FidelityEHR Meets the Compliance Regulations Your Organization Follows
FidelityEHR is browser agnostic and complies with HIPAA, FERPA, NIST, HITECH and section 508 of the Rehabilitation Act of 1973. There are a multitude of policies and administrative controls for compliance, including a Security Protocol and Procedure Manual to define compliancy to the aforementioned regulations. The highest level of security controls are access authorization procedures which are used to control access to applications and data at a number of layers assigned based on the minimum needed for a User to perform their duties. FidelityEHR controls access to the majority of applications at the User-interface level with restrictions based on a User’s role within their organization. The system incorporates unique Identifiers and access requirements for all Users at all levels within all Configurations.
As part of its routine review process, FidelityEHR:
- Logs unauthorized access attempts by date, time, User ID, device, and location.
- Maintains an audit trail of all security maintenance performed by date, time, User ID, device, and location. Such information is easily accessible.
- Provides security reports of Users and access levels.
- Logs all accesses (including inquiry) to electronic protected health information (EPHI).
- Has auditing capabilities for both online or batch reporting. Can also be exported into Word, Excel, or other leading industry tools.
- Archives logs and audits for recall as needed.
FidelityEHR is hosted on a world-class, HIPAA-compliant server that has successfully undergone independent 3rd party HIPAA assessments. With secure data centers, Connectria has demonstrated 100% HIPAA compliance and meets HITECH Act security standards surrounding the storage of Protected Health Information (PHI).
FidelityEHR provides role-based access and the ability to set various levels of accessibility for individuals based on their involvement with the identified client. Team members who are considered Users of the system are assigned login credentials and a Role. The Configuration Administrator will set system Permissions for each Role, and Youth will be assigned to each User accordingly. Permissions are set to allow or restrict the level of access to the Youth record as needed. This includes but is not limited to the areas of Assessments, Plans of Care, Service Notes, Messages to other Users, and Claims. All User activity is logged in the Administrative Settings Area, under the Access and Activity Monitor. This log tracks details that include the User Name, Login and Logout Date and Time, User IP, Browser, as well as the Activity of the User, such as visiting a specific page.
FidelityEHR is currently compatible with mobile devices-phone, tablet, etc., using common mobile technology operating systems (Apple IOS, Windows surface, Android). The system is HIPAA compliant and accessible through the device’s web browser, without the requirements of installing additional mobile applications on the device. Data is not stored locally on the device.