Doctella’s Implementation of ONC Guidelines
ONC has published guidelines that health care apps should adhere too. Patient Doctor Technologies, Inc. owner and operator of Doctella has not obtained formal certification of adherence to ONC guidelines. However Doctella has taken great care to make sure the application meets and exceeds ONC recommendations fitting for Doctella’s target use cases for patients. Below is an overview of Doctella’s adherence to ONC guidelines.
45 CFR 170.315 (b)(6) (Data Portability): Providers and Patients can export their data via PDF from the system. ONC recommends the system should have ability to export data as CCD however in the case of Doctella this not relevant because Doctella only has patient actions in response to digital interventions sent by the doctor. There is no standard for patient actions described in CCD format. We are planning to submit a proposal to HL7 working groups to create a standard format for patients actions.
45 CFR 170.315 (d)(1) (Access Control): The system only shows data based on user access privileges. Access is based on privileges that can be traced to each patient’s authorization and consent to share data with a group of providers or caregivers.
45 CFR 170.315 (d)(2) (Auditable Events): Each event is logged and stored for future audit if required
45 CFR 170.315 (d)(3) (Audit Reports): Appropriately privileged users can create reports to review and analyze audit reports.
45 CFR 170.315 (d)(5) (Access Timeouts): Each login and access to the system has a timeout that requires providers and patients to login
45 CFR 170.315 (d)(7) (End-to-End Device Encryption): The system ensures privacy on end user devices by encrypting all PHI data using the user credentials. This ensures the highest level of security on end devices.
45 CFR 170.315 (d)(8) (Data Integrity): The system uses cryptographically based mechanisms to verify data integrity
45 CFR 170.315 (d)(9) (Trusted Connection): The system uses SSL to establish secure communication with the server
45 CFR 170.315 (d)(11) (Accounting Disclosures): With each CareProgram shared with patients, the system logs sender username, date time.
45 CFR 170.315 (g)(3) (Safety-Enhanced Design): The system design is based on user-centered design and is periodically reviewed and updated to improve the design.
45 CFR 170.315 (g)(4) (Quality Management System): The system is not certified and is not seeking certification for any Health IT Modules hence this does not apply. That being said a QMS is used for during the development of the system.
45 CFR 170.315 (g)(5) (Accessible Design): The system is not certified and is not seeking certification for any Health IT Modules hence this does not apply.
45 CFR 170.315 (g)(7) (Patient Selection): Each user is uniquely identified in the system with at least one verified contact information.
45 CFR 170.315 (g)(8) (API Access): The system supports data retrieval for individual categories based on patient id. However since CCD does not support data fields for patients action the system does not support individual categories specified in CCD standard.
45 CFR 170.315 (g)(9) (CDA Access): CCD does not support data fields for patients action the system does not support individual categories specified in CCD standard.
45 CFR 170.523 (k)(1) (Pricing Transparency): Doctella offers clear and simple pricing with a clear description of features on its website www.doctella.com. However please note that Doctella does not claim that it meets any meaningful objectives and measures.
45 CFR 170.523 (n) (Complaint Process): If the company receives complaints via its support email the company reports appropriate complaints to the National Coordinator on a quarterly basis each calendar year that includes the number of complaints received, the nature/substance of each complaint, and the type of complainant for each complaint.