HIPAA Compliant EHR

To ensure compliance with federal and local requirements, updates to AWARDS are performed behind the scenes, while our Client Services team communicates with you about how these changes might affect your workflow. Because Foothold grew out of human service agencies, we can be proactive about preparing our clients for upcoming changes in technology and the industry.

AWARDS is HIPAA-compliant, is federally certified as an Electronic Health Record (EHR) for Meaningful Use and offers full interoperability with any other federally certified system for participation in Health Information Exchanges (HIE) and RHIOs. It is also the only record-keeping system that is certified as both a Behavioral Health EHR software system and a HMIS software package (Homeless Management Information System).

Below are just a few of our certifications.

National, State and Local Standards

Meaningful Use Certification

Drummond Certified | ONC-ACB Complete EHR AMBULATORY - 2014 EditionThis AWARDS Electronic Health Record is 2015 Edition compliant and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of the U.S. Department of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services or guarantee the receipt of incentive payments.

Product Information

Regulation § 170.523(k)(1)(i)-(ii) requires that developers post the following information on their website. This information can be found on the product’s Certificate of Compliance issued by Drummond Group upon successfully achieving certification.

  • Developer organization name: Foothold Technology
  • Date the product was certified: 12/20/2017
  • Product name: AWARDS 3.0
  • Unique certification number:
  • Certification criteria to which the product has been certified: 170.315 (a)(1-14); (b)(1-6); (c)(1-3); (d)(1-9); (e)(1-3); (g)(2-9); (h)(1)
  • CQMs to which the product has been certified: 2v7; 68v7; 69v6; 128v6; 137v6; 138v6; 156v6; 159v6; 160v6; 161v6; 166v7; 169v6; 177v6
  • Any additional software the certified product relied upon to demonstrate its compliance with certification criteria: used: IMO 2.0 (Intelligent Medical Objects), Surescripts ePrescribing, Digital Rx (H2H Solutions)
  • ONC Disclaimer:This Health IT module(s) is 2015 Edition compliant and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of the U.S. Department of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services. Drummond Group is accredited by ANSI and approved by ONC for the ONC Health IT Certification Program to certify: Health IT Module(s) and Certification of other types of Health IT for which the Secretary has adopted certification criteria under Subpart C of 45 CFR.

Costs and Limitations

AWARDS Is a Certified EHR

If you are using AWARDS and have an Eligible Professional (EP) on your staff (a Psychiatrist, Doctor, Nurse Practitioner or APN), you may be able to collect $63,750 per EP through the Federal Meaningful Use incentive program. (Five EPs? $318,750!)

HIPAA Information for our Clients

While AWARDS is HIPAA-compliant, Foothold understands that our customers may be confused about their responsibilities under HIPAA and experiencing some difficulty in determining whether and to what degree HIPAA affects them. Below you will find a link to a BAA that you should ask us to sign as well as a link to the Federal HHS home for HIPAA-related questions. (This information is provided “as is” without any express or implied warranty. This information does not constitute legal advice. If you require legal advice, you should consult with an attorney.) Additionally, Foothold has developed relationships with a number of high-quality, nationally known security firms and would be happy to put you in touch with them should you be interested.

For the most part, our industry has never really thought of itself as being part of the larger physical healthcare system and so, in many cases, HIPAA is thought of as something that your vendors can take care of for you. While that may be true in many cases, you are, in all likelihood, a Covered Entity under HIPAA and as a result, it is worth your looking into whether and to what degree your organization reflect the principles behind HIPAA.

Click here for a sample agreement that should be signed by and between the provider and any and all Business Associates as defined by HIPAA.

Click here for a link to the Federal HHS HIPAA Page.

HIPAA 5010 Certified | 270 EDI Health Care Eligibility/Benefit Inquiry

HIPAA 5010 Certified | 837P EDI Health Care Claim - Professional

HIPAA 5010 Certified | 837I EDI Health Care Claim - Institutional

Data Retention

How long we retain your Personal Data is dictated by the Health Insurance Portability and Accountability Act as well as the HiTECH Act. Foothold Technology is a Business Associate as defined by HIPAA and we will retain your Personal Information for the period necessary to fulfill the purposes outlined in the Federal law and our Business Associates Agreement.

Here are a few links with valuable information on HIPAA and compliance.

HIPAA Compliance in AWARDS

Among other things, the new HIPAA regulations are designed to protect the security and privacy of agencies and the consumers they serve. At Foothold Technology, security is our top priority. Using Secure-Socket Layer (SSL) and 256-bit encryption technologies, Foothold Technology’s security is second to none. We utilize several layers of encryption to protect data from both external sources and internal accessibility. Below are a number of our specific security measures which should address any concerns you may have.

  • AWARDS safeguards the confidentiality of chart records.
  • All system users must authenticate themselves using a login and encrypted password. Passwords must meet minimum standards such as not using words found in a dictionary.
  • Your agency has its own separate database and database server process with login accounts for your agency’s staff only.
  • The database server is protected by a “firewall” that by default blocks all access except the secure sockets layer connection to the web server process running for your agency alone.
  • All data transmitted to and from the database server uses 256-bit encryption, the highest legal limit. This is the same encryption used by online banking.
  • Physical access to the servers is under lock and key. Backup media can be transported offsite by messenger and stored at a secure site under lock and key.
  • No access to chart records is permitted unless the user is Direct Care staff in that clinical program as determined by caseload information, or the user is a supervisor in that program, or that program’s director has granted a specific permit to the user.
  • Access to progress notes is restricted to the past 10 days unless the consumer is on the caseload of the user, or the user is the program director, or the program director has issued a specific permit to the user. All exception permits have expiration dates set at the time the permit is issued.
  • AWARDS keeps an audit trail each time a progress note is viewed.
  • AWARDS blocks all access to notes concerning incidents except by the note writer and users who have a permit to access these notes.
  • Whenever an exception permit is issued to grant access to chart records, all administration staff with permits to issue such permits are automatically notified by an internal email message.

Foothold Technology completed a 3rd party HIPAA compliance assessment. Check out this summary from our cybersecurity consulting firm, GreyCastle.

New York State Office of Mental Health – PROS

Personalized Recovery Oriented Services (PROS) is a comprehensive recovery-oriented program for individuals with severe and persistent mental illness. The goal of the program is to integrate treatment, support, and rehabilitation in a manner that facilitates the individual’s recovery. Goals for individuals in the program are to: improve functioning, reduce inpatient utilization, reduce emergency services, reduce contact with the criminal justice system, increase employment, attain higher levels of education, and secure preferred housing.1

AWARDS has tools that make PROS reporting and billing easier, including:

  • End-to-end screening and tracking of individuals receiving services in any of the PROS Components including CRS, IR, ORS and optional Clinical Treatment
  • One-click availability of the automated PROS Monthly Summary Record of Services (PROS Units Calculator)
  • Intensive case tracking including Individualized Recovery Plans, PROS Progress Notes and Groups, Onsite/Offsite Program Attendance Tracking
  • Standardization of agency data collection and charting procedures
  • More staff accountability through reporting, audit trails and reminders
  • Easier access to your data, accessible from any location at the agency
  • Easier audits using AWARDS’ robust reporting functionality

1“PROS Description”. New York Office of Mental Health. http://www.omh.ny.gov/omhweb/pros/

New York State Office of Mental Health – APGs

In 2010, the New York State Department of Health (NYSDOH) announced that the federal Centers for Medicare and Medicaid Services (CMS) approved the State Plan Amendment authorizing the Ambulatory Patient Group Payment (APG) Medicaid payment methodology for freestanding Diagnostic and Treatment Centers and Ambulatory Surgery Centers on June 14, 2010. Foothold Technology is prepared to handle the transition to new service categories, codes, and billing rules.

Click here to learn more about APGs and AWARDS.

HL7 – Health Level Seven International

HL7 International | ANSI Accredited Standards Developer - Member 2014

“Level Seven” refers to the seventh level of the International Organization for Standardization (ISO) seven-layer communications model for Open Systems Interconnection (OSI) – the application level. The application level interfaces directly to and performs common application services for the application processes. Although other protocols have largely superseded it, the OSI model remains valuable as a place to begin the study of network architecture. View our updated certification here.

I’d like to let you know that our fiscal auditors were very impressed with the system and felt that with the one-time stamp issue for any and all changes to a note it met the criteria for electronic signatures. Additionally, they seem to be accepting of the electronic signature provided during the recent audit. This was extremely helpful during the audit.

Darcy McCourt, Director of Residential Services, Gateway Community Industries, Inc.

This entry was posted in . Bookmark the permalink.