Epiphany Healthcare Blog

Customer background

Headquartered in Midlothian, Virginia, Epiphany Healthcare delivers an ECG management system, Cardio Server, which simplifies clinical workflow and enables healthcare providers to securely access ECG data and other diagnostic test results from anywhere. Supporting over 950 hospitals and healthcare providers worldwide, Epiphany is committed to serving customers’ needs through product innovation and exceptional service.

The business challenges

As a leading provider of healthcare technology solutions, Epiphany handles significant amounts of HIPAA regulated information. The company recently sought to implement solutions that would enhance the security when transferring sensitive, regulated healthcare data, including ECG studies containing PHI, between Epiphany and healthcare providers, partners, and internal users, specifically:

1. Secure, encrypted email communications when discussing regulated or sensitive patient information.
2. Secure, streamlined process for healthcare providers to upload patient ECG information to its servers.

“We needed something universal that encrypts emails, that everyone could be a part of, and that didn’t require us to change our email system. We were also looking for a new FTP site. Finding a system that delivered both made me look like an all-star.” said Chad McQuarrie, System Administrator at Epiphany Healthcare.

“Thanks to Egress everything is secure and compliant." Chad McQuarrie, System Administrator, Epiphany Healthcare

The solution: The Egress Platform

Following a review of various products, Epiphany selected the Egress data security platform, specifically Egress Email and File Protection and Egress Secure Web Form.

• Egress Email and File Protection offers easy-to-use, flexible encryption that provides the highest levels of security. In addition to encrypting message contents and attachments, it enables total control over shared information in real time, with the ability to revoke access, audit user actions and add message restrictions to prevent mishandling of sensitive data.

• Egress Secure Web Form delivers fully customizable web-based forms that enable third parties to easily upload files and submit them to the organization in an encrypted format. McQuarrie was particularly relieved to find a solution to both challenges from a single vendor as it made management a lot easier.

Easy set up and support

The seamless integration with Epiphany’s existing G-Suite and Microsoft Office platforms was a significant benefit for McQuarrie and his team. It meant that no changes were needed to existing work processes, no end-user training was required, and no additional infrastructure purchases were necessary.

“It was one of the smoothest deployments I have ever experienced, and the Egress Support team is one of the best I have ever seen. They worked collaboratively with me and were very hands on!”commented McQuarrie.

Secure sensitive email communications

Used across the company to secure communications between Epiphany and healthcare providers, partners, and internal users, Email and File Protection automatically encrypts emails containing HIPAA, PHI and other sensitive or regulated information.

McQuarrie and Epiphany users particularly like the solution’s seamless and simple integration with G-Suite and Microsoft Office, including the ability to encrypt and decrypt content, directly from within an email, with one click. They also like the ability to log, track, and report when an encrypted email is opened.

“This is a big plus for us. I have logs on everything and it enables us to definitively prove compliance – which is a big bonus when undergoing a HIPAA audit,” commented McQuarrie. “It’s not just about proving what happened, it’s also about proving what didn’t happen. We can show that we’re really locked down and can prove that a breach did not happen.”

Secure portal for uploading sensitive data

In addition to Email and File Protection, Epiphany uses Egress’ Secure Web Form to create a web-based portal through which users can easily and securely submit ECG studies and other sensitive patient scans and files – all in compliance with HIPAA requirements. The ability to customize the forms, determine pre-approved file types and data workflows was very valuable to Epiphany. “Secure Web Form is extremely easy for our customers to use and it encrypts the data being uploaded – which is huge for us,” added McQuarrie.

Prior to using Egress, customers frequently asked how they should send ECG study data to Epiphany. “Thanks to Egress we now have established Standard Operating Procedures. Our processes are clear, we have a specific protocol, everything is secure and compliant, and there is no way to bypass the system. This is something we promote to our customers. Egress gives us and our customers confidence in our security and we all feel better about it,” commented McQuarrie.

HIPAA auditing and compliance

Epiphany recently underwent its annual HIPPA audit. As part of the audit, McQuarrie was asked to confirm the processes used to secure sensitive data. “I simply said, ‘we use Egress’ and I attached Egress’ documentation and outlined how we use the products, and that was it! That answered all the auditor’s questions. Egress helped us ace our audit,” commented McQuarrie. “Egress gets an A+ from me!”

Does your hospital have any of these problems: delayed billing resulting in lost revenue, workflow noncompliance, understaffing/overstaffing, and/or training issues?

What if you could use clinical data from Epiphany Healthcare’s Cardio Server to help you improve your workflow and save money by identifying clinical inefficiencies for remediation?  Wouldn’t you want to?

By helping you pinpoint problem areas in your hospital’s operations, Epiphany Healthcare enables you to forecast staffing needs, evaluate performance metrics for staff, clinics and organizations, and schedule reports with automatic delivery.  How can we do all of that?

Leverage Data to Drive Quality Improvements.
Request More Information.

Introducing Epiphany Analytica™!

Your Reporting Source for Improved Workflow

• Capture the right metrics across your organization. Epiphany Analytica™ identifies costly trends and opportunities for improvement.
• Identify the cause of lost ECG revenue. Epiphany Analytica™ delivers the data needed to inspire change.
• Leverage easy-to-read graphs to provide insight to those who own the process. Precisely measure and display data-driven reports.
• Utilize data to encourage quality improvements. Equip your organization with the right tools at the right time.

Analytica™ allows hospitals to examine historical data to identify trends and get a sense of how departments and staff are performing.  With Analytica™, hospitals evaluate staffing needs, workload distribution, and potential training needs by comparing metrics week-to-week, month-to-month, or year-to-year.  The automated reporting schedule is customizable based on the hospital’s needs.  Automated report delivery eliminates delays and the risk of human error.  Analytica™ graphs measure progress toward meeting goals and performance targets.

Leverage data to drive quality improvements.  If you can’t measure the process, you can’t improve the process. Analytica™’s operational monitoring provides a snapshot of the health of your workflow.

Determine at a glance the efficiency of reading physicians and sites.  The unconfirmed-to-confirm time report from Analytica™ presents data on how long an ECG waits in the unconfirmed status to be read by the physician.  In some states insurance companies will deny the claim if it is not processed within a specific time frame?  This report allows evaluation of the readers’ efficiency in confirming a study, which is tied to how quickly the bill can go out. Delayed readings cause revenue loss due to late billing.  With this report see:

• Average time studies spend in the unconfirmed status
• Average time in unconfirmed by site
• Confirmations by site
• Average time by provider to confirm studies
• Number of studies confirmed by provider

Evaluate Technicians that Perform ECGs before Receiving Order Studies Missing Orders

Hold your staff accountable by finding trends and quickly identifying the day of the week and the time of day when there is an increase in studies without orders.  This report will shed light on the following:

• Number of studies missing orders by weekday and time of day
• Number of studies missing orders by each technician
• Number of studies missing orders by site
• The technician who performed each study

Evaluate the Effectiveness of Training and Tech Performance Create to Promote Time

Find out the average time from creation-to-promote by each technician with this report.  Determine the sites and technicians who are following protocol.  This report provides data on the time required for ECGs to reconcile to an order and be made available to the reading physician and the following:

• Shows percentage of studies that auto reconcile in 10 seconds or less
• How long it takes to get the study to the provider’s box to be read
• Shows percentage of studies that have delayed reconciliation and the average delay
• Average time each site took to promote a study to the unconfirmed status where the provider can read it

Capture the right metrics across your hospital and use them to make your clinical workflow as efficient as possible. Equip your organization with the right tools at the right time to communicate the full picture.  Identify the cause of lost ECG revenue by using clear graphical data. Analytica™ can identify costly trends in the clinical environment. Let it help you.

The U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) defined national standards to ensure the privacy of patients’ medical records and personal health information.

Healthcare Data Security

In August 2017, the HIPAA Journal cited measurable breaches in data security for the healthcare industry. Some of the findings revealed:

[B]etween January and June 2017, there have been 233 reported data breaches. Those breaches. . . impacted 3,159,236 patients. The largest reported breach in the first half of the year resulted in the theft of 697,800 records and was caused by a rogue insider, 1 of 96 incidents involving insiders. Out of those 96 incidents, 57 were due to insider error (423,000 records) and 36 incidents due to insider wrongdoing (743,665 records).

This disturbing data implies outside/hacker breaches are less of a threat than non-compliant behavior by your own employees.

Minimizing Risk: Healthcare Security Data Breaches

It is up to your organization’s IT staff to minimize security risks involving equipment that utilizes the latest technology, which includes mobile and off-site access to patient data (such as cardiology and pulmonary diagnostic test results). Epiphany’s engineering team has tested our application and put processes in place to prevent healthcare security data breaches.

What You Can Do

• Apply data encryption to active and inactive data.
• Control and monitor all log-ins; train users to log-off when not using applications.
• Epiphany’s Cardio Server has a customizable, automatic log-off feature to protect PHI.
• Educate employees and make them active participants in your program to reduce security breaches.
• Regular training and awareness regarding security are good, constant reminders to keep guards up and maintain skepticism towards phishing scams (emails or phone calls requesting suspicious information).
• Deploy applications that provide comprehensive HIPAA logs.
• Put firewalls in place to control employees’ access to at-risk websites.
• Use secure application program interface (API) technology with authentication and encryption; all points of entry into the system should be tested and documented.
• Offer secure, remote access to information for physicians.
• Enable secure, single sign-on using Active Directory.

Epiphany and its products align with best practices for today’s security standards. Read our Information Technology FAQs to learn more about ways we can work together to minimize healthcare security breaches.