Information Technology Overview
Scout Software-as-a-Service (SaaS)
The Scout software-as-a-service (SaaS) is a client-based software application that is utilized in conjunction with the Scout hand-held imaging device and serves as a mechanism to capture, analyze, and securely store and manage patient data and images. Designed with security as priority, cloud-based connectivity through the Scout’s dedicated web service meets the end-to-end security requirements of the healthcare industry including HIPAA, HITECH, and HITRUST. The Scout software also supports the industry interoperability standards such as HL7 and DICOM so that the exchange and interpretation of data and images can integrate seamlessly into the provider’s existing EHR infrastructure.
WoundVision’s secure, protected, and compliant software products have all been built using HIPAA/HITECH best practices for designing and developing scalable, enterprise-wide applications across the continuum of care. WoundVision supports a secure multi-tenant database that is designed with a robust security foundation to support compliance with the healthcare industry’s standards. The diagram below provides an illustration of the system architecture. Regular reviews of the architecture are conducted to ensure the security and confidentiality of each client’s data.
WoundVision’s products are hosted within the private datacenters of our trusted partner, Bluelock. The highlights of Bluelock’s datacenters include:
- Bluelock datacenters are ranked in the top 3% of all US datacenters
- Support for HIPAA covered entities achieved through annual third party SSAE SOC II audit and review of controls, which are also tested for alignment with HIPAA/HITECH requirements and comply with accepted security and availability best practices – only 8% of all US service providers are SOC II audited and most only execute SOC 1
- State of the art, concrete datacenter facilities
- Services and support follow ITIL-aligned processes, methods, and procedures
- Redundant networks, power, and environmental controls with 24-hour access control and physical security
- Dedicated private cloud resources and encrypted storage
All customer data is stored in a secure Bluelock datacenter and is replicated to redundant storage. Backups and snapshots of server data are captured on a regular basis and stored securely offsite on encrypted media. Disaster recovery tests verify the integrity of our customers’ data. This design provides the ability to rapidly restore in the case of catastrophic loss.
At WoundVision, we work with various third party organizations to ensure that our products and services meet or exceed industry standards with respect to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). WoundVision’s products and services are specifically designed to include features that help our customers comply with HIPAA. We will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of customer data. All storage and transmission of Patient Health Information (PHI) is handled in a secure manner that protects the integrity, confidentiality, and availability of the information.
HIPAA requires health care providers to enter into “business associate” contracts with certain businesses to which they disclose PHI. These business associate contracts generally require the recipients of such information to use appropriate safeguards to protect the PHI they receive. To perform certain service and support functions, WoundVision employees and agents of the company may need access to PHI maintained by its customers. All third-party agents of the company with potential access to PHI are required to enter into a business associate contract with WoundVision. WoundVision provides our customers with a standard business associate contract that complies with HIPAA requirements.
WoundVision’s business associate contract assures our customers that the we will safeguard PHI from misuse.
The Scout is designed to be installed and deployed on an end-user’s PC as an executable application and can be accessed from any computer that meets minimum requirements and is connected to the internet (networks that are protected by a firewall or proxy, must give Scout permitted access). Scout requirements include:
- OS: Windows 7 SP1 or later
- IE: 11 or greater
- Processor: Intel Core i5 3rd generation (or equivalent) or better
- Memory: 4GB or greater
- Resolution: 1600×900 or greater
- Other Software: PDF Reader, Microsoft .NET Framework 4.6, DirectX, Visual C++ Runtime
WoundVision Bridge provides a mechanism to securely send and receive data between WoundVision and 3rd party HL7, DICOM, or web API interfaced compliant clinical systems. Standard integration functionality includes:
- Inbound patient demographics from Electronic Medical Record (EMR) to Scout
- Outbound patient images/reviews from Scout to EMR