Tag: Type 2 SOC 2

Private Cloud EHR with 99.99% (Four Nine) Guarantee

Medicat has partnered with TierPoint to provide the only Private Cloud EHR Hosted Solution for College Health that offers a Four Nine Uptime Guarantee as part of the Service Level Agreement (SLA).

This document will explain why that investment is important to you and why it is critical to the security of your students’ electronic Patient Health Information (ePHI).

Private Cloud is like public cloud in offering scalability and self-service, but it does so through proprietary architecture. Unlike public clouds, which deliver services to many organizations, and share a computing infrastructure across different users, business units, or businesses, a private cloud is a privately provisioned data center at the hosting facility with the following characteristics:

• Built to the specifications of a single organization
• Dedicated to a single organization
• Designed for protection and privacy of client ePHI
• Firewall protecting a limited number of clients
• One database per client; no shared data
• Direct control over client data

Service Level Agreement

A Service Level Agreement (SLA) is a contract between a service provider (EHR Vendor) and the end user (Client) that defines the level of service expected from the service provider.

One of the levels of service is “system uptime,” which is a measure of the time each month the computer system will be available for use. Uptime is measured in percentages, specifically using the “Nine” system. The more nines in the guarantee, the more uptime, and as a result, fewer minutes or hours of potential “downtime.”

• 00% availability = 7+ hours of unplanned downtime/month
• 90% availability = 43.8 minutes of downtime/month
• 99% availability = 4.38 minutes of downtime/month

Medicat has invested in the appropriate private cloud infrastructure to achieve a Four Nine Availability Guarantee. Most EHR companies do not offer a guarantee at all, or provide only a three nine (99.9%) guarantee. Imagine not having access to your patient records for nearly an hour on Monday morning! On the other hand, waiting a little over four minutes to resume use of your system is manageable.

Medicat’s Private Cloud EHR Hosted Solution has not been down in nearly two years.

Uptime Institutes Tier III Certification

The Uptime Institute has created a four-tier ranking system as a benchmark for determining the reliability of a data center. This proprietary rating system is based on the amount of system uptime guaranteed, and starts at a Tier I ranking which is used by companies that can afford to be down many hours each month. The top ranking is Tier IV, and required by government agencies, financial markets, and NASA, which cannot afford to be down at all.

Tier III certified data centers are utilized by larger businesses and are chosen for their uptime and redundancy measures, which include:

• 982% uptime (Tier III Uptime)
• No more than 1.6 hours of downtime per year
• N+1 fault tolerant providing at least 72-hour power outage protection

N+1 Redundancy means that the facility has what is required to operate, plus a backup. The “N” represents what is required for a cloud facility to operate. The backup, or redundancy, can include items like power feeds, diverse network paths, UPS, and diesel generators, and is defined as the duplication of critical components or functions of a system with the intention of increasing reliability of the system.

Four Nine Availability Standards

How did Medicat take a secure TierPoint Private Cloud (99.982% uptime) data center and improve on that in order to offer the Four Nine Availability Standard (99.99% uptime) in our SLA? By investing in two key areas:

• First, the intentional design of our Private Cloud within the TierPoint Research Triangle Park (RTP) facility to a Fault Tolerant, High Availability 2(N+1) standard. There are two fully duplicated and independent Medicat data centers, each with N+1 Fault Tolerant, solid state hardware enabling stateful (real time) internal failover of all SAN and network components.
• Second, the creation of a pre-built Warm Standby Disaster Recovery site at a comparable TierPoint facility in Chicago, Illinois, which creates geographic redundancy.

The Warm Standby Disaster Recovery site continuously receives and archives client data from the RTP site. Should a catastrophic, non-recoverable event disable the TierPoint facility in RTP (e.g., direct hit by a large tornado), Medicat would bring up the Warm Standby site in Chicago, and users could resume their work with only a brief interruption.

This “brief interruption” is measured in Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO measures the time it takes for the system to resume functioning, and RPO measures the amount of time elapsed since the last backup of data.

Medicat’s defined RTO and RPO guarantees:

• A Localized event at the RTP facility that requires failover to the secondary N+1 Data Center:
  • RTO: 3 minutes
  • RPO: 15 seconds
• A Geographic event that requires failover to the Warm Standby Disaster Recover Data Center in Chicago:
  • RTO: 1 hour
  • RPO: 15 minutes

SOC Certifications

Service Organization Control (SOC) reports—created by the American Institute of Certified Public Accountants (AICPA)—are internal control reports on the offerings furnished by a service organization, which provide important information for users to appraise the risks involved with an outsourced service. Performed by an independent third party, these reports are essential for service providers to build trust with clients.

Certifications and Examinations showing compliance with Federal and Industry Standards around security, processes, and procedures are also required to achieve high availability standards. TierPoint is audited annually under HIPAA, PCI DSS, Type 2 SOC 1, Type 2 SOC 2, and SOC 3 standards. Medicat is audited annually under Type 2 SOC 2, and SOC 3 standards, which includes HIPAA.

A company that has successfully completed Type 2 SOC 2 Examination has certified that its system is designed to keep its clients’ sensitive data secure over time. When it comes to the cloud and related IT services, such performance and reliability is essential, and is being required more often by regulators, examiners, and auditors.

Summary

When considering an EHR vendor offering a cloud hosted solution, there are many parts that make the whole, and weighing those against your IT departments’ risk tolerance is critical in choosing an EHR partner. Medicat’s Private Cloud EHR Hosted solution was built knowing we would have to pass the most rigorous security testing by the IT departments of every college and university in the country. Accordingly, Medicat has passed those tests by every college and university that has considered Medicat, numbering well over 200.

Medicat’s investment in the Private Cloud EHR Hosted solution with a Four Nine Guarantee is arguably the most secure hosted solution in college health today. A comparison with any other EHR Hosted Solution will quickly demonstrate the security advantages provided in Medicat’s solution.

The trust that the college health market places in Medicat has been demonstrated in the market choice over the past decade. Medicat has grown from 70 college health clients in 2005 to over 450 college health clients in 2017. Medicat sees the evolution of College Health EHR moving toward a Campus-wide Student Success System meeting the needs of various clinics and departments across campus with dashboard reporting to inform protocols for student retention and success.

To meet this growing demand, Medicat believes it starts with the most secure Private Cloud EHR Hosted Solution available, which supports an extremely robust, intuitive, and easy to use Patient Health Management System. This investment confirms Medicat’s continued commitment to the success of our college health clients as they seek to meet the ever-increasing needs of their students.

Medicat Partners: TierPoint, Cisco, IBM, Microsoft