blogheader-bg.jpg

Epiphany Healthcare Blog

Russ DeRemer

Recent Posts

Supporting Our Customers During COVID-19

Posted by Russ DeRemer on March 31, 2020 at 1:02 PM

While you are fighting to save lives, we are offering to help.

From the desk of the President:

field-hospital

During this health emergency, Epiphany will be helping customers expand their Epiphany Cardio Server ECG Management System to support the new, temporary sites created to battle COVID-19.

If you need to stand up temporary facilities, Epiphany is committed to adding those to your Cardio Server immediately and at no charge. If you are operating on an End of Life version, we are waiving our standard End of Sales/Support restrictions.

Simply call Epiphany Customer Support at
(844) 754.9038 or email your request to support@epiphanyhd.com and we will sign in remotely and get this done for you.


All of us at Epiphany wish you the best,

Russ DeRemer
RussRuss_sig
President  |  Epiphany Healthcare

Topics: healthcare IT, managing diagnostic test results, Cardio Server workflow, Emergency department workflow, Epiphany announcement, Covid-19

Epiphany Healthcare’s COVID-19 Novel Coronavirus Response Plan

Posted by Russ DeRemer on March 18, 2020 at 10:45 AM

From the Desk of the President:

The majority of Epiphany Healthcare’s staff already works remotely. As of today, all employees will be working from home. Business travel is suspended during this outbreak. Many hospitals have notified us that vendors should not be entering their facilities.

covid-19

Project implementation and customer support have always been provided remotely. Our clinical training staff will provide web-based training for our customers. We have extensive experience doing remote training. On-site retraining will be available, if requested, when travel normalizes. 

The sales team does the majority of their work remotely including web demonstrations and proposal reviews. Sales team members will not be scheduling on-site meetings. They can provide video conferencing when requested.

We will be social distancing, washing our hands frequently, using hand sanitizer, and working hard to keep our families safe. We live on conference calls and email. We will continue to communicate diligently and often. These travel restrictions will have a minimal impact on our organization; we will do our best to continue to support our customers and those interested in our products. All of us at Epiphany wish you the best during this difficult period.

 

Russ DeRemer
RussRuss_sig
President  |  Epiphany Healthcare

 

Topics: Cardio Server, Epiphany customers, Healthcare industry, Epiphany announcement, Covid-19

Epiphany Healthcare has Received ISO/IEC 27001:2013 Cyber and Physical Security Certification

Posted by Russ DeRemer on February 10, 2020 at 11:39 AM

Cyber Security on the Mechanism of Metal Gears.

As I write this memorandum, Epiphany Healthcare is the only vendor in our market niche with a cyber-security certification.  We are excited to be able to demonstrate our commitment to our own security and our customer’s security with this certification.

When selecting a security certification body, we evaluated three alternatives for cyber and physical security certifications:

ISO 27001; HITRUST; and SOC 2.  All three are remarkably similar. 

“Each certification has similar controls and requirements, with SOC and ISO being remarkably equal, and HITRUST intensifying the “How” [in how] requirements are met.”  https://apgarandassoc.com/certification-readiness/

Medical device companies, with a Class II or Class III FDA-registered devices, utilize ISO 13485 certification to meet Quality Management System (QMS) requirements.  Having familiarity with the ISO QMS certification process led us to select ISO 27001 for cyber and physical security certification.

ISO In adopting the ISO 27001 standard, a company must consider risk assessment and treatment options.  Epiphany chose to establish a low-risk tolerance, which was the most demanding standard.  We implemented all recommended controls in ISO 27001, including those for cloud, creating a total of more than 121 controls.  We also chose to apply these controls to all aspects of our business and products, including Epiphany Cloud Services.  The investment in this certification, including man-hours, staff training, and registrar expenses exceeded $300,000.  Over 1,000 pages of documentation were either modified or created to meet the certification requirements.

These controls include establishing clear guidelines for responding to security events and incidents, employee onboarding/off boarding, work-from-home evaluations, mobile device management, office security, penetration testing, secure software development, adding new security technologies to our enterprise, business continuity plans to recover from unplanned events (such as a hurricane, ice storm, loss of power, etc.), ransomware and malware strategies, and even what is required on our visitor sign-in sheets.

All of the clauses, controls, and a summary of the implementation of Epiphany Healthcare’s Information Security Management System (ISMS) framework is available upon request.

 

Russ DeRemer

CEO

Epiphany Healthcare

Topics: ECG management system, information technology, cybersecurity

ECG Management Systems Running on End of Life Operating Systems

Posted by Russ DeRemer on March 11, 2019 at 1:10 PM

From the desk of the President:

Most hospitals consider ECG management systems to be mission critical. If your system is running on a Microsoft Server 2008 operating system, that operating system will be at the end of life (EOL) on 14 January 2020. What happens when a Microsoft operating system goes end of life?

  • Microsoft will not provide patches or updates
  • There will be no technical assistance available
  • Newly identified vulnerabilities will not be addressed
  • Microsoft will not offer any types of support for EOL systems

Possibly worse than the problems outlined above, after an operating system goes EOL, those systems are often targeted and exploited by cyberattacks. Anyone facing this EOL should begin planning the upgrade of their ECG management system.

iStock-914785080

A few warnings from the internet regarding EOL software:

Staying on EOL Software Renders Your System Vulnerable, “Hackers exist to prey on vulnerabilities, and end of life software provides them with ample opportunities.”  Read more >

Can I still use my current system?

Yes, you will be able to continue using your computer with Windows 7 or Server 2008, but they will have a major security vulnerability and may not meet required standards for governing entities like HIPAA, FINRA, etc.  
Read more >

Depending on the circumstances, one recommendation is to move the on-premise Microsoft SQL 2008 and Microsoft Windows Server 2008 workloads into the Microsoft Azure cloud.  Read more >

Note: Epiphany Cloud Services offers ECG Management in the Microsoft Azure cloud. 

I write this message to strongly encourage you to begin planning an upgrade as soon as possible. Please share this communication with people in your organization who can accelerate a system upgrade. 
More Information on Epiphany Cloud Services

Russ DeRemer
President & CEO, Epiphany Healthcare

Topics: managing diagnostic test results, Epiphany Cloud Services, Microsoft end of life

Same Great System Now Conveniently in the Cloud!

Posted by Russ DeRemer on January 23, 2019 at 4:38 PM

Epiphany has been heavily vested in cloud computing for many years. Research and development, customer support, HR, payroll, employee benefits, document control, and our Quality System all reside in the cloud. Most businesses, outside of medicine, routinely maintain the majority of their infrastructure in the Cloud.

From Help Net Security, 07.16.2018: “86% of enterprises have adopted a multi-cloud strategy.”

Epiphany is confident that the time has come to take advantage of the cloud to manage your ECG and other clinical data.

Cloud

Recent articles discussing hospitals moving to the cloud include:

Cloud Decision Center, 07.26.2018: Exploring the Strategic Benefits of Moving to the Cloud

HIMSS Learning Center, 08.14.2018: Leveraging Cloud to Revolutionize Health IT…

HIMSS Learning Center, 06.21.2018: HIPAA Cloud Services: Run Healthcare Workloads in the Oracle Cloud

Cloud Decision Center, 06.14.2018: EHRs in the Cloud: why smaller healthcare providers are making the leap

HIMSS Learning Center, 04.28.2018: Enabling Innovation in Healthcare Through Technology…

Cloud Decision Center, 04.10.2018: Healthcare specialties find efficiencies and more in the Cloud


The cloud allows us to think about a new way to solve version-control issues. Instead of waiting for major upgrades, we will frequently patch systems with smaller security and feature updates. With the hospital’s agreement, Epiphany will commit to maintaining all of our interfaces and exports without modifications. Each patch will include documentation on the improvements. This commitment will allow hospitals to keep their system current without expensive upgrade projects.


Take advantage of the following financial benefits by moving to Epiphany Cloud Services:

• Operating budget vs. capital budget

• Reduced implementation and start-up costs

• Lower five-year lifecycle costs


Reduce your IT footprint and its responsibilities by moving the following to the cloud:

• Single-tenancy servers and data storage

• High-availability virtual environment to minimize down time

• Epiphany production and test environments

• Secure business-to-business encrypted virtual private network (VPN)

• Cyber security, malware, and virus protection

• Third-party operating systems, patches, and upgrades

• Backup and disaster recovery


Additional significant value-added capabilities from Epiphany Cloud Services:

Cardio Server Mobile included

• Proactive system monitoring to catch failures before they happen

• Frequent Epiphany software and security updates and patches

• Annual backup and disaster recovery technology testing

• Annual software version penetration testing

Contact Epiphany at (804) 744-8931 to learn more about   Epiphany Cloud Services.

 

Topics: ECG management, ECG management system, EKG management, managing diagnostic test results, Epiphany Cloud Services

Security, Threats, and Bad Actors in Healthcare

Posted by Russ DeRemer on May 22, 2018 at 10:42 AM

From the desk of the President: Focus on cybersecurity 

The number of bad actors, the seriousness of damage, and the frequency of threats continues to increase in healthcare cybersecurity.  Healthcare and medical devices are under attack.  Managers must consider cybersecurity when maintaining and upgrading their medical devices.

Cyber Security

Healthcare Ransomware, Data Breaches, Represent Top Industry Threats (from the 2017 HIMSS Cybersecurity Survey) by Elizabeth Snell, Thinkstock

75% of the 239 healthcare respondents said that their organization experienced a significant security incident in the past 12 months.  Nearly all of those entities (96%) were able to identify the threat actor.

37% of healthcare respondents that experienced a security incident in the past 12 months said it was due to an online scam.  20% of those surveyed attributed the attack to a negligent insider, with another 20% said a hacker caused the issue.

55% of those surveyed said their organization has a dedicated or defined amount of the budget for cybersecurity needs.

The 2017 HIMSS Cybersecurity Survey Final Report found:

•  Patient Safety is the #1 Concern
•  Data Breach is the #2 Concern
•  Spread of Malware is the #3 Concern

Epiphany Healthcare customers have often, in the past, waited to upgrade their systems until their operating system or browsers reached end of life.  This strategy may have been OK six or seven years’ ago.  It is not today.

Today, our software has evolved with a tremendous focus on the escalating cybersecurity threats and is much more secure than the software deployed six or seven years’ ago when the constant threat did not exist.

We contract with consultants to identify system vulnerabilities.  Those vulnerabilities that can be patched are released for the current version.  Vulnerabilities that cannot be patched are addressed in the next release.  This is an ongoing process to keep up with the evolving security threats.

In summary, current versions of Epiphany’s Cardio Server are far more secure than versions from six years’ ago.  Epiphany strongly recommends that every time you add a new module or feature, include a software upgrade in your purchase.  The software is included in your annual support agreement, you only pay for project management and technical engineering to implement the upgrade.  It is the prudent course to take in today’s world.

Take a Look: Start Planning Your Upgrade

Topics: Cardio Server security, security, upgrade, cybersecurity

Common Practices and Security Risks

Posted by Russ DeRemer on July 14, 2017 at 10:01 AM

The following is a discussion of three common system configurations and the corresponding security risks.  Epiphany’s best-practice recommendations are included.

Web API 

coding.jpgThe optional Epiphany Web API (application programming interface) supports the ability of another program or application to request information from Cardio Server that is then displayed in a browser window.  

A common use case is to display a link within the patient's EMR record or cardiology PACS application to access diagnostic test results (from ECG, stress, Holter, PFT, etc.).  The user can simply click a link within the EMR or PACS application and the results will appear in a new window.   

When a user clicks on the link, the requesting application (EMR/PACS) creates a request with specific parameters that identify the information needed (i.e., MRN, type of study, date and time of service).  That request, or Web API call, is sent to Cardio Server.  Cardio Server processes the request and provides diagnostic test results in a new browser window.  The request to Cardio Server must follow certain syntax and content as defined by the Cardio Server Web API specifications.

The unencrypted Web API has been made available as an option for use in Cardio Server as a concession to legacy systems and third-party systems that cannot support a properly encrypted API. It is inherently unsecure as it allows any user with access to the system to authenticate with only a known good username.  It is not recommended by Epiphany Healthcare, but will be enabled if requested by the customer.  Exploitation risk: Entity’s staff who have been granted privileges to Cardio Server and have an affirmative duty to safeguard protected health information can access patient records inappropriately.

HL7 PDF link

Many Epiphany customers use Cardio Server as the official image archive for cardiology and pulmonary diagnostic test results.  In order to support customer requests for easy retrieval, some customers prefer to include a static URL link to Cardio Server in HL7 Results messages.  The link displays a specific diagnostic test result.   

The use of a PDF link in HL7 Result messages has been made available as an option for use in Cardio Server as a concession to legacy systems and third-party systems that cannot support a properly encrypted Web API.  It is inherently unsecure as it allows any user with access to the system to possibly access PDF files, given certain information.  It is not recommended by Epiphany Healthcare but will be enabled if requested by the customer.  Exploitation risk: Entity’s staff who have been granted privileges to Cardio Server and have an affirmative duty to safeguard protected health information can access patient records inappropriately.

Server Access Outside of Secure Network

Cardio Server can be configured to permit internet-facing login and access.   

Making the server available outside the hospital network, without additional security access controls (e.g., VPN or portal), is STRONGLY DISCOURAGED as the entity’s security exposure/risk is greatly enhanced.  Exploitation risk: Substantial risk of third–party, malicious penetration.   

In addition, the use of Active Directory password integration is recommended for Cardio Server installations.

Contact an Epiphany representative if you have any questions or would like to discuss this matter.

10 Requirements for a Multi-Modality ECG Management System

Posted by Russ DeRemer on March 23, 2016 at 3:30 PM

As you seek to achieve interoperability, the many diagnostic test results performed in a Cardiology or Cardiopulmonary Department need to find their way into the hospital’s EHR. Simply importing a PDF test result to an ECG Management System fails to take advantage of the many benefits available when managing 12-lead ECG data and other diagnostic test results. If you are looking for a multi-modality ECG management system, please consider these factors:

  1. modality_circle_toEHR.pngSupport 12-lead ECG data from cardiographs, defibrillators, and bedside patient monitoring coming from multiple vendors.
  2. Manage the following modalities: Holter, stress test, PFT, event monitoring, patient-monitoring, pacemaker follow-up, ICD management, cardiac rehab, sleep studies, ambulatory blood pressure, EEG, and more
  3. With network access, allow physicians to view, edit, confirm, and digitally sign all diagnostic tests results using a standard web browser.
  4. Management and research reporting available for all modalities. 
  5. Accept diagnostic test results from any vendor that shares its data and formats.  
  6. Receive waveforms and additional digital data such as XML or HL7 exports from devices to support editable reports and structured reporting, i.e., support interoperability. 
  7. Connect to the EHR with HL7 interfaces including ADT, Orders, Results, and Billing messaging.
  8. Provide enhanced bi-directional communication including modality worklists via DICOM, XML, and other worklist formats.
  9. Workflow requirements, including email notification, faxing, network printing, and generating billing messages are supported for all modalities. 
  10. Single-click access from CVIS system to ECG Management System using Web API.

Upgrading or implementing a new ECG Management System in your hospital is a significant investment of dollars and time. Maximize the return from this effort: Manage many types of diagnostic test results, share one set of HL7 interfaces across multiple modalities, and move towards meaningful use.

Watch Our 3 Minute Overview Video

Topics: stress, 12-lead ecg data, holter, managing ECG data, ECG management, diagnostic test results, multi-modality

Physicians Are Saying "I Want It All"

Posted by Russ DeRemer on July 28, 2015 at 11:01 AM

Over recent years, physicians have been urged, pushed, prodded, and required to move into the digital world of managing clinical reports. They have been forced to adopt EHRs, CPOE, PACS, and on-line reading with digital signatures. In a typical hospital, a reading cardiologist or internist may have to read 12-lead ECGs in an ECG management system, but they also need to read stress test reports, Holter studies, and cardiac rehab files that are often on paper. These physicians also need to go to pacemaker follow-up applications to review pacemaker and ICD reports. Long-term event monitoring is often provided by a third-party service provider with web-based reporting that the physician has to access. 12-lead ECGs performed in an ambulance are generally available in yet another application. (For more on multi-modality data management, please read our managing diagnostic test results article.)

CS_on_devices_trending

In recent months, while demonstrating our system to cardiology departments and physicians, I have heard a number of physicians say, “I want it all,” meaning that they want all of these modalities in one system, with only one application to go to, and a single sign-on simplifying password management. And, they want it connected to the cardiology PACS.

It is possible to “have it all.” Epiphany can manage 12-lead ECGs from cardiographs and ambulances, stress tests, Holter, cardiac rehab, pacemakers, ICDs, event monitoring, and more in one application interfaced to your PACS and EHR. (In addition, Epiphany supports the requirement for interoperability of the data in these clinical reports. Learn more about this topic in our interoperability statement.)

Simplify workflow, improve access, enhance security, and speed up reading turn-around time. Talk with us about letting your physicians “have it all.”

 

Let Us Improve Your Organization's Interoperability!

Topics: physician satisfaction,

Epiphany Healthcare Added 117 New Hospital Customers in 2014!

Posted by Russ DeRemer on March 10, 2015 at 4:02 PM

Competitive ECG Management System Replacements

competitive_replacements

Epiphany added 117 new customers in 2014, establishing Epiphany as the leader in new-system sales in the hospital ECG Management market. Just in 2014, Epiphany migrated 72 GE MUSE customers, 14 Philips TraceMaster customers, and 11 Mortara Pyramis customers over to Cardio Server. 

Have a Look at Epiphany: 

Many hospitals upgrade legacy ECG Management systems without looking at alternatives. What have our new customers learned that would cause them to select Epiphany?

  • Epiphany has advantages managing clinical data from many different vendors and modalities
  • Lifecycle costs are lower with less expensive support agreements that include software upgrades
  • Epiphany can digitally migrate your legacy ECG data into Cardio Server
  • KLAS has ranked Epiphany as “Category Leader” for 6 years in a row
  • Epiphany has expertise managing clinical data and complex workflows in enterprise systems with multiple hospitals (IDNs). These accounts often have a mix of differing vendors’ ECG Management systems, cardiographs, and other devices.
Sign up for a free demonstration or request a complimentary workflow analysis for more information.Let Epiphany Help Solve Your Workflow Challenges

Topics: Cardio Server, Epiphany Healthcare, ECG management, ECG management system, Philips TraceMaster, Mortara Pyramis, GE Muse

Subscribe to Our Blog

Recent Posts

Follow Us: