencies and disasters. This process focuses on helping you to regain access to your software and data quickly.

    As you can see, SMART’s Cloud provides significant advantages and tremendous value. Clinics gain confidence in data security and accessibility allowing them to focus on operations and patient care.

    Secures information

    Automatic Data Processing Increases Security

    The SMARTBridge™ is an automatic data processing module available to cloud-based SMART EHR users. It provides secure and automatic transmission of medical records, lab results, and financial data. It also allows managers to track activities through a dedicated portal directly accessible from SMART.

    Benefits of Automatic Data Processing with SMARTBridge™

    SMARTBridge enables automatic data processing_Secures information
    Secures information

    The SMARTBridge helps ensure the safety of private patent information. It collects and posts information directly to electronic charts. This tool eliminates the need to manually enter results, saving your time and money.

    The module automatically processes inbound Health Level 7 (HL7) messages from other software applications instantly upon receipt. It also generates outbound HL-7 messages to exchange data securely with other applications. The SMARTBridge is HIPAA compliant and only accessible directly by SMART’s IT team. 

    Scales to your needs

    Scales to your needs

    When opening a new clinic, or a network of clinics, scalability of your current technology should be a primary concern. With the SMARTBridge size and performance of your database can be adjusted with no downtime. This feature keeps all your clinics running at peak performance and financial efficiency.

    Makes billing more predictable

    Makes billing more convenientThe SMARTBridge allows you to process your billing per transaction or as fixed monthly amounts. Consistent, repeating revenue improves predictability, helping to further simplifying your processes.

    EHR platform

    HIPAA Compliant Cloud Storage for OTPs

    SMART’s EHR hosting platform for opioid treatment programs features HIPAA compliant cloud storage powered by Amazon Web Services (AWS) to increase efficiency, safely. AWS helps covered entities subject to HIPAA regulations process, maintain, and store protected health information. Interested? Request a demo.

    What You Can Expect from HIPAA Compliant Cloud Storage

    Improves efficiency 

    Amazon Web Service (AWS) offers a broad set of global services. These include computing, storage, database, analytics, application, and deployment services. This helps organizations move faster, lower IT costs, and scale applications. Moreover, AWS is a trusted and proven solution used by hundreds of thousands of business, operating in 190 countries. Incorporating this technology enables SMART to deliver the most powerful EHR solution yet.

    HIPAA-compliant-cloud-storage-efficiency

    It also improves the speed and performance of dosing and reports by enabling simultaneous read/write processes to occur across multiple replicated endpoints.


    “I love the fact that the billing on Monday is incredibly fast. I mean unbelievably! Tasks that usually take 15-20 minutes now take under a minute!”

    Deb R., Acadia Billing Manager

    Enhances data protection

    SMART’s new cloud also leverages Amazon Aurora, a database engine that delivers high-performance and reliability with real-time redundant backups and 99.995% uptime. Moreover, recovery from physical storage failures is transparent, and instant failover typically requires less than 30 seconds. Aurora’s storage is fault-tolerant and self-healing. Amazon continuously backs up six copies of your data and replicates them across three availability zones.

    Boosts security 

    HIPAA-compliant-cloud-security

    Amazon Aurora also provides SMART’s EHR users multiple levels of database security. The first level is network isolation using Amazon’s virtual private cloud (VPC). Access controls and boundaries from other networks in the AWS Cloud protect Amazon’s VPC. They closely resemble a traditional network that you would operate in your own data center with the benefit of the scalable infrastructure of AWS. Next is encryption-at-rest using keys you create and control through AWS Key Management Services (KMS).

    Lastly, the encryption of data in transit using SSL. On an encrypted Amazon Aurora instance, data in the underlying storage is encrypted as are the automated backups, snapshots, and replicas in the same cluster.

    Increases scalability

    HIPAA-compliant-cloud-scalability

    SMART’s shift to the highly-scalable, fully-managed AWS cloud database affords partners several advantages. Such as exclusive access to the latest developments like the SMARTBridge™. It also saves on operational costs by decreasing the need for equipment upgrades, IT resources, and EHR updates. Request more information today!