Architecture, Implementations, Integrations, and Technical Overview Introduction System Architecture & Infrastructure Implementation Parent Portal Medical Center Strategy Integrations SIS Immunization Registry Provider EMRs Security User authentication & authorization Roles & Permissions User Account Controls Auditing Technology Stack Data Model HIPAA & FERPA Introduction CareDox is a care coordination system for parents and schools. By facilitating an integrated conduit of health information between families, schools, and the healthcare ecosystem CareDox is increasing efficiencies and ensuring student safety. CareDox integrates with Student Information Systems (SIS), Immunization Registries (IIS), and Healthcare Provider Electronic Medical Record (EMR) systems. Ensuring high fidelity medical information flows betweens systems is CareDox s lifeblood. CareDox has been built from the ground up with security and infrastructure robustness in mind, as well as being a mobile optimized modern web application. Dealing with student data, personal health records, and clinical data in a safe and HIPAA & FERPA compliant 1
fashion is one of our top priorities. CareDox enables secure sharing of this information only to authorized personnel, which we believe will bring unilateral portability to the healthcare ecosystem, and therefore is a paramount goal of the company. This document will cover the following areas: System Architecture & Infrastructure Integrations SISs, IISs, and EMRs Security User authentication & authorization Technology Stack Data model Auditing HIPAA & FERPA compliance Any questions or concerns can be directed to our CTO Benjamin Maisano ben@caredox.com System Architecture & Infrastructure 2
3
CareDox s cloud infrastructure and web delivery means there is no hardware to provision for schools or software to install for users. Only select internal employees have access to our production system devices, and their access is audited and reviewed periodically. Our technical team has live system and application level monitoring in place so we know about any issue or build up of a potential issue before end users are impacted. We have real time back with a 30 second delay of all information and nightly snapshot backups of our entire database. We are hosted in AWS so we can scale quickly to meet the demands of large public districts. Our Business Associates Agreements (BAA) with schools provides piece of mind for data security and integrity, including our cloud infrastructure. 4
Implementation CareDox is very mindful of school staff s time and tries to be as responsive as possible. We can typically onboard your district within two weeks of a kickoff call with key stakeholders like Head of Student Services, Head of Health, and Head of Technology. Implementation plans can involve phased rollouts to select schools and staff first. We can load all existing student and medical information into CareDox from SIS and legacy health systems so your staff starts with a primed system, not a blank slate. Onboarding options typically include either a Parent Portal first strategy or a Medical Center first strategy. Parent Portal If your priority is getting parents engaged, ensuring you have the latest medical information, and completing medical registration we recommend the parent first option. We will digitize your paper forms, host other PDF templates, and setup all customizations and configurations. We then load any information you already have in your SIS and your state Immunization Registry so parents can just come in and fill in the blanks. Nurses will be able to review all submitted information 5
6
Medical Center Strategy Selecting nurses to try out the system first means they can start using CareDox to record visits, medications, screenings, and other staff events. Our state of the art Medical Center module is a full service clinical EMR. 7
Checkout our product screenshots for more visuals on the system here. Integrations CareDox can integrate with a variety of systems for student and medical information: SISs Student Information Systems IISs Immunization Registries EMRs Electronic Medical Record provider systems HIX State Health Information exchanges Integrations with these systems are covered under our typical three year contract for professional services at no additional cost. SIS CareDox integrates with SISs for the following pieces of information: Student Demographic and Enrollment information (ex. Student Id, grade, address) Parent information (ex. email address, cell phone) Immunization Information Emergency Contact Information Medical Alerts, Conditions, and Allergies 8
Attendance Staff (ex. emails, roles) CareDox can integrate in different ways: RealTime API integrations Event based (ex when a parent adds an allergy mid year) Schedule based every night or weekend syncup CareDox can integrate in many different methods: REST and SOAP Web Service APIs CSV files transferred via SFTP Single Sign On (SSO) for user info and authentication Custom CareDox supports as part of our standard contract expected professional services time to setup integrations. We will generally support and work with the district on what type of integration they desire and can support. Below is the recommended integration steps: 1. CareDox sets up a secure SFTP site solely for the district to transfer any CSV files. 2. Initial Student enrollment/roster file generated in CSV from district tech team. CareDox will provide the CSV specification to the team immediately. This gets the ball rolling while in parallel a more robust and integrated approach is planned with tech team. 9
3. If SIS has API available CareDox will provide a configuration file (plugin.xml, security token) for the district admin to authorize a one time setup for CareDox integration. CareDox will then perform connectivity and data tests with the SIS. a. API used to sync student/roster changes b. API used to capture medical information one time, afterwards CareDox becomes system of record for medical information c. API used to push medical information to SIS from CareDox 4. If SIS does not support API CareDox can setup monitoring jobs on the SFTP site for file transfers. a. CSV importers setup for student/roster sync b. CSV exporters setup for medical information Medical Information Exports CareDox can push the following medical information to SIS: Allergies Conditions Medications Medical Alerts Immunizations Diet Restrictions Provider / Physician info Insurance Info The details of the file formats CareDox providers for CSV exporters can be found here. Immunization Registry CareDox integrates with many state registries that support HL7 2.5.1+ specification over a REST or SOAP web service. This allows us to automatically pull down immunization data an entire district at once. This includes vaccine groups, vaccine codes, administration dates, administered by provider details, lot numbers, and other exemption details. Provider EMRs CareDox Provider EMR integrations are custom and setup after a district has launched and CareDox analyzes the top providers in the area. Integrations include ACO care coordination systems, hospital systems, and doctor practice EMRs. The primary use cases to streamline include: Doctor signatures for medications Doctor signatures for IHPs, 504s, and IEPs Loading medical information from EMRs 10
Passing information in a HIPAA and FERPA compliant way to authorized EMRs on nurse request. Nurse and Doctor collaborations Parent and Doctor collaborations De identified reporting and analytics data for care coordination population health models. 11
Security - User authentication & authorization CareDox is a care coordination system for parents and schools. This means we have a large number of different types of users, including Parents Nurses Teachers District Admins School staff Cafeteria staff Sports / Athletic team coaches Physicians (partial/future) Users access the system after registering their email address from an invitation. Passwords are one way hashed and stored encrypted in the database. Single Sign On (SSO) options are also available for authentication. Each user is setup in different security roles, and therefore see a varying degree of features, actions, and data based on that roles permission set. 12
Roles & Permissions CareDox users are put into one or more roles, which have a list of permissions: 13
Each Role Permission has a qualifier, one of: Read Only Can only view the information, excluding health data marked private Edit can create, update, delete all information in the given permission category and see/edit private items 14
15
Users are added to the system self service by an admin or auto loaded from SIS: 16
Users can be assigned to certain sessions (Grade, Sports Team), schools, or a combination. User Account Controls CareDox requires every user to login to the system, which issues them a security token in a browser cookie. This token expires after 30 minutes of inactivity. The user will be prompted 1 minute before and then automatically logged out. 17
User accounts will be locked if 10 invalid attempts to login happen within a short time frame. Users can recover forgotten passwords through email. 18
Auditing CareDox tracks all changes to health record data, including: Who which user What which child item of health record When exact time Where via IP Address Before & After comparison list of all changes made to given item 19
Technology Stack CareDox uses modern open source technologies to build our applications. Our team of professionally skilled engineers constantly evaluates new technologies, important upgrades, and broad trends going on in the industry. We have an aggressive patch maintenance schedule for all our systems and software to ensure we are always running with the latest security and bug fixes for any frameworks and libraries we depend on. Supported Browsers CareDox is fully delivered through HTML5 compliant web browsers. We test and support the latest browser versions and latest 1 versions for: Chrome FireFox Safari Internet Explorer Mobile Android & ios 20
21
Data Model This diagram shows at a high level how all our data entities relate to each other. All a student s key medical information is bucketed into a master health record. Each detailed item has a full audit history for every change made. Users (i.e. Parents or Nurses) are given access to health records. Health records are portable entities that a family owns, therefore they are not directly bucketed under schools. A health record s relationship to an organization is established through an enrollment or clinical visit. All configuration and custom forms for the district are linked through an enrollment as well, so other organizations (ie another district or camp) will never see each others notes, forms, or district owned data. 22
HIPAA & FERPA CareDox security and auditing go beyond what is required by HIPAA & FERPA law. Below is a summary of how CareDox is compliant, this does not cover all aspects of the law. CareDox with enter into Business Associate Agreements (BAA) with any 3rd parties and schools that it shares data with or that host HIPAA covered data. HIPAA has three main rules 1. Privacy Rule 2. Security Rule 3. Breach Notification Rule The Privacy Rule is concerned with the protection of Personal Health Information (PHI). This generally means anything that is specific and private to a given patient, including: Name, Address, Date of Birth, SSN Phone numbers & email addresses Device or other ids used to track the person A full face photo of the person Medical profile information like allergies, conditions, medications, etc Claims, provider, or other discharge or medical process documentation. The Security Rule rule is concerned with the below, and how it related to CareDox: Technical Authentication & Access Control User s, passwords, roles, and permissions Audit Controls audit history of changes and logs of actions Integrity Data alterations only by who is authenticated and authorized Transmission Security https encrypted Physical Facility Access Controls office and data centers locked Workstation Use internal employees have password on devices, firewalls Device and Media Controls encrypted hard drives, no sharing USB sticks Administrative Security Management Process process for who has and gives out access Information Access Management production information cannot be shared Security Awareness and Training employee training Security Incident Procedures monitoring & response protocols Business Associate Contracts and Other Arrangements 3rd parties must also be HIPAA compliant and agree to such. FERPA law gives parents rights to their child s data, students rights to review their data, and requires schools to obtain consent when sharing student information. Generally the same technical and privacy concepts apply. 23