Galen Healthcare Solutions: Allscripts Consultants Enterprise EHR

This month’s New England HIMSS event filled our usual meeting place, Papa Razzi in Wellesley, MA to near capacity.  While the events typically start off with networking and socializing, it was difficult to walk around the room because of the crowd on hand.  The draw? Mac McMillan, the National Chair of HIMSS Privacy and Security Task Force and Chuck Podesta, the CIO of Fletcher Allen Healthcare were here to talk about a real life security incident that threatened the integrity of the organization’s data, and how they responded.

First, some statistics:  Fletcher Allen Healthcare is Vermont’s academic and university medical center located in Burlington, VT (also home to offices of Galen Healthcare Solutions as well as Allscripts). There are 562 beds and in 2010 there were 50,419 outpatient admissions, and 60,356 ED visits (FletcherAllen.Org).  Podesta currently runs a staff of about 150 people that support 10,000 end users on 6,000 work stations.

In the evening of March 29^th, end users of Fletcher Allens’ system were infected with a virus.  Six users, who were physicians, clicked links in emails purported to be delivery tracking updates.  Instantly the system was infected with a variant of the virus known as ‘PinkSlipBot’, for which there was no virus definition available.

Podesta’s team reacted immediately and was able to ‘secure the perimeter’, including blocking outbound traffic, and isolating the effected networks.  Luckily, only a handful of packets had escaped the network and they were actually analyzed and found to have not contained any protected health information, or PHI.  The virus was very aggressive.  It was programed to obtain local admin rights, shut down the virus scanner that was installed (McAfee), install a rootkit which hid itself from detection, and lastly, install a keystroke logger. Podesta and his team were able to learn off of this after analysis of the temp files left behind by the virus. Before it was brought entirely under control and mitigated, the virus had infected over one thousand hosts!

“The whole org is much more focused on [security] as a result of the virus”, Podesta told the NEHIMSS audience.   At the time of the incident, the team at Fletcher Allen consisted of less than ten people.  In the 48+ non-stop hours spent protecting and cleaning up their networks, the initiative grew to include about sixty people, which spent ninety minutes on each infected host, and ultimately cost the organization “in the 6 figures”.

At the conclusion of the presentation the speakers asked the audience (by a show of hands…) if security is a regulatory issue, or a patient safety one.

While no PHI was disclosed, and no patients were harmed, the answer is simple: it’s both.

While the EHR remained functional and connected throughout the ordeal, portions Fletcher Allen’s network were down for periods of time.  Galen Healthcare Solutions offers VitalCenter, a downtime solution for the Allscripts Enterprise EHR – no matter why the EHR is unavailble.  For more information visit vitalcenter.galenhealthcare.com.

If you missed it, check out my PHI related blog from last month here.

Does your practice utilize the Finish Note task in Allscripts Enterprise EHR^TM? 

If you answered yes, then this blog is for you.

In this article, I wanted to show you two possible outcomes when working in your  v11 Note. You will notice that there are two similar workflows to add and commit clinical data in the note that will impact how a Finish Note task appears in a user’s task list.

While you will find that these two workflows are scaled down to be very basic and generic, I wanted to limit them to clearly demonstrate the difference between the two.

Workflow #1: Committing data while saving and closing the v11 note

In this workflow, we assume that the user already has the patient in context at the clinical desktop.

The basic steps of this workflow are as follows:

1. Create a new v11 note
2. Add a new clinical item
• For example: add vitals to the patient chart
3. Select “Save and Close” in the Note window
4. Select “Save and Continue” on the Encounter Summary
5. Navigate to the Task List and select the Current Patient – All task view

Here you can see that the outcome is:

- One Active Finish Note task

So in this case, using the Current Patient – All or Current Patient – Active task views, you will see that just one Finish Note task has been created in an active status.  The task indicates that the note has been created and saved.  Keep in mind, at this point, that the commit action occurred while the user selected Save and Close in the Note. In this workflow, the system only reviewed the data once.

Workflow #2: Committing data prior to saving and closing the v11 note

As we did in the first workflow, here we assume that the user already has the patient in context at the clinical desktop.

The basic steps of this workflow are as follows:

1. Create a new v11 note
2. Add a new clinical item
• For example: add vitals to the patient chart
3. Click the Commit button
4. Select “Save and Continue” on the Encounter Summary
5. Select “Save and Close” in the Note window
6. Navigate to the Task List and select the Current Patient – All task view

Here you can see that the outcome is:

- A Complete Finish Note task and an Active Sign-Note task

If you use a task view that simply shows Current Patient – Active, you would not typically see the Finish Note task in this instance, but instead the Sign-Note task.  This means the note has not been signed and might not be the task you expect to receive if you seek the Finish Note task.

While a Finish Note task has been generated and marked as Complete, there may yet be information to add to the note.  The logic behind this workflow is that the second action of “Save and Close” is the second review after having hit “Commit”, and therefore results in the outcome we see here.  In this case, the system has reviewed the data twice, and the Finish Note task in regards to this note is completed and the active Sign Note task is automatically generated.

My advice in this situation is to follow Workflow #1 when working in a v11 Note. If users are creating a note and adding clinical data, but need a provider or second user to receive a Finish Note task and add additional items to the note; use the first workflow.   This way, the Finish Note task will be assigned and visible to the correct person, and users will be trained in such a way that ensures the success of this workflow.

Please don’t hesitate to leave your feedback below or Contact Galen Healthcare Solutions should you have further questions!

Tags: Allscripts, Allscripts Enterprise EHR, EHR, Enterprise EHR, Galen Webcast Series, Tasks, TouchWorks, v11, v11 Note

In the past on this blog, we’ve addressed the top data integration challenges as well as the ROI of a results interface. Recently, Health Management Technology featured a related article on the economics of interfaces. The key points from the article were as follows:

• Opportunity Cost
• True Investment
• Integration is not simple
• Pitfalls of proprietary
• Features matter
• Think of the future

The last point of the article is one that is often overlooked when evaluating pursuing an interface. We have seen this a great deal recently in supporting data conversions for client’s switching EHR vendors and also for conversion of interfaces to support Hospital LIS (Laboratory Information System) and RIS (Radiology Information System) vendor changes. 

When we scope out conversions, one of the first questions we pose is if there are any existing interfaces with the EHR being sunset? If they are, we immediately inquire as to the expectations of end users having these interfaces in the new system – especially with regard to the interfacing with the practice management system. It is likely that users are going to want to be able to interface demographics and appointments from their existing PM system if that is not changing. Additionally, with regard to existing result interfaces with the current EHR, as part of the conversion, contingency plans for switching to paper results may need to be explored as a stop-gap solution until interfaced results are received in the new system.

Likewise, hospitals may decide to change their laboratory radiology system, or their radiology information system. This impacts downstream subscribers to that data – namely the clinics and providers in the ambulatory setting which send their orders to the hospital for fulfillment and currently receive results electronically. This is especially pronounced with radiology integration, where an ADT interface and an Imagelink interface may be involved in addition to the result interface. Again, a question that looms is who is responsible for paying for the costs associated with migrating vendors for a lab or rad information system and associated interfaces?

We recently had one client that put development of interfaces with the ambulatory EHR on hiatus until the hospital lab decided whether they were switching lab vendors. They felt like they didn’t want to sink costs into integrations only to have them rendered obsolete months down the road when the hospital made a vendor switch.

We’d love to hear other groups experiences with vendor migration and the associated costs of migration of interfaces. Share your stories and experiences on the Allscripts Interface Developer Forum.

Tags: Clinical Conversion, ConnectR, Data Conversion, HL7, HL7 Interface Cost, Integration, Interfaces, Results Interface

 In this demo, we will present Allscripts Enterprise EHR and RelayHealth Portal integration capability. This solution facilitates seamless integration between the two applications, offering single sign-on, messaging between provider and patient,and patient online indicator functionality.

Contact us today so your organization can realize the compelling benefits of Enterprise EHR RelayHealth Portal integration.

Tags: Allscripts Enterprise EHR, Allscripts Patient Portal Integration, Application Integration, EHR Patient Portal Integration, Enterprise EHR, Extensibility, Integration, Patient Online Indicator, Patient Portal Integration, RelayHealth, Single Sign-On

CMS released a couple of updates last month regarding Meaningful Use and the EHR incentive program. I wanted to pass this information along to our readers.

In their December 7 update, CMS indicated that “HHS announced its intention to delay the start of Stage 2 meaningful use  for the Medicare and Medicaid EHR Incentive Programs for a period of one year for those first attesting to meaningful use in 2011”.  The reason as such, according to them, is that the current schedule for compliance to Stage 2 could be a challenge for those that attested in 2011. The decision also was in consideration for vendors and practices.

 The CMS update identified some benefits from the proposal:

• The delay could provide vendors more time to develop their certified technologies for Stage 2
• The delay could also provide providers more time to implement the new software to meet Stage 2 requirements
• Expectations remain current so that providers attesting in either 2011 or 2012 begin Stage 2 in 2014
• And while 2011 has passed, CMS believed this idea would provide added incentive for providers to attest in 2011.

While I am sure there is a group of people out there that is ambitious enough to keep pace for this process, I am certain that we all can stand to benefit from the proposed delay.  The benefits from the added amount of time for both the vendors and practices/providers seem more appealing, in my opinion.

Back on December 1, CMS also announced a new tool to help Eligible Professionals (EPs) through the phases of Meaningful Use.  This tool is an eighty-five (85) page PDF file, dubbed as a “Beginner’s Guide”. This file provides a thorough, interactive walkthrough of Meaningful Use.

Among the items of information provided are:

• EHR Incentive Program basics
• How to participate (determining eligibility and registration)
• Meaningful use and choosing measures
• Attestation
• Helpful resources on the Medicare and Medicaid EHR Incentive Programs

Lastly, they also provided a link to their Educational Materials page for the EHR Incentive Program. This link offers an extensive array of files and tools regarding the EHR Incentive Program.  This is definitely a link to bookmark, as well as the guide previously mentioned.

If you haven’t already done so, visit the CMS EHR Incentive Programs webpage and register to receive their email notifications. 

Contact Galen Healthcare Solutions for any additional questions regarding Meaningful Use and Allscripts Enterprise^TM EHR.

Tags: Allscripts, Allscripts Enterprise EHR, EHR Certification, Enterprise EHR, Meaningful Use

Often times, clients take the approach that their interfaces are functioning as designed and don’t want to risk “breaking” the interfaces by making adjustments. However,  these interfaces may not be performing at maximum efficiency and/or may not be optimized to prevent errors. This issue is magnified for larger clients with a high volume of transactions.

Galen offers interface environment assessments  which leverage Galen’s ConnectR Toolbelt – a ConnectR Add-On – to provide interface engine health, findings and recommendations. Many of the reports offered in our assessment can be automated to email at a regular interval to appropriate stakeholders, yielding a view into the health of the interface engine, which is a critical component to the EHR as it files and extracts data real-time.

Two common opportunities for improvement, which are also incidentally inter-related, include auto-addition of dictionary dependencies (For example – type, status, scheduling location for appointments, order item, result item, and where performed for results) and interface database lookup scripts. In terms of auto-addition of dictionary dependencies, these interfaces are initiated before the main interface. For instance, an interface to check for the existence of orderable/resultable item, and auto-add if it doesn’t already exist can be initiated previous to the interface that actually files the result to the database.

With the aforementioned dictionary dependency interfaces, often times, dictionary lookup scripts are employed to “check” to determine if the particular dictionary item already exists in the database. In a high-volume interface, this can result in a tremendous number of “lookups” to the clinical Works DB only to result in a blocked message for the dictionary auto-add interface call in ConnectR (because the dictionary item already exists). These database lookup scripts are very “costly” in performance terms and can take tens or hundreds of times longer than an in-memory look-up. This adversely affects the systems required to do that look-up – the database and network specifically. We have developed a Cached ConnectR Lookup solution which provides an alternative to the costly traditional database lookup scripts.

In conclusion, we highly encourage clients to take time to evaluate the performance of their interface engine. As those who own a vehicle can attest, preventative maintenance is much more desirable than waiting until something breaks.

Galen offers interface assessments, on-site and on-line interface mentorship services, tier 2 interface maintenance and monitoring services (staff augmentation) and general interface consultation. Please contact sales@galenhealthcare.com  if you or your organization would like to learn more about how Galen Healthcare Solutions can help you.

Tags: Allscripts Best Practices, Allscripts Interface Engine, Allscripts Interface Training, Assessment, ConnectR Assessment, ConnectR Best Practices, ConnectR Cache, ConnectR Memory, ConnectR Performance, ConnectR Training, Integration, Interface Assessment, Interface Performance, Interfaces, Interoperability

Recently, I’ve seen several clients struggle to understand this issue and I’d like to give some information about what causes it and how to correct it.

There are several levels at which a Requested Performing Location (RPL) can be linked to a Billing Location. The highest such level is in the Requested Performing Location Dictionary (TWAdmin > Dictionaries > Requested Location). When an RPL and Billing Location are linked at the dictionary level, any order placed for that RPL will inherit the respective Billing Location.

Some of the AEEHR implementations (Ready, Gold, etc) are delivered with the In Office RPL linked to the Touchworks Clinic Billing Location. Most clients will want to change this setting, but in certain releases, this setting cannot be changed from within the RPL Dictionary.

One workaround that I seen attempting to fix this problem would be to inactivate the Touchworks Clinic Billing Location entirely. Unfortunately, this will not correct the issue. Front end users will find that their In Office orders still default to the Touchworks Clinic Billing Location.
The only way undo the linkage is via SSMT. The steps are listed below:

1. Extract the Performing Location content category.
2. Find the column DefaultBillingLocationEntryName.
3. Delete every instance of Touchworks Clinic.
4. Reload into the same content category.

If the Touchworks Clinic Billing Location has already been inactivated, you may see the In Office RPL linked to a blank cell in the DefaultBillingLocationEntryName column. If this is the case and the RPL is still defaulting to Touchworks Clinic, then we recommend copying and pasting another Blank row into the DefaultBillingLocationEntryName column. This should do the trick!

Now you should logout of AEEHR then back in and test the behavior. A blank billing location is what you are hoping to see.

Tags: Allscripts Charge Module

Galen’s Interface Team had a full house in Boston yesterday, hosting twelve interface analysts from ten healthcare organizations throughout the country, for Galen’s first Results Interface Conference

The training covered the topic of building and maintaining results interfaces within the Allscripts Enteprise EHR. The group covered ImageLink, order reconciliation, Requested Performing Location identifiers, auto synching, troubleshooting errors and the underlying data model.

While I have great confidence in our Interface Team and the instruction provided given their expertise, the best part of the day was the interaction that occurred between the different healthcare organizations that attended the training. Throughout the day, I saw attendees pulling each other aside during breaks. They were discussing approaches to resolving errors they saw in their own environments, best practices for building new interfaces and trading ideas on working with microbiology results in Enterprise (a perennial issue).

The group continued conversations started on the Allscripts Interface Developers Network, which I’m sure will continue today and in coming months.

We look forward to offering similar conferences and trainings, and would love to get your thoughts on what type of training sessions and conferences we should host in the future.

In the professional world, most of us spend a varying amount of time on conference calls. This can be said of folks both in an office or remote location.  For those that can remember, meetings mainly use to be face-to-face in a meeting room. There was not a dial in number or participant code. People joined around a table or in an audience. Telecommuting was very limited not too long ago.

Technology has certainly driven a shift in how we do business now. More and more people in the workforce perform their jobs remotely. Meetings, for the most part, rely upon a toll-free number and the comforts of your desk at the office or at home. Being a remote employee myself, I wanted to contribute this week with some tips that I have learned regarding conference calls.

 Scheduling

 -          Software

• Be aware of what scheduling program others use. One example is Microsoft Outlook. External recipients may not have the same program and therefore you increase your risk of someone not receiving important invite information

-          Time Zones

• It is important to know if there are differences in the time zones that attendees currently reside. This is critical for arranging the meeting time.

-          Length

• Try to keep meetings to an appropriate length. Estimate a realistic amount of time to set aside. This is beneficial to stay efficient and make the best of everyone’s schedule.

-          Coordinate

• Actively coordinate times between standing meetings both for yourself, and attendees.  Keep in mind that it may not always be possible to accommodate 100% of the requested attendees. It is however good practice to accommodate most attendees, especially essential attendees.

-          Prepare

• For more formal meetings, or meetings that have structured purpose, create an agenda both for yourself as a host and attendees.
• An agenda helps hosts prepare for the meeting, as well as attendees prepare for relevant talking points as necessary. Share the agenda if necessary

-          Arrival

• Try to join the call at least three (3) to five (5) minutes prior to the call start time. This will allow the host to begin the meeting on time. The exception to this would be when calls are scheduled back to back.

During the call

-          Noise

• As an attendee, it is absolutely critical to not cause background noise during a call. My main rule: If I’m not talking, I’m on mute.
• Some conferencing services allow the host to mute all attendees. That feature is excellent for webinars, as this is often used during the Galen Webcast Series.
• Less formal calls don’t require this kind of mind set; therefore it is best to gauge the call to determine your actions.

-          Start

• Meetings should begin on time as best as possible. Starting a meeting on time respects the efficiency of everyone’s schedule and optimizes the time allotted to tackle an agenda. Again, a barrier to accomplishing this occurs when meetings are frequently scheduled back-to-back.

-          Stick to the point

• Meeting hosts should manage the call effectively. Stick to agenda items.
• Prevent yourself and attendees to digress or side track from the topics at hand.  Meetings will often end too early or extend past a planned time if participants speak “off topic” or ineffectively discuss agenda items.

-          Listen

• Active participation in a call is expected of attendees.
• Try at every extent to not multitask during a call. You never know when the conversation might turn to you. Calls are not efficient when a participant is not paying attention; additionally the participant’s image is reflected poorly.
• Be mindful of any language barriers. Diversity is an excellent aspect of the globalization business operations. Respect and pay closer attention to those you might not easily understand, both in dialect and grammar.

-          Parking Lot

• Keep a “parking lot” list during the call for action items. This is something best done by the host or delegated to an attendee to maintain and share after the call.
• Other participants should keep their own list as well, in case of personal action items. This way, you aren’t waiting for the list from someone else for your items.

-          Notes/Minutes

• As similar to the parking lot list, someone should actively take minutes for more formal calls to share with the meeting participants. This helps solidify any items mentioned in the call and records for future reference.
• For formal and non-formal calls, it is very effective to take notes for personal use for future reference.

-          End

• Hosts and attendees that manage the time effectively often may finish early and return some time to the day.
• Be aware of the time relative to the scheduled end time. Once it draws about five (5) minutes before the scheduled end time, determine the best next course of action. The action either could be one of three possibilities: Continue with all or a portion of the participants, reschedule the call to proceed with the conversation, or end the call as it stands. The latter being the least likely course of action.
• If the meeting needs to be rescheduled, be mindful of the scheduling tips mentioned previously. Scheduling a new call can be done after the current call.
• Clearly express any expectations prior to adjourning the call.
• Thank everyone for their time!

 After the call

-          Wrap up

• Send out any new meeting invites as soon as the prior call has ended.
• If any minutes or notes were taken, be sure to share the documentation with the attendees (as necessary) as soon as possible.
• Act upon any action items either for the parking lot list or assigned items as necessary. The sooner something is completed, the sooner it is off the list!
• For more formal calls and as a host, be sure to send a follow up thank you note to participants for their time.

-          Feedback

• For webcasts or formal calls, request feedback for continuous improvement.

Some of these tips do blend into the topic of time management. I think time management becomes more crucial before, during, and after conference calls. As we are more remote these days, more effort is needed to close any loops between meeting attendees. Some meetings are simpler and require less attention, whereas some meetings are more formal and require great effort.

The tips I shared are simply from personal experience. I know people with far greater experience have dedicated books to this topic. I thought some might benefit from a brief article regarding conference calls and some friendly advice.

I am absolutely positive there are people that agree, disagree, and have their own perspective or tips to add!  Please, share your thoughts, feedback, stories, and tips in terms of conference calls! I look forward to seeing this discussion continue and what others might have to contribute to this matter.

Tags: conference calls, Galen Webcast Series, Training

 The Allscripts Enterprise EHR is a wonderful example of the healthcare industry utilizing technology to improve the overall quality of the care provided to its patients, who are ultimately its customers.  While many arguments can be made in favor of the electronic health record, perhaps none is more prevalent than the ability to have a patient’s chart only a few clicks away.  The EHR stores an incredible amount of information about patients – from general information that helps identify, such as name and mailing address, to more personal and medically relevant information such as diagnoses and allergies. Let us examine the Allscripts Enterprise EHR, and the various resources that help it work, in the context of Protected Health Information security and privacy.

HIPAA, the Health Insurance Portability and Accountability Act of 1996, is legislation that protects health insurance coverage when workers change or lose their jobs, while also limiting restriction of benefits for preexisting conditions.  It also created several programs to control fraud and abuse within the healthcare industry.  These initiatives are contemplated by HIPAA’s Administrative Simplification Rules, two of which are summarized below:

-        The Privacy Rule

“The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties.”  (www.hhs.gov/ocr/privacy/hipaa)

-        The Security Rule

“The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI). Within HHS, the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules with voluntary compliance activities and civil money penalties.” (www.hhs.gov/ocr/privacy/hipaa)

Protected Health Information (PHI) is generally defined as follows:

“ Any information in the medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment.”

ePHI, or electronic PHI is described the same way, except it refers to information only in the electronic form.  If you’re using Allscripts Enterprise EHR to look at a patient’s chart on a computer screen, smartphone, iPad, etc., it’s considered ePHI, but if you utilize the application’s print function and then are physically holding a piece of paper in your hand, it’s PHI.  PHI encompasses ePHI and the differentiation only serves to indicate whether or not the information was in electronic form.

HIPAA specifically lists 18 types of information that qualify as PHI.  That list can be found here.

Where do we find PHI within an Allscripts Enterprise EHR implementation?

There are three major ways to encounter PHI within Allscripts:

-        Allscripts Enterprise EHR – the application itself.

-        Works database – the back end database that houses most information filed into and out of the EHR.

-        ConnectR interface engine – this software processes messages, primarily in the HL7 format, to get information in and out of the EHR.

In the screenshot below we see the Clinical Desktop for patient Kelly Test within the EHR. In this single screenshot we see pertinent information in the patient banner that is used to uniquely identify Kelly Test – her first and last name, date of birth, and phone number.  We also see a current health problem of Emphysema, laboratory orders and results, and the fact that she is allergic to Morphine/Morphine Derivatives. All of this is Protected Health Information.

In the next example we’ll look at the Works database, the SQL Server database that houses most of the data found in the EHR.

The SQL in the example queries several tables within the database, including the Person table and the Problem table.  Several other tables and specific columns are integrated into the query; the result of which produces a listing of all of the patients that have electronic health records within this (test) hospital or clinic, along with the corresponding problems and specific ICD-9 codes for those patients.  This query illustrates the nature of the information inside the Works database and emphasizes the PHI it contains as well.

Lastly, let’s examine an HL7 message being used to communicate a laboratory result for Kelly Test.

Most HL7 messages will contain a PID (Patient Identification) segment.  This message segment alone is full of protected health information, as it is designed to communicate a patient’s full name, date of birth, address, phone number, and MRN, among other types of information.  From this single message we learn that there is a patient named Kelly Test, born on January 1, 1981, currently living at 101 Tremont St. in Boston, MA.  Also contained in this example HL7 message is a DG1 segment, which contains information pertinent to Kelly’s diagnosis.  In this specific example we find the value ‘1540’ in DG1-3.  The value ‘1540’ is an ICD-9 code, so this HL7 message tells us that Kelly Test has been diagnosed with a type of cancerous tumor.

The Allscripts EHR and the components of its implementation, such as the Works database and interface engine, store, utilize, and make available an incredible amount of information. Much of this data is Protected Health Information (PHI) and should be secured and protected in accordance with HIPAA and other legislation such as the HITECH Act.  We want you to be aware of the most common ways to access PHI while using Allscripts Enterprise EHR, and encourage you to contact us with any questions or concerns.

Tags: Allscripts Enterprise EHR, ConnectR, HIPAA, HITECH, PHI, Privacy, Protected Health Information, Security, Works DB