Ecw Enterprise Patient Portal Mandatory
Total Page:16
File Type:pdf, Size:1020Kb
ENTERPRISE PATIENT PORTAL V2.1 MANDATORY DISCLOSURES December 2020 CONFIDENTIAL © eClinicalWorks, 2020. All rights reserved. Enterprise Patient Portal V2.1 Mandatory Disclosures CONTENTS 1. MANDATORY DISCLOSURES ____________________________________________________ 3 1.1. Add on Service: eClinicalWorks Enterprise Patient Portal ____________________________________ 3 §170.315(d)(1) - Authentication, Access Control, and Authorization ________________________________ 4 §170.315(d)(2) - Auditable Events and Tamper-Resistance __________________________________________ 4 §170.315(d)(3) - Audit Reports ________________________________________________________________________ 5 §170.315(d)(5) - Automatic Access Time-Out ________________________________________________________ 5 §170.315(d)(7) - End-User Device Encryption ________________________________________________________ 6 §170.315(d)(9) - Trusted Connection _________________________________________________________________ 6 §170.315(e)(1) - View, Download, and Transmit to Third-Party ______________________________________ 6 §170.315(e)(2) - Secure Messaging ___________________________________________________________________ 7 §170.315(e)(3) - Patient Health Information Capture ________________________________________________ 7 §170.315(g) (4-5) - Quality Management System (QMS) and Accessibility-Centered Design (ACD) __________________________________________________________________________________________ 8 §170.315(g)(6) - Consolidated CDA Creation Performance __________________________________________ 9 2. APPENDIX A: ABBREVIATIONS _________________________________________________ 12 3. APPENDIX B: ONC-ACB VERIFICATION ________________________________________ 15 4. APPENDIX C: DOCUMENTATION TERMS AND CONDITIONS _________________________ 16 5. APPENDIX D: NOTICES _______________________________________________________ 17 5.1. Trademarks __________________________________________________________________________________ 17 CONFIDENTIAL PUBLISHED ▪ 2 of 18 Enterprise Patient Portal V2.1 Mandatory Disclosures 1. Mandatory Disclosures The following sections describe eClinicalWorks® Enterprise Patient Portal mandatory disclosures. 1.1. Add on Service: eClinicalWorks Enterprise Patient Portal Description of Capability: The eClinicalWorks® Enterprise Patient Portal (hereinafter singularly referred to as “EPP”) is a tool that provides easy access to patient health information from eCW and non-eCW providers within a network/community, to deliver better healthcare. EPP is a secure, Web-based module designed to improve the quality of care by facilitating communication between hospital systems and eCW ambulatory and non-eCW ambulatory EMRs within a community and its patients, through the use of eClinicalWorks Electronic Health Exchange (eEHX®). Costs and Fees: The use of EPP involves costs in addition to the standard eClinicalWorks V11 costs. The costs that will be incurred are outlined below: Implementation, Hosting and Maintenance Costs: To implement the service, there is a one-time implementation cost applied to the entire organization, i.e., a single, one-time implementation cost per organization. There is a quarterly cost for support and maintenance of the platform as well as a quarterly cost for eClinicalWorks hosting the platform. This quarterly cost is determined by the number of patients that have an account related to the product. In addition to the implementation, hosting and maintenance costs, there are other potential costs, depending on the customer’s customization needs to support EPP: 1. Depending on the subscription package selected by the customer, an initial patient limit is set. If the number of patients goes beyond the set limit, a quarterly cost is incurred. 2. Customers have the availability to use eCW Project Managers to implement the product. This is an initial one-time cost, with additional time available for purchase at a daily rate. Travel and airfare costs are not incorporated into the daily rate. 3. Given a particular customer’s needs, there may be additional interfaces needed for their organization (such as a demographics feed inbound, a Consolidated Clinical Document Architecture (CCDA) feed inbound, HL7 Lab Results from Hospital, HL7 Radiology Results from Hospital, etc.). There is a one-time cost per interface/integration to set-up and configure the interface. The customer may have to sign an interface end-user/contractual agreement. CONFIDENTIAL PUBLISHED ▪ 3 of 18 Enterprise Patient Portal V2.1 Mandatory Disclosures If a customer is interested in having a test server hosted by EPP, a per month cost is incorporated. If the customer is hosting the server, a one-time setup fee is incurred. Additional Details: The EP or Hospitalist must sign an EPP Software License & Support agreement. The agreement is typically a 3-year term which may vary depending on the customer’s needs. Applicable Modalities: None. §170.315(d)(1) - Authentication, Access Control, and Authorization Description of Capability: Limits access to patient electronic health information to users who have valid credentials and only enables credentialed users to access the types of information permitted. Costs and Fees: None. Additional Details: None. Applicable Modalities: This functionality is available in the browser (Web), desktop (EXE), and eClinicalTouch modalities of eClinicalWorks. §170.315(d)(2) - Auditable Events and Tamper-Resistance Description of Capability: This criterion requires that by default, actions related to health information are recorded, such as who has accessed a patient’s information, and when, where, and how that access occurred. This capability (coupled with other Privacy and Security criteria such as Audit Reports and Auditing Actions on Health Information) enables a practice to review audit logs and thereby regularly monitor access to patient information and detect unauthorized access. This criterion also confirms that health IT can prevent such audit logs from being changed, overwritten or deleted. Costs and Fees: None. Additional Details: For tamper-resistance, eClinicalWorks disallows the deletion of records retained in the audit log at a minimum, and in some instances also disallows the updating of these logs. For eClinicalTouch, logging is performed but not viewable on the iPad. Logs can be viewed from the desktop or browser modalities. CONFIDENTIAL PUBLISHED ▪ 4 of 18 Enterprise Patient Portal V2.1 Mandatory Disclosures Applicable Modalities: This functionality is available in the browser (Web), desktop (EXE), and eClinicalTouch modalities of eClinicalWorks. §170.315(d)(3) - Audit Reports Description of Capability: Audit reports enable a user to create reports of events recorded in audit trails and audit logs (refer to §170.315(d)(2) - Auditable Events and Tamper-Resistance). Costs and Fees: None. Additional Details: Some of the reports used to meet this requirement are created from logs that are parsed nightly but can be parsed on-demand if needed. For eClinicalTouch, logging is performed but not viewable on the iPad. Logs can be viewed from the desktop or browser modalities. Applicable Modalities: This functionality is available in the browser (Web) and desktop (EXE) modalities of eClinicalWorks. §170.315(d)(5) - Automatic Access Time-Out Description of Capability: Enables an automatic stop for users to access health information after a predetermined amount of inactivity and requires authentication to resume or regain access. Costs and Fees: None. Additional Details: Auto time-out settings must be configured by the practice. Enhancement of this feature is controlled by an item key and can be enabled on request. Applicable Modalities: This functionality is available in the browser (Web), desktop (EXE), and eClinicalTouch modalities of eClinicalWorks. CONFIDENTIAL PUBLISHED ▪ 5 of 18 Enterprise Patient Portal V2.1 Mandatory Disclosures §170.315(d)(7) - End-User Device Encryption Description of Capability: Technology designed to prevent health information from being locally stored on end-user devices after use of the technology on the devices stops. Costs and Fees: None. Additional Details: The programmed storage of information is ceased upon termination of sessions using the desktop, browser, and eClinicalTouch modalities of eClinicalWorks. Applicable Modalities: This functionality is available in the browser (Web), desktop (EXE), and eClinicalTouch modalities of eClinicalWorks. §170.315(d)(9) - Trusted Connection Description of Capability: Enables the ability to create a trusted connection according the criterion specified standards. Costs and Fees: None. Additional Details: SSL/HTTPS configuration for any services that are hosted by the customer directly, is the responsibility of that customer. Applicable Modalities: This functionality is available in the browser (Web), desktop (EXE), eClinicalTouch, and eClinicalMobile modalities of eClinicalWorks. §170.315(e)(1) - View, Download, and Transmit to Third-Party Description of Capability: Enables the ability for patients to use internet-based technology to view, download, and transmit their health information to a third-party in the criterion specified manner. Costs and Fees: Costs are outlined in the Add on Service: Enterprise Patient Portal section of this document. CONFIDENTIAL PUBLISHED ▪ 6 of 18 Enterprise Patient Portal V2.1 Mandatory Disclosures Additional Details: All sections of the certified capability Visit Summary are enabled by default in the EMR. Users have the ability to change, or uncheck,