Enterprise Health handles electronic personal health information (ePHI) for our clients. To demonstrate our compliance with the required safeguards to protect that data, we have taken the measures to attain certifications from industry-leading organizations.
SERVICE ORGANIZATION CONTROL (SOC)
SOC reports issued by the American Institute of Certified Public Accountants (AICPA) enable companies to demonstrate a level of process and system control assurance to their clients. Enterprise Health undergoes regular third-party SOC examinations every year to articulate to our clients the strong commitment and robust controls we use to protect our clients’ data.
Enterprise Health has both SOC 2® Type 2 (Restricted Use) and SOC 3® (General Use) report on the controls at our organization relevant to the trust services criteria of security, availability, processing integrity, confidentiality and privacy.
HITRUST CSF Certified status demonstrates that Enterprise Health has met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places Enterprise Health in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
CERTIFIED EHR TECHNOLOGY
Enterprise Health is built on the WebChart electronic health record platform, an ONC-ACB certified electronic health record. WebChart is one of the first web-based electronic health record applications developed for the ambulatory physician practice space. Learn more about WebChart ONC-ACB certification here.
The ONC-ACB certification program was developed by the Office of the National Coordinator for Health Information Technology (ONC) within the U.S. Department of Health and Human Services to certify electronic health record applications used by physician practices and hospitals who bill Medicare and/or Medicaid. Certification criteria include rigorous technical, interoperability and real-world testing requirements administered by an ONC-authorized certification body. The program is based on the principles of the International Standards Organization (ISO) and International Electrotechnical Commission (IEC) framework.
The Enterprise Health application is not an ONC-ACB certified electronic health record. The ONC-ACB certification process does not include measures specific to occupational and employee health, nor is use of a certified electronic health record a requirement for most employer organizations providing health services to employees. In the event a client is interested in using the Enterprise Health application to participate in programs that require ONC-ACB certification, additional contract provisions will apply.
While certification may not be required in an employee health setting, the concept of a certified EHR in an occupational health IT solution is an important one, especially as more onsite employee health clinics expand operations beyond traditional medical surveillance, case management of worksite injury and illness and regulatory compliance.
Employer clinics increasingly provide primary care, urgent care, chronic disease management and health and wellness services, and can benefit significantly from IT functionality beyond what traditional occ health solutions provide.
Employers’ goals in providing these services are to better manage overall health spend, reduce member health risk, reduce absenteeism/presenteeism, increase employee productivity and help employees better manage chronic conditions — all of which depend on having a more complete picture of an employee’s health.
An occ health solution built on an ONC-ACB certified EHR platform enables enterprises to satisfy this wider range of employee health needs. Certification indicates the EHR performs specific clinical care and data exchange functionalities. It also confirms that employee health records adhere to US regulatory requirements to protect the privacy of individuals’ health information under the Health Insurance Portability and Accountability Act (HIPAA.)