Certifications

EHNOTE EHR Version 1

Holds Certificate No: 15.04.04.3171.EHNO.01.00.1.231025
Date Certified: 10/25/2023
Effective Date: 2015 Edition
Criteria Tested: 170.315 (a)(1-5, 9, 12, 14-15); (b)(1-2, 10); (d)(1-9, 11-13); (e)(1, 3); (g)(2- 7, 9-10); (h)(1)
Clinical Quality Measures Tested: None
Additional Software Used: EMR Direct, Carefluence Open API

This Health IT Module is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC–ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services. Drummond Group is accredited by ANSI and approved by ONC for the ONC Health IT Certification Program to certify Health IT Module(s) and Certification of other types of Health IT for which the Secretary has adopted certification criteria under Subpart C of 45 CFR.

This certificate remains the property of Drummond Group and shall be returned immediately upon request. To be read in conjunction with the scope above or any attached appendix.

EHNOTE EHR Costs and Constraints:

EHNOTE EHR operates on a per-doctor licensing model with a fixed monthly rate, and practitioners cannot share licenses. There is the potential for extra expenses related to tasks such as transitioning from a previous EHR, integrating Practice Management software, HL7 integration, Machine Integration, and training.
Monthly support expenses for DrFirst Rcopia, used for electronic prescribing, are billed per provider at a flat monthly rate. Each provider is required to establish an agreement with DrFirst.
To use EMR Direct for secure email services, the provider must cover a setup fee for establishing their secure email address and an ongoing domain name fee. It's important to note that there are no limitations on the number of messages sent. Nevertheless, it's worth noting that EMR Direct messaging capabilities are restricted, and users cannot exchange messages with third-party HISPs who are not part of the Direct Trust Network.
We use Concurred fax services, and the provider must pay a setup fee. The first 500 pages per month are provided free of charge, after which a nominal fee is applied for all subsequent pages.

Multi-factor Authentication (MFA) in EHNOTE

Enabling and Disabling MFA: EHNOTE offers the capability for users to enable and disable multi-factor authentication (MFA). MFA enhances the security of user access to the system by requiring an additional authentication step beyond the conventional username and password login.

Enabling MFA: When MFA is enabled, users are prompted to enter an OTP (One-Time Password) to access the EHR system. Users have the option to enable MFA from their account settings.

Disabling MFA: If users wish to disable MFA for any reason, they must do so through their account settings. This process requires additional authentication to prevent unauthorized deactivation of MFA.

Authentication with OTP: When MFA is enabled, the user experience is as follows:

Username and Password: Users initiate the login process by entering their username and password, as they would in a standard authentication procedure.
OTP Requirement: After successfully entering their username and password, users are prompted to enter a one-time password (OTP). This OTP is sent to their registered phone number and email.
OTP Verification: Users retrieve the OTP from their registered phone number or email and enter it into the system. The system validates the OTP for correctness.
Access Authorization: If the OTP is verified as valid, the user gains access to the EHR system, where they can proceed to perform their tasks securely.
Access Denied: If the OTP is incorrect or expired, access to the EHR system is denied, enhancing the overall security of the system.

OTP Redundancy: EHNOTE provides redundancy by delivering OTPs to both the user's registered phone number and email. This redundancy ensures that users can receive OTPs even if one of their registered contact methods is temporarily unavailable.

User Responsibility: Users are responsible for maintaining accurate and up-to-date contact information to receive OTPs effectively. Additionally, users should not share their OTPs or store them in an insecure manner to maintain the security of their access to the EHR system.

Relied Upon Softwares:

Carefluence Open API R4: An Advanced Platform Unleashing the Power of Fast Healthcare Interoperability Resources (FHIR) API Capabilities to Streamline and Improve Healthcare Data Exchange and Interoperability.