Certifications

EHNOTE EHR Version 1

Holds Certificate No: 15.04.04.3171.EHNO.01.00.1.231025
Date Certified: 10/25/2023
Effective Date: 2015 Edition
Criteria Tested: 170.315 (a)(1-5, 9, 12, 14-15); (b)(1-2, 10); (d)(1-9, 11-13); (e)(1, 3); (g)(2- 7, 9-10); (h)(1)
Clinical Quality Measures Tested: None
Additional Software Used: EMR Direct, Carefluence Open API

This Health IT Module is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC–ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services. Drummond Group is accredited by ANSI and approved by ONC for the ONC Health IT Certification Program to certify Health IT Module(s) and Certification of other types of Health IT for which the Secretary has adopted certification criteria under Subpart C of 45 CFR.

This certificate remains the property of Drummond Group and shall be returned immediately upon request. To be read in conjunction with the scope above or any attached appendix.

EHNOTE EHR Costs and Constraints:

EHNOTE EHR operates on a per-doctor licensing model with a fixed monthly rate, and practitioners cannot share licenses. There is the potential for extra expenses related to tasks such as transitioning from a previous EHR, integrating Practice Management software, HL7 integration, Machine Integration, and training.
Monthly support expenses for DrFirst Rcopia, used for electronic prescribing, are billed per provider at a flat monthly rate. Each provider is required to establish an agreement with DrFirst.
To use EMR Direct for secure email services, the provider must cover a setup fee for establishing their secure email address and an ongoing domain name fee. It's important to note that there are no limitations on the number of messages sent. Nevertheless, it's worth noting that EMR Direct messaging capabilities are restricted, and users cannot exchange messages with third-party HISPs who are not part of the Direct Trust Network.
We use Concurred fax services, and the provider must pay a setup fee. The first 500 pages per month are provided free of charge, after which a nominal fee is applied for all subsequent pages.

Multi-factor Authentication (MFA) in EHNOTE

Enabling and Disabling MFA: EHNOTE offers the capability for users to enable and disable multi-factor authentication (MFA). MFA enhances the security of user access to the system by requiring an additional authentication step beyond the conventional username and password login.

Enabling MFA: When MFA is enabled, users are prompted to enter an OTP (One-Time Password) to access the EHR system. Users have the option to enable MFA from their account settings.

Disabling MFA: If users wish to disable MFA for any reason, they must do so through their account settings. This process requires additional authentication to prevent unauthorized deactivation of MFA.

Authentication with OTP: When MFA is enabled, the user experience is as follows:

Username and Password: Users initiate the login process by entering their username and password, as they would in a standard authentication procedure.
OTP Requirement: After successfully entering their username and password, users are prompted to enter a one-time password (OTP). This OTP is sent to their registered phone number and email.
OTP Verification: Users retrieve the OTP from their registered phone number or email and enter it into the system. The system validates the OTP for correctness.
Access Authorization: If the OTP is verified as valid, the user gains access to the EHR system, where they can proceed to perform their tasks securely.
Access Denied: If the OTP is incorrect or expired, access to the EHR system is denied, enhancing the overall security of the system.

OTP Redundancy: EHNOTE provides redundancy by delivering OTPs to both the user's registered phone number and email. This redundancy ensures that users can receive OTPs even if one of their registered contact methods is temporarily unavailable.

User Responsibility: Users are responsible for maintaining accurate and up-to-date contact information to receive OTPs effectively. Additionally, users should not share their OTPs or store them in an insecure manner to maintain the security of their access to the EHR system.

Relied Upon Softwares:

Carefluence Open API R4: An Advanced Platform Unleashing the Power of Fast Healthcare Interoperability Resources (FHIR) API Capabilities to Streamline and Improve Healthcare Data Exchange and Interoperability.

Real World Testing plan:

2025

Risk Mitigation:

Risk Analysis :

Ehnote provides accurate recommendations based on evidence and data as an inaccurate prediction could lead to improper treatment.
We verify that the decision support tool is dependable and works consistently for all patients.
Ehnote can handle patient conditions (e.g., different ages, comorbidities etc..,)
We ensure that Ehnote's recommendations are not biased against certain groups (e.g., people of different races, genders, or backgrounds).
Making sure that healthcare providers can easily understand and act upon the recommendations made by the tool.
Assessing whether the tool avoids risks such as inappropriate treatments or delays in wound care.
Protecting patient data used by the decision support system to ensure compliance with privacy regulations (e.g., HIPAA).
The AI will undergo an assessment to evaluate its potential impact on patients, clinical workflow, financial or operational considerations, and potential risks like fairness, appropriateness, validity, effectiveness, or safety (FAVES), robustness, reliability, intelligibility, security, and privacy.
Performance and accuracy will be thoroughly validated using appropriate testing methodologies.

Risk Mitigation :

PDF

Validating the algorithms are based on the latest clinical evidence and best practices.
Regularly updating the tool’s database to account for new research or treatments.
Training healthcare professionals on how to use the tool properly and interpret its recommendations.

Governance :

Establishing clear policies on how the decision support tool is used, including who is responsible for data input, how treatment recommendations are followed, and how the tool is updated.
Creating controls for data acquisition and management, such as ensuring that patient data is collected correctly and stored securely, and that only authorized personnel have access to sensitive data.
Identification on how data is acquired, managed, and used.