Technology, standards and regulations
Highlights of SMART PEHR technology partners
● More than 1 billion health records worldwide are managed using the same technology, connecting thousands of disparate health information sources to achieve meaningful clinical utility.
● Customers in over 80 countries
● Nearly all U.S. academic medical centers are SMART PEHR’s technology partner customers
● Two-thirds of Americans receive care where SMART PEHR’s technology partners play a key role
● Two of the three major EHR solutions that Gartner calls “Global Solutions” run on SMART PEHR’s technology partners.
Privacy
SMART PEHR is driven by
Privacy Standards, which aim to protect an individual's (or organization's) right to determine whether, what, when, by whom and for what purpose their personal health information is collected, accessed, used or disclosed.
Our Security Standards define a set of administrative, physical and technical actions to protect the confidentiality, availability and integrity of health information.
SMART PEHR technology complies with the following standards
HIPAA Privacy Rule:
Establishes national standards to protect individuals’ medical records and other personal health information. The rule applies safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures of such information without patient authorization. The rule also gives patients rights over their own health information.
HIPAA Security Rule: Sets national standards for protecting the confidentiality, integrity, and availability of electronically protected health information.
General Data Protection Regulation (GDPR):
outlines privacy and security regulations for all processing and storage of data relating to data subjects—or people—in the European Union (EU).
Robust Security
SMART PEHR provides
A strong, flexible, consistent, and high-performance security infrastructure while minimizing its burden on application performance. This security architecture is based on authentication, authorization, auditing, and database encryption.
SMART PEHR delivers services which operate in accordance with all regulatory requirements and make use of advanced security systems and practices.
Authentication
Smart PEHR platform supports a number of authentication mechanisms, including two-factor authentication.
Authorization/eConsent
Assignation and management of privileges (including role-based and application-based privileges) are easily accomplished.
Auditing
All system and application events are recorded in an append-only log, which is compatible with any query or reporting tool.
Data Encryption
Platform provides mechanisms for encrypting both data-at-rest and data-in-motion
SMART PEHR standards-based platform includes the ability to read and write HL7 FHIR resources.
Global Trust program
SMART PEHR Platform commits to a Global Trust program by providing appropriate and necessary protections and safeguards to ensure the legitimate use, proper disclosure, and minimal contact of any Personal Information.
This Global Trust program uses a framework of controls based on ISO, HIPAA, NIST, APEC CBPR, and EU DPD/GDPR requirements.
In order to support Global Trust we:
(1) Identify the specific purposes for which we may need to collect, use, or disclose Personal Information
(2) Operationalize protections surrounding Personal Information relating to the privacy rights of individuals while ensuring availability for proper and authorized uses and disclosures
(3) Implement safeguards to secure the confidentiality, integrity, and availability of Personal Information in our environments
(4) Address education and awareness through a comprehensive Global Trust training initiative
(5) Respond promptly to any actual or suspected threats or vulnerabilities affecting Personal Information
Interoperability
SMART PEHR uses transport standards (“push” and “pull” methods ) between modern and legacy data representations, which address the format of messages exchanged between computer systems, document architecture, clinical templates, user interface and patient data linkage.
SMART PEHR transforms an HL7 V2/V3 message from one schema version to another, produces HL7 V2/V3 messages from a CDA document and transforms a portion of a CDA document out as FHIR resources.
Smart PEHR – Supported standards
Digital Imaging and Communications in Medicine (DICOM)
Direct StandardTM, which allows participants to send authenticated, encrypted health information directly to known, trusted recipients over the internet. Applicability Statement for Secure Health Transport v1.2 and the XDR and XDM for Direct Messaging.
Fast Healthcare Interoperability Resources (FHIR®): An HL7 standard for exchanging healthcare information electronically.
Smart PEHR FHIR (DSTU2, STU3, R4) repository offers full read/write capabilities, receiving or sending FHIR resources via the FHIR RESTful API in JSON or XML formats. This allows applications built on the latest technologies to use FHIR data for patient care, quality improvement and research.
Built-in data transformations between FHIR and other healthcare interoperability standards such as HL7 V2 and CDA.