The healthcare industry has strived for data interoperability for many years. Electronic Medical Record (EMR) systems and Health Information Exchanges (HIE) adopted national standards such as HL7, ICD-10, and CPT. Health regulation leaders in Washington DC have subsidized the cost for doctors to go digital with initiatives including HITECH and Meaningful Use. So why hasn’t the siloed patient and clinical information broken free and become easily portable? The reason is two-fold: 1) patients lack tangible access to their own records, and 2) the underlying technology is insufficient to support this system. Most patient portals tacked onto existing EMR and hospital systems are not user friendly nor accessible to the patient. The national standard, HL7, simply defines the data slots to fill with information and completely lacks an authentication and authorization model and a transport layer.
CareDox was founded with the mission of a unified health record for the next generation, with a focus on pediatric health, families, and the school systems of America. We believe schools provide a key day-to-day healthcare service to all 50+ million children in the country. In order to empower underfunded schools, CareDox is building the leading health platform that enables schools to connect with families and the rest of the healthcare ecosystem. Connecting so many stakeholders with extremely sensitive information requires a world-class design and security model. In this blog post, we are sharing technical details on the four pillars of our security framework: regulatory compliance, system design, cloud infrastructure, and information audits/alerts.
CareDox is fully compliant with HIPAA (the Health Insurance Portability and Accountability Act) and FERPA (the Family Educational Rights and Privacy Act), – the two national regulations protecting the use of health and school data. On the technical side, this mean the following:
- Data encryption in transit (over the network) and at rest (stored on persistent devices) with SHA-256 RSA encryption
- All information entered into CareDox is backed up and instantly replicated across data centers in different geographical regions within 5 seconds
- Advanced authentication and authorization model that supports the various users – such as nurses and coaches – who need different access to different pieces of the health record
- Capturing user consent and Business Associate Agreement (BAA) contracts with any 3rd parties
- Security training with internal staff and strict review of access privileges
- Passwords instantly cryptographically one-way hashed with a salt (random addition) for safe storage
- Advanced auditing sub-system to ensure a paper trail for all data access and changes
This is just the baseline though; our crown-jewel is the design of our multitenant health record. This central data model is the key underpinning necessary to establish a medical system that allows for secure sharing and portability. We have build the CareDox Health Record from the ground up with the concept that different types of credentialed users contribute information to different parts of it. Here are two diagrams representing typical user relationships and our abstract data model:
The key things to note are:
- Users can have multiple relationships, for example being a staff at a school and a parent.
- Health records are centralized and parts can be shared between different organizations.
Keys things to know about our security data model:
- The security relationship is our central permission link that joins a person’s authorization (ie roles/permission) with their user groups (ie links to health records or various levels of an organization group, like district, schools, sessions, classrooms, custom buckets, teams, etc).
- We can not only authenticate against the CareDox core database, but also an organization’s custom one, such as an Active Directory or Lightweight Directory Access Protocol (LDAP).
- CareDox comes with a set of default roles for common permission sets such as nurses, teachers, staff, coaches, admins, and also offers organizations the ability to compose their own custom roles.
- We log in real-time the source of information, that means clients know nurse A edited the care plan for student B at school C, or that we loaded one immunization record from the school student information system (SIS), one from the state immunization registry, and another was entered by a staff.
Supporting complex security and allowing sharing is one thing, but what good is tracking all these changes if no one knows about it? This is why we have build in a sophisticated notifications system that ensures the right users are aware of key data change events in the system. We trigger notifications to parents, administrators or users for the following types of events:
- Student visits the nurse
- Medication administration
- Medication is running low
- Chronic Condition Visit with charting
- Health profile changed
- Screening recorded
- Immunization Forecast
- Care Plan review and signature request
- Enrollment submissions and approvals
- Report generation
There is one constant in software engineering, and that is things change. What good is a system if you can’t easily update it or deliver it to people? We are a fully-hosted solution, so organizations do not have to worry about any infrastructure.
- Hosting on AWS, the leader in cloud infrastructure
- Network firewalls and a Virtual Private Cloud (VPC) to limit access to our servers
- Elastic Load Balancers and Redundant DNS routing to ensure a 99.99% uptime
- Weekly code releases to allow issue patches and delivery of new features
This is the CareDox difference. We have built all the foundational components and connected them in a secure packaged turn-key solution for our customers. Our mission is to provide a unified health record and to enable school health programs to run more efficiently and safely. If you have any questions about the above or what full documentation, please reach out to our engineering team at email@example.com.