Epiphany Healthcare Blog

As I write this memorandum, Epiphany Healthcare is the only vendor in our market niche with a cyber-security certification.  We are excited to be able to demonstrate our commitment to our own security and our customer’s security with this certification.

When selecting a security certification body, we evaluated three alternatives for cyber and physical security certifications:

ISO 27001; HITRUST; and SOC 2.  All three are remarkably similar. 

“Each certification has similar controls and requirements, with SOC and ISO being remarkably equal, and HITRUST intensifying the “How” [in how] requirements are met.”  https://apgarandassoc.com/certification-readiness/

Medical device companies, with a Class II or Class III FDA-registered devices, utilize ISO 13485 certification to meet Quality Management System (QMS) requirements.  Having familiarity with the ISO QMS certification process led us to select ISO 27001 for cyber and physical security certification.

 In adopting the ISO 27001 standard, a company must consider risk assessment and treatment options.  Epiphany chose to establish a low-risk tolerance, which was the most demanding standard.  We implemented all recommended controls in ISO 27001, including those for cloud, creating a total of more than 121 controls.  We also chose to apply these controls to all aspects of our business and products, including Epiphany Cloud Services.  The investment in this certification, including man-hours, staff training, and registrar expenses exceeded $300,000.  Over 1,000 pages of documentation were either modified or created to meet the certification requirements.

These controls include establishing clear guidelines for responding to security events and incidents, employee onboarding/off boarding, work-from-home evaluations, mobile device management, office security, penetration testing, secure software development, adding new security technologies to our enterprise, business continuity plans to recover from unplanned events (such as a hurricane, ice storm, loss of power, etc.), ransomware and malware strategies, and even what is required on our visitor sign-in sheets.

All of the clauses, controls, and a summary of the implementation of Epiphany Healthcare’s Information Security Management System (ISMS) framework is available upon request.

Russ DeRemer

CEO

Epiphany Healthcare

Imagine using one software program to manage all the different cardio-pulmonary diagnostic tests in your organization from multiple hospital facilities. Epiphany’s Cardio Server simplifies clinical workflow by working with your current devices, electronic medical records (EMRs), and unique challenges.

Are you thinking about implementing an enterprise-wide healthcare IT solution? Epiphany has helped many enterprise hospital systems consolidate multiple ECG management systems and migrate legacy ECG data into Cardio Server. For example, Hospital Sisters Health System is a multi-institutional health care system comprised of 13 hospitals in 12 communities that chose Epiphany for their Enterprise ECG Management System. Indeed, many IDNs use Cardio Server as their workflow solution.

Maximize Your ECG Management System

Cardio Server is scalable and flexible. It can manage multi-modality, multi-vendor integrations within your enterprise. It has comprehensive HL7 messaging. Cardio Server supports multiple EMRs from different sites integrated through one single solution.  Epiphany communicates with all major EMRs, including:

Easily Migrate To Cardio Server

For hospitals with an existing ECG management system, Epiphany can migrate your legacy data into Cardio Server.  Epiphany extracts ECGs from the source management system, processes the data, and then loads the processed ECGs into Cardio Server. After migration, you have full functionality on legacy data including serial comparison and calipers.

Beyond migration of legacy data, Cardio Server supports multiple time zones for enterprises that extend beyond a single region. It has flexible patient identification criteria for multi-sites lacking enterprise-wide, unique patient IDs. It can also be configured to link orders for inpatient procedures. Cardio Server can reside on your infrastructure and is compatible with your backup and virus protection plans. It is also completely nonproprietary when working with diagnostic devices.

Epiphany makes it easy to start using Cardio Server. When you pair that with Epiphany’s commitment to exceptional customer service, Cardio Server is an ideal enterprise solution for IDNs. Epiphany believes that interoperability in healthcare leads to better patient care.

Epiphany has been heavily vested in cloud computing for many years. Research and development, customer support, HR, payroll, employee benefits, document control, and our Quality System all reside in the cloud. Most businesses, outside of medicine, routinely maintain the majority of their infrastructure in the Cloud.

From Help Net Security, 07.16.2018: “86% of enterprises have adopted a multi-cloud strategy.”

Epiphany is confident that the time has come to take advantage of the cloud to manage your ECG and other clinical data.

Recent articles discussing hospitals moving to the cloud include:

• Cloud Decision Center, 07.26.2018: Exploring the Strategic Benefits of Moving to the Cloud

• HIMSS Learning Center, 08.14.2018: Leveraging Cloud to Revolutionize Health IT…

• HIMSS Learning Center, 06.21.2018: HIPAA Cloud Services: Run Healthcare Workloads in the Oracle Cloud

• Cloud Decision Center, 06.14.2018: EHRs in the Cloud: why smaller healthcare providers are making the leap

• HIMSS Learning Center, 04.28.2018: Enabling Innovation in Healthcare Through Technology…

• Cloud Decision Center, 04.10.2018: Healthcare specialties find efficiencies and more in the Cloud

The cloud allows us to think about a new way to solve version-control issues. Instead of waiting for major upgrades, we will frequently patch systems with smaller security and feature updates. With the hospital’s agreement, Epiphany will commit to maintaining all of our interfaces and exports without modifications. Each patch will include documentation on the improvements. This commitment will allow hospitals to keep their system current without expensive upgrade projects.

Take advantage of the following financial benefits by moving to Epiphany Cloud Services:

• Operating budget vs. capital budget

• Reduced implementation and start-up costs

• Lower five-year lifecycle costs

Reduce your IT footprint and its responsibilities by moving the following to the cloud:

• Single-tenancy servers and data storage

• High-availability virtual environment to minimize down time

• Epiphany production and test environments

• Secure business-to-business encrypted virtual private network (VPN)

• Cyber security, malware, and virus protection

• Third-party operating systems, patches, and upgrades

• Backup and disaster recovery

Additional significant value-added capabilities from Epiphany Cloud Services:

• Cardio Server Mobile included

• Proactive system monitoring to catch failures before they happen

• Frequent Epiphany software and security updates and patches

• Annual backup and disaster recovery technology testing

• Annual software version penetration testing

MIDLOTHIAN, VA, January 4, 2019 – With the mission to simplify the collection and management of diagnostic test results, Epiphany Healthcare is excited to announce its new mobile platform, Cardio Server Mobile.   This new responsive web technology enables providers to access and edit ECG data from anywhere with iOS devices.

Cardio Server Mobile is designed for and supports iOS smart devices, which makes it responsive and easy to use. Information is secure with no patient data remaining on the device after the Web session is ended.  

Steve Fetrow, VP of Engineering at Epiphany had this to say about Cardio Server Mobile, "Security and potential HIPAA violations were a key driver for the development of Cardio Server mobile.   Customers described how the medical staff used their smartphones creatively to handle emergent cardiac issues. They would photograph 12-lead ECGs and insecurely message the image to physicians for an emergency overread.  Cardio Server Mobile can reduce the risk of HIPAA violations by securely displaying the diagnostic quality ECG and provide access to previous ECGs on any authorized user's iPhone or iPad."

About Cardio Server:

Epiphany’s Cardio Server is a cost-effective, web-based management system that receives, manages, and exports diagnostic test results to the EHR. Cardio Server is vendor-neutral and communicates with over 260 devices from over 80 vendors. Cardio Server provides easier integration since it accepts data from 23 different modality types such as PFT, stress, Holter, patient monitors, and more.

About Epiphany Healthcare:

With over 900 hospital customers worldwide, Epiphany Healthcare is committed to serving its customers’ needs through product innovation, the delivery of exceptional service, and an unwavering dedication to improving clinical workflow. Discover why Epiphany is the preferred provider when managing multi-vendor, multi-modality diagnostic test data. For more information, please visit http://www.epiphanyhealthdata.com, follow Epiphany on Facebook (https://www.facebook.com/EpiphanyHealthcare/) Twitter (@epiphhealth), or Linkedin (http://www.linkedin.com/company/epiphany-healthcare).

Competitive ECG Management System Replacements

Epiphany added 117 new customers in 2014, establishing Epiphany as the leader in new-system sales in the hospital ECG Management market. Just in 2014, Epiphany migrated 72 GE MUSE customers, 14 Philips TraceMaster customers, and 11 Mortara Pyramis customers over to Cardio Server. 

Have a Look at Epiphany: 

Many hospitals upgrade legacy ECG Management systems without looking at alternatives. What have our new customers learned that would cause them to select Epiphany?

• Epiphany has advantages managing clinical data from many different vendors and modalities
• Lifecycle costs are lower with less expensive support agreements that include software upgrades
• Epiphany can digitally migrate your legacy ECG data into Cardio Server
• KLAS has ranked Epiphany as “Category Leader” for 6 years in a row
• Epiphany has expertise managing clinical data and complex workflows in enterprise systems with multiple hospitals (IDNs). These accounts often have a mix of differing vendors’ ECG Management systems, cardiographs, and other devices.

Sign up for a free demonstration or request a complimentary workflow analysis for more information.