blogheader-bg.jpg

Epiphany Healthcare Blog

Russ DeRemer

Recent Posts

ECG Management Systems Running on End of Life Operating Systems

Posted by Russ DeRemer on March 11, 2019 at 1:10 PM

From the desk of the President:

Most hospitals consider ECG management systems to be mission critical. If your system is running on a Microsoft Server 2008 operating system, that operating system will be at the end of life (EOL) on 14 January 2020. What happens when a Microsoft operating system goes end of life?

  • Microsoft will not provide patches or updates
  • There will be no technical assistance available
  • Newly identified vulnerabilities will not be addressed
  • Microsoft will not offer any types of support for EOL systems

Possibly worse than the problems outlined above, after an operating system goes EOL, those systems are often targeted and exploited by cyberattacks. Anyone facing this EOL should begin planning the upgrade of their ECG management system.

iStock-914785080

A few warnings from the internet regarding EOL software:

Staying on EOL Software Renders Your System Vulnerable, “Hackers exist to prey on vulnerabilities, and end of life software provides them with ample opportunities.”  Read more >

Can I still use my current system?

Yes, you will be able to continue using your computer with Windows 7 or Server 2008, but they will have a major security vulnerability and may not meet required standards for governing entities like HIPAA, FINRA, etc.  
Read more >

Depending on the circumstances, one recommendation is to move the on-premise Microsoft SQL 2008 and Microsoft Windows Server 2008 workloads into the Microsoft Azure cloud.  Read more >

Note: Epiphany Cloud Services offers ECG Management in the Microsoft Azure cloud. 

I write this message to strongly encourage you to begin planning an upgrade as soon as possible. Please share this communication with people in your organization who can accelerate a system upgrade. 
More Information on Epiphany Cloud Services

Russ DeRemer
President & CEO, Epiphany Healthcare

Topics: managing diagnostic test results, Epiphany Cloud Services, Microsoft end of life

Same Great System Now Conveniently in the Cloud!

Posted by Russ DeRemer on January 23, 2019 at 4:38 PM

Epiphany has been heavily vested in cloud computing for many years. Research and development, customer support, HR, payroll, employee benefits, document control, and our Quality System all reside in the cloud. Most businesses, outside of medicine, routinely maintain the majority of their infrastructure in the Cloud.

From Help Net Security, 07.16.2018: “86% of enterprises have adopted a multi-cloud strategy.”

Epiphany is confident that the time has come to take advantage of the cloud to manage your ECG and other clinical data.

Cloud

Recent articles discussing hospitals moving to the cloud include:

Cloud Decision Center, 07.26.2018: Exploring the Strategic Benefits of Moving to the Cloud

HIMSS Learning Center, 08.14.2018: Leveraging Cloud to Revolutionize Health IT…

HIMSS Learning Center, 06.21.2018: HIPAA Cloud Services: Run Healthcare Workloads in the Oracle Cloud

Cloud Decision Center, 06.14.2018: EHRs in the Cloud: why smaller healthcare providers are making the leap

HIMSS Learning Center, 04.28.2018: Enabling Innovation in Healthcare Through Technology…

Cloud Decision Center, 04.10.2018: Healthcare specialties find efficiencies and more in the Cloud


The cloud allows us to think about a new way to solve version-control issues. Instead of waiting for major upgrades, we will frequently patch systems with smaller security and feature updates. With the hospital’s agreement, Epiphany will commit to maintaining all of our interfaces and exports without modifications. Each patch will include documentation on the improvements. This commitment will allow hospitals to keep their system current without expensive upgrade projects.


Take advantage of the following financial benefits by moving to Epiphany Cloud Services:

• Operating budget vs. capital budget

• Reduced implementation and start-up costs

• Lower five-year lifecycle costs


Reduce your IT footprint and its responsibilities by moving the following to the cloud:

• Single-tenancy servers and data storage

• High-availability virtual environment to minimize down time

• Epiphany production and test environments

• Secure business-to-business encrypted virtual private network (VPN)

• Cyber security, malware, and virus protection

• Third-party operating systems, patches, and upgrades

• Backup and disaster recovery


Additional significant value-added capabilities from Epiphany Cloud Services:

Cardio Server Mobile included

• Proactive system monitoring to catch failures before they happen

• Frequent Epiphany software and security updates and patches

• Annual backup and disaster recovery technology testing

• Annual software version penetration testing

Contact Epiphany at (804) 744-8931 to learn more about   Epiphany Cloud Services.

 

Topics: ECG management, ECG management system, EKG management, managing diagnostic test results, Epiphany Cloud Services

Security, Threats, and Bad Actors in Healthcare

Posted by Russ DeRemer on May 22, 2018 at 10:42 AM

From the desk of the President: Focus on cybersecurity 

The number of bad actors, the seriousness of damage, and the frequency of threats continues to increase in healthcare cybersecurity.  Healthcare and medical devices are under attack.  Managers must consider cybersecurity when maintaining and upgrading their medical devices.

Cyber Security

Healthcare Ransomware, Data Breaches, Represent Top Industry Threats (from the 2017 HIMSS Cybersecurity Survey) by Elizabeth Snell, Thinkstock

75% of the 239 healthcare respondents said that their organization experienced a significant security incident in the past 12 months.  Nearly all of those entities (96%) were able to identify the threat actor.

37% of healthcare respondents that experienced a security incident in the past 12 months said it was due to an online scam.  20% of those surveyed attributed the attack to a negligent insider, with another 20% said a hacker caused the issue.

55% of those surveyed said their organization has a dedicated or defined amount of the budget for cybersecurity needs.

The 2017 HIMSS Cybersecurity Survey Final Report found:

•  Patient Safety is the #1 Concern
•  Data Breach is the #2 Concern
•  Spread of Malware is the #3 Concern

Epiphany Healthcare customers have often, in the past, waited to upgrade their systems until their operating system or browsers reached end of life.  This strategy may have been OK six or seven years’ ago.  It is not today.

Today, our software has evolved with a tremendous focus on the escalating cybersecurity threats and is much more secure than the software deployed six or seven years’ ago when the constant threat did not exist.

We contract with consultants to identify system vulnerabilities.  Those vulnerabilities that can be patched are released for the current version.  Vulnerabilities that cannot be patched are addressed in the next release.  This is an ongoing process to keep up with the evolving security threats.

In summary, current versions of Epiphany’s Cardio Server are far more secure than versions from six years’ ago.  Epiphany strongly recommends that every time you add a new module or feature, include a software upgrade in your purchase.  The software is included in your annual support agreement, you only pay for project management and technical engineering to implement the upgrade.  It is the prudent course to take in today’s world.

Take a Look: Start Planning Your Upgrade

Topics: Cardio Server security, security, upgrade, cybersecurity

Common Practices and Security Risks

Posted by Russ DeRemer on July 14, 2017 at 10:01 AM

The following is a discussion of three common system configurations and the corresponding security risks.  Epiphany’s best-practice recommendations are included.

Web API 

coding.jpgThe optional Epiphany Web API (application programming interface) supports the ability of another program or application to request information from Cardio Server that is then displayed in a browser window.  

A common use case is to display a link within the patient's EMR record or cardiology PACS application to access diagnostic test results (from ECG, stress, Holter, PFT, etc.).  The user can simply click a link within the EMR or PACS application and the results will appear in a new window.   

When a user clicks on the link, the requesting application (EMR/PACS) creates a request with specific parameters that identify the information needed (i.e., MRN, type of study, date and time of service).  That request, or Web API call, is sent to Cardio Server.  Cardio Server processes the request and provides diagnostic test results in a new browser window.  The request to Cardio Server must follow certain syntax and content as defined by the Cardio Server Web API specifications.

The unencrypted Web API has been made available as an option for use in Cardio Server as a concession to legacy systems and third-party systems that cannot support a properly encrypted API. It is inherently unsecure as it allows any user with access to the system to authenticate with only a known good username.  It is not recommended by Epiphany Healthcare, but will be enabled if requested by the customer.  Exploitation risk: Entity’s staff who have been granted privileges to Cardio Server and have an affirmative duty to safeguard protected health information can access patient records inappropriately.

HL7 PDF link

Many Epiphany customers use Cardio Server as the official image archive for cardiology and pulmonary diagnostic test results.  In order to support customer requests for easy retrieval, some customers prefer to include a static URL link to Cardio Server in HL7 Results messages.  The link displays a specific diagnostic test result.   

The use of a PDF link in HL7 Result messages has been made available as an option for use in Cardio Server as a concession to legacy systems and third-party systems that cannot support a properly encrypted Web API.  It is inherently unsecure as it allows any user with access to the system to possibly access PDF files, given certain information.  It is not recommended by Epiphany Healthcare but will be enabled if requested by the customer.  Exploitation risk: Entity’s staff who have been granted privileges to Cardio Server and have an affirmative duty to safeguard protected health information can access patient records inappropriately.

Server Access Outside of Secure Network

Cardio Server can be configured to permit internet-facing login and access.   

Making the server available outside the hospital network, without additional security access controls (e.g., VPN or portal), is STRONGLY DISCOURAGED as the entity’s security exposure/risk is greatly enhanced.  Exploitation risk: Substantial risk of third–party, malicious penetration.   

In addition, the use of Active Directory password integration is recommended for Cardio Server installations.

Contact an Epiphany representative if you have any questions or would like to discuss this matter.

10 Requirements for a Multi-Modality ECG Management System

Posted by Russ DeRemer on March 23, 2016 at 3:30 PM

As you seek to achieve interoperability, the many diagnostic test results performed in a Cardiology or Cardiopulmonary Department need to find their way into the hospital’s EHR. Simply importing a PDF test result to an ECG Management System fails to take advantage of the many benefits available when managing 12-lead ECG data and other diagnostic test results. If you are looking for a multi-modality ECG management system, please consider these factors:

  1. modality_circle_toEHR.pngSupport 12-lead ECG data from cardiographs, defibrillators, and bedside patient monitoring coming from multiple vendors.
  2. Manage the following modalities: Holter, stress test, PFT, event monitoring, patient-monitoring, pacemaker follow-up, ICD management, cardiac rehab, sleep studies, ambulatory blood pressure, EEG, and more
  3. With network access, allow physicians to view, edit, confirm, and digitally sign all diagnostic tests results using a standard web browser.
  4. Management and research reporting available for all modalities. 
  5. Accept diagnostic test results from any vendor that shares its data and formats.  
  6. Receive waveforms and additional digital data such as XML or HL7 exports from devices to support editable reports and structured reporting, i.e., support interoperability. 
  7. Connect to the EHR with HL7 interfaces including ADT, Orders, Results, and Billing messaging.
  8. Provide enhanced bi-directional communication including modality worklists via DICOM, XML, and other worklist formats.
  9. Workflow requirements, including email notification, faxing, network printing, and generating billing messages are supported for all modalities. 
  10. Single-click access from CVIS system to ECG Management System using Web API.

Upgrading or implementing a new ECG Management System in your hospital is a significant investment of dollars and time. Maximize the return from this effort: Manage many types of diagnostic test results, share one set of HL7 interfaces across multiple modalities, and move towards meaningful use.

Watch Our 3 Minute Overview Video

Topics: stress, 12-lead ecg data, holter, managing ECG data, ECG management, diagnostic test results, multi-modality

Physicians Are Saying "I Want It All"

Posted by Russ DeRemer on July 28, 2015 at 11:01 AM

Over recent years, physicians have been urged, pushed, prodded, and required to move into the digital world of managing clinical reports. They have been forced to adopt EHRs, CPOE, PACS, and on-line reading with digital signatures. In a typical hospital, a reading cardiologist or internist may have to read 12-lead ECGs in an ECG management system, but they also need to read stress test reports, Holter studies, and cardiac rehab files that are often on paper. These physicians also need to go to pacemaker follow-up applications to review pacemaker and ICD reports. Long-term event monitoring is often provided by a third-party service provider with web-based reporting that the physician has to access. 12-lead ECGs performed in an ambulance are generally available in yet another application. (For more on multi-modality data management, please read our managing diagnostic test results article.)

CS_on_devices_trending

In recent months, while demonstrating our system to cardiology departments and physicians, I have heard a number of physicians say, “I want it all,” meaning that they want all of these modalities in one system, with only one application to go to, and a single sign-on simplifying password management. And, they want it connected to the cardiology PACS.

It is possible to “have it all.” Epiphany can manage 12-lead ECGs from cardiographs and ambulances, stress tests, Holter, cardiac rehab, pacemakers, ICDs, event monitoring, and more in one application interfaced to your PACS and EHR. (In addition, Epiphany supports the requirement for interoperability of the data in these clinical reports. Learn more about this topic in our interoperability statement.)

Simplify workflow, improve access, enhance security, and speed up reading turn-around time. Talk with us about letting your physicians “have it all.”

 

Let Us Improve Your Organization's Interoperability!

Topics: physician satisfaction,

Epiphany Healthcare Added 117 New Hospital Customers in 2014!

Posted by Russ DeRemer on March 10, 2015 at 4:02 PM

Competitive ECG Management System Replacements

competitive_replacements

Epiphany added 117 new customers in 2014, establishing Epiphany as the leader in new-system sales in the hospital ECG Management market. Just in 2014, Epiphany migrated 72 GE MUSE customers, 14 Philips TraceMaster customers, and 11 Mortara Pyramis customers over to Cardio Server. 

Have a Look at Epiphany: 

Many hospitals upgrade legacy ECG Management systems without looking at alternatives. What have our new customers learned that would cause them to select Epiphany?

  • Epiphany has advantages managing clinical data from many different vendors and modalities
  • Lifecycle costs are lower with less expensive support agreements that include software upgrades
  • Epiphany can digitally migrate your legacy ECG data into Cardio Server
  • KLAS has ranked Epiphany as “Category Leader” for 6 years in a row
  • Epiphany has expertise managing clinical data and complex workflows in enterprise systems with multiple hospitals (IDNs). These accounts often have a mix of differing vendors’ ECG Management systems, cardiographs, and other devices.
Sign up for a free demonstration or request a complimentary workflow analysis for more information.Let Epiphany Help Solve Your Workflow Challenges

Topics: Cardio Server, Epiphany Healthcare, ECG management, ECG management system, Philips TraceMaster, Mortara Pyramis, GE Muse

12 Questions to Determine How "Open" ECG Management Vendors Are

Posted by Russ DeRemer on June 24, 2014 at 4:51 PM

From the President’s Desk:

As more vendors open their ECG Management systems to support modality worklists to third-party cardiographs, there are questions you may want to ask to determine how “open” their systems really are.

Does the vendor provide the same functionality for third-party cardiograph ECG data as they do for their own? Epiphany does not sell devices and treats all vendors’ ECG data equally.

Do the ECGs from third-party vendors support: 

  1. Serial comparison reporting?
    Epiphany - Yes                                        Vendor?
     
  2. Electronic calipers and re-measuring intervals (e.g.,STEMI and QTc)?
    Epiphany - Yes                                        Vendor?
     
  3. Reformatting ECG layout?
    Epiphany - Yes                                        Vendor?
     
  4. Changing the rhythm strip?
    Epiphany - Yes                                        Vendor?
     
  5. Adjusting the gain?
    Epiphany - Yes                                        Vendor?
     
  6. Modifying filters?
    Epiphany - Yes                                        Vendor?
     
  7. Viewing at a 50mm sweep speed?
    Epiphany - Yes                                        Vendor?
     
  8. Removing pacemaker artifacts?
    Epiphany - Yes                                        Vendor? 
     
  9. Do these capabilities apply to legacy data that has been migrated?
    Epiphany - Yes                                        Vendor?
     
  10. Is the modality worklist functionality embedded in the system? (rather than provided by a third-party vendor)
    Epiphany - Yes, embedded                       Vendor?
     
  11. Who provides support for the modality worklist technology?
    Supported by Epiphany                            Vendor?
     
  12. Does the modality worklist functionality require additional server technology?      
    Epiphany - No                                         Vendor?

Epiphany is committed to promoting open systems and interoperability. Discover why Epiphany is preferred when choosing an ECG management vendor that supports modality worklists.

  

Let Epiphany Help Solve Your Workflow Challenges

Topics: interoperability, legacy ECG data, modality worklist, ECG management system, ECG data, interoperable

Frequently Asked Questions: Epiphany’s “Platinum” Support Agreement

Posted by Russ DeRemer on September 27, 2012 at 8:28 AM

Epiphany Customers: Are you taking advantage of our support agreement? If not, here are just a few reasons why you should. Not an Epiphany customer? Read more to find out why Epiphany’s continued success is fueled by our commitment to exceptional customer service.

Does Epiphany offer different levels of support agreements?
No: Whether managing ECG data or many other diagnostic test results with Epiphany’s system, it is a mission critical application with a 24/7/365 support agreement.

How does Epiphany support agreement cost compare to the industry?
Epiphany offers the lowest annual cost in our market.

Customer Support

Are all upgrades included under Epiphany’s support agreement?
Yes: When you maintain our support agreement all upgrades to your licensed software are
included. This applies to patches, versions, model numbers, product name changes etc. You are
responsible for third-party software such as the server operating system.

What if our hospital has a policy of not buying support agreements?
It may make financial sense to not invest in a support agreement for devices, hardware, and
software applications that do not include upgrades under contract.

When you invest in Epiphany’s support agreement, however, you are in fact extending the life of
your application indefinitely. Five years from now, you will have current software and not have
to form a committee, evaluate vendors, purchase, and implement the next-generation application.

If your Epiphany system is not under our support agreement, we offer support during normal
business hours only and require a purchase order to start the support case. Note that our highest
priority support goes to our customers under contract.

What do you charge for upgrades if we don’t maintain an Epiphany support agreement?
Revenue from support agreements helps to fund product research and development. System
upgrades are priced by calculating the support agreement charges for the entire time a system
has been out of contract and subtracting the amount of hourly service charges paid during that
period. We believe that this is fair to all of our customers and is another very good reason to
maintain a support agreement.

What percentage of Epiphany’s customers maintain a support agreement?
Over 97% of Epiphany’s installations are covered under contract.

Does Epiphany provide Online Support?
Yes, Epiphany has an online support portal where customers can create their own support requests. We also provide online training videos on our learning site at learning.epiphanyhealthdata.com

An Epiphany customer anonymously commented about the value of support onKLAS Research www.klasresearch.com.

"Epiphany really keeps us up to date with upgrades, which are included in our contract, and they are always there when I need them."
Director, August 2012
 

Download Our Support Agreement

Topics: Epiphany support, Epiphany's support agreement, managing ECG data, Cardio Server Support, ECG management

Posts by Tag

see all

Follow Us: