This compliance document assumes you are running the "2011-2012 Certified UniCharts EMR version 3" of the program.
UniCharts EMR is fully compliant with HIPAA regulations and also certified as providing the complete set of security features required by HHS for meaningful use of the electronic health records systems. We have adhered to the best practices within the framework of HIPAA and ONC guidelines in order to provide extensive privacy and security related technical safeguards to our users. However, the users need to be aware that as far as a clinic or medical facility is concerned, it would require not only the technical safeguards provided by the software but also the implementation of administrative and physical safeguards if they want to be appropriately compliant. Broadly speaking, the administrative safeguards are about institutional policies and procedures to manage and maintain the security measures on an ongoing basis whereas the physical safeguards are measures related to controlling physical access to the buildings and equipment where the health information resides, and also its protection from natural and environmental hazards.
The UniCharts EMR has the following features and functionality built into the program that provides extensive security and privacy related technical safeguards to its users:
- Practice Retains Complete Control of Records
Even though UniCharts is a browser-based EMR with all the advantages this architecture offers, the server component needs to be installed within the individual medical practice and the clients run in a locally networked environment without any need of the Internet. This implies that the computer/server that houses the UniCharts EMR software and all the patient data is physically present in the individual medical office. Users have full control and ownership of their data as it resides in the database embedded with the program.
"How To" in UniCharts: The user downloads the EMR just like a regular program and installs it on one of their networked computers. During the installation process, they are asked to provide a password which must be at least eight characters long. This password is encrypted and set to be the database's root password.
The above password also serves as the administrator password to be used to enter the administrative area of the EMR program, as shown below. Note that clinical tasks are performed not here but on the client-side, client being the Internet Explorer browser. The EMR server shown below provide screens and functions to do administrative and maintenance type of things such as adding or deleting clinics, do network configurations, and perform backups etc.
- Authentication Security
As one of its first administrative tasks, the "main administrator" mentioned above adds a clinic to the system and defines that clinic's administrator level user. This clinic administrator" then adds other users as per requirement, and may keep on adding until the license ceiling is reached. And during the process of adding clinical users, he or she must define their passwords (which they may change later) that they will need to enter when at the time of logging in.
"How To" in UniCharts: The "clinic administrator" can add, edit or delete users on the Clinic/Staff tab in the customization area, as needed. Please note that the Clinic/Staff tab is only available to the clinic's administrator. Other normal clinical users do not have access to this tab.
The above implies that the only screen accessible to clincial staff without a username and password is the log in screen. Access to patient records requires staff to be logged into the system. No one can access patient information without a proper password.
- Access Control
The control of access through assignment of privileges play an important role in the UniCharts EMR security model. In UniCharts, every user has a privilege that determine the functions he/she can perform and access information within the system. Privilege can vary from 1 to 5. As mentioned earlier, a "clinic administrator" is defined by the "main administrator" at the time of creating a clinic in the system. This default clinic user automatically has the administrator level privilege, a privilege of 5. There can be only one user with a level 5 privilege and this is by design. This user cannot be deleted but its details can be edited if needed. Other users may have any of the lesser privileges according to the tasks they are expected to perform. A level 4 user can do everything that a level 5 user can do, except customizing the system. The tools under customization area are simply not available to lesser levels except for the Ancillaries/Menus tab. Similarly, a level 3 can do everything a level 4 can do, except that they cannot delete charts. A level 2 user can only view charts but cannot edit them and a level 1 user can only do scheduling related tasks and attach scanned documents etc to the charts without opening them. Note that the assignment of privileges is generally based upon the workflow needs and the level of trust one has over the staff members. For example, a receptionist may be assigned a privilege of 3 instead of 2 if he/she is likely to participate in semi-clinical tasks at some point in time.
"How To" in UniCharts: Again, the privileges are assigned by the "clinic administrator" on the Clinic/Staff tab in the customization area. Not only the privilege level is assigned at the time of adding a new user, the clinic administrator can change (increase or decrease) the privilege of an existing user at any time if needed.
- Emergency Access
As it sometimes happen during the routine operation of a client-server system, an emergency situation may potentially arise if users are unable to login to the EHR server through the client windows due to some kind of configuration problem or network failure. For this scenario, UniCharts specially provides a means to export patient information in read-only PDF format directly from the EHR server without needing the browser or a working network. This function is available to the "main administrator" and only he/she can export data of selected patients out of the system to make it accessible to providers as needed. If you would recall, this is not the “clinic administrator” with the privilege of level 5 but the "main administrator" who installed the EMR program and is responsible for server maintenance and related technical tasks such as database and SSL certificate management. This main administrator cannot login from the browser and does not have access to any clinical function of the system in the normal circumstances. However, this feature empowers him or her to export read-only files of patient information to be handed over to providers for use in emergency situations such as the one mentioned above.
"How To" in UniCharts: The emergency data access section is available under Backup/Export tab on the EMR server. The main administrator just has to login into the server program and export either selected patients or the entire population within the system if needed. The exported file is saved at the user specified location in the standard PDF format, ready to be used by physicians and the clinical staff in an emergency situation.
- High System Availability
In order to facilitate the administrators in ensuring high system availability at all times, UniCharts EMR provides a provision to do full system backups on external USB drives. This is different from backing up the database in which case only database files are copied. You may implement any backup strategy you feel appropriate (copying of database manually or scheduling automatic copying at predefined intervals or using a RAID array arrangement etc), we would still recommend that you at least once a week make a manual full system backup on an external USB drive. This is because the full system backup is a complete EMR with all your data in it. It simply does not have Windows shortcuts to start it. In case of a disaster and in the event routine backups do fail for some reason, the USB drive may be plugged into any operational computer to start the full fledged EMR immediately without even needing any reinstallation.
"How To" in UniCharts: The "entire system backup" option is available under Backup/Export tab on the EMR server. User just needs to insert an external drive into the server computer and select the save location to get it done.
In an emergency situation, you will just have to insert the external drive into the computer and go to the folder UniCharts in the backup on external drive. There you will find, among other files and folders, a colored icon resembling the UniCharts logo and also having the name UniCharts. Double clicking that icon will start the EMR directly from the USB drive. When started, you may do everything you used to do on a regular installed version. It will not be a bad idea to test this functionality beforehand, just be sure that only one instance of the EMR is running on a computer at any one time.
- Automatic Logoff
The EMR system has built-in automatic log-off capability and does not rely or use underlying operating system. The administrator defines the inactivity timeout duration after which a user is not able to perform any clinical task unless logged in again. Timeout setting is global and applies to all users.
"How To" in UniCharts: The session timeout setting is available under Network/Security tab on the EMR server. The main administrator just has to login into the server program and set the timeout as needed. Note that the timeout interval depends on your clinical setting. The administrator may decide to add a value of 0 if for some reason no timeout is desirable.
Note that unlike the standard timeout functionality available in most other products, UniCharts provides an enhanced implementation so that no work or data is lost in case a session times out. The user is able to resume right from that point once he or she logs in again, as shown below.
- Audit Trail and Logs
UniCharts EMR provides full audit trail capability. All user actions pertaining to chart creation, modification, access and deletion are recorded and this audit log information is stored directly into the database. The standard action syntax of “created”, “modified”, “accessed” and “deleted” is used for this purpose. The audit log records date/time, patient ID, user ID and action taken by the user and can be sorted on all four of these data elements.
"How To" in UniCharts: The utility to generate audit logs is available under Server Activity tab on the EMR server. The main administrator just has to login into the server program and select a data range under this tab to generate a log for that period. Once generated, the log may either be printed or exported out of the system as a text file for further analysis if required.
- Encryption of Network Data
The UniCharts EHR system has the built-in support for importing digital certificate and installing SSL layer. The certificate itself would need to be acquired by the medical facility from a certification authority because it would be in their name, but other than that the EMR has the complete functionally required to install the SSL secure layer for network communication. Once the SSL is installed, the data is transferred in a secured way using an encrypted and integrity https link between the server (the EHR) and the clients (the browsers). Please be aware that installing SSL is usually needed when the EMR is used over the Internet from remote locations. The installation of the SSL may NOT be necessary in clincial setups that use the EMR only locally and without any involvement of the Internet.
"How To" in UniCharts: The complete set of functions for installing SSL is available under the Network/Security tab on the EMR server. Please note that this Network/Security tab is designed for importing a single root certificate as usually required by primary CA authorities such as Verisign and Thawte. If such a certificate is used, then installation is straightforward as outlined in the four screenshots shown below. However, the secondary authorities like GoDaddy etc are not certifying authorities in themselves and they utilize an intermediate certificate in addition to the root certificate to establish the chain, bringing the total number of certificates to three or even four. In this case, the first step related to CSR generation would be the same but received certificates will have to be imported manually into the keystore. If you want to install godaddy or any other ssl, please let us know after you receive certificates from them and we will send you instructions on how to import their certificates manually.
- Encryption of Exported Data
UniCharts EMR provides encryption and decryption by encapsulating exported patient data in encrypted zip files. The system uses strong AES-256 encryption algorithm for this purpose. Note that the EHR system does not require any third party software to encrypt of decrypt files as it performs these functions natively. On the other side, the EHR encrypted files handed over or sent to the patients or other providers can be decrypted using the standard 7-Zip or Win-Zip programs that are ubiquitously available.
"How To" in UniCharts: Like many other security functions within the EMR system, the process of encrypting exported files is automatic. When user exports patient data such as CCR out of the system, he is presented a dialog box where he/she just need to provide a password to be used for encryption and that’s it.
Similarly, when an encrypted file is being imported into the system, the user just needs to provide the necessary password and the system automatically decrypts it.
- Encryption of Stored Data
UniCharts EMR automatically encrypts and decrypts the patient identifying information such as name, date of birth and social security numbers stored within the database. This is achieved using the database’s default strong cryptographic functions. These functions use the official AES (Advanced Encryption Standard) algorithm and encode sensitive data with a 128-bit key length.
"How To" in UniCharts: The encryption and decryption of select stored data is done in the background and is completely transparent to the user.
- Data Integrity while Exporting
In addition to the data integrity achieved by using SSL layer when transmitting data over the network, the UniCharts EMR ensures data integrity even further by hashing the manually exported data using the strong SHA-1 hashing algorithm. The hashing procedure is not only applied to the exported CCR patient visit summary files but also to the exported audit log file to ensure it has not been altered or tempered after generation.
"How To" in UniCharts: The process of generating the message digest is automatic. That is, the message digest is automatically generated when the concerned file is exported out of the system and the digest string is displayed on the screen and also appended to the name of the exported file so that the recipient may confirm its integrity if needed. As an example, the following screen shows the how a digest string is generated and appended to the file's name when an audit log is exported.
- Data Integrity of Completed Visits
Finally, in addition to ensuring the integrity of exported data as required by HIPAA and ONC, the UniCharts EMR also complies with FDA 21 CRF part II which is one the challenging aspects facing organizations that maintain and keep medical records in electronic form. The system does this by providing adequate functionality for locking patient visits data and producing user-independent computer generated time-stamped audit trails of this activity. Electronic locking, which timestamp, sign and seal each chart note entry, are part of the core EMR product. Even addenda to completed and locked notes are themselves signed, sealed, and time-stamped.
"How To" in UniCharts: Visit data may be locked by clicking the Lock icon that exists on the top right corner of the encounter form. Once locked, the encounter form becomes permanent part of the chart and cannot be deleted or edited in any way by any user of the system.
Note that this page outlines the security and privacy related features built into the UniCharts EMR system. A separate guide for administrators is also available here to help system administrators implement administrative and physical controls in conjunction with the above mentioned features to achieve a satisfactory level of HIPAA compliance.