This Complete EHR is 2015 Edition compliant and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.
Certified Product Information:
Developer Name: Painted Horse, Inc. (PHI Medical Office Solutions)
Product Name: PhyGeneSys EHR
Certificate Number: 0015EH5U4YSU6VK
Certified Date: 8/12/2019
|170.315(a)(1) – Computerized provider order entry – medications||170.315(a)(2) – Computerized provider order entry – laboratory|
|170.315(a)(3) – Computerized provider order entry – diagnostic imaging||170.315(a)(4) – Drug-drug, drug-allergy interaction checks for CPOE|
|170.315(a)(5) – Demographics||170.315(a)(6) – Problem list|
|170.315(a)(7) – Medication list||170.315(a)(8) – Medication allergy list|
|170.315(a)(9) – Clinical decision support (CDS)||170.315(a)(10) – Drug-formulary and preferred drug list checks|
|170.315(a)(11) – Smoking status||170.315(a)(12) – Family health history|
|170.315(a)(13) – Patient-specific education resources||170.315(a)(14) – Implantable device list|
|170.315(b)(1) – Transition of care||170.315(b)(2) – Clinical information reconciliation and incorporation|
|170.315(b)(4) – Common Clinical Data Set summary record –create||170.315(b)(5) – Common Clinical Data Set summary record –receive|
|170.315(b)(6) – Data export|
|170.315(c)(1) – clinical quality measures – record and export||170.315(c)(2) – Clinical quality measures – import and calculate|
|170.315(c)(3) – Clinical quality measures— report|
|170.315(d)(1) – Authentication, access control, and authorization||170.315(d)(2) – Auditable events and tamper-resistance|
|170.315(d)(3) – Audit report(s)||170.315(d)(4) – Amendments|
|170.315(d)(5) -Automatic access timeout||170.315(d)(6) – Emergency access|
|170.315(d)(7) – End-user device encryption||170.315(d)(8) – Integrity|
|170.315(d)(9) – Trusted connection|
|170.315(e)(1) – View, download, and transmit to 3rd party||170.315(e)(2) – Secure Messaging|
|170.315(e)(3) – Patient health information capture|
|170.315(g)(2) – Automated measure calculation||170.315(g)(3) – Safety-enhanced design|
|170.315(g)(4) – Quality management system||170.315(g)(5) – Accessibility-centered design|
|170.315(g)(6) – Consolidated CDA creation performance||170.315(g)(7) – Application access -patient selection|
|170.315(g)(8) – Application access -data category request||170.315(g)(9) – Application access –all data request|
|170.315(h)(1) – Direct Project|
|CMS22v7||Preventive Care and Screening: Screening for High Blood Pressure and Follow-Up Documented|
|CMS65v8||Hypertension: Improvement in Blood Pressure|
|CMS68v8||Documentation of Current Medications in the Medical Record|
|CMS69v7||Preventive Care and Screening: Body Mass Index (BMI) Screening and Follow-Up Plan|
|CMS139v7||Falls: Screening for Future Fall Risk|
|CMS160v7||Depression Utilization of the PHQ-9 Tool|
|CMS165v7||Controlling High Blood Pressure|
|CMS177v7||Child and Adolescent Major Depressive Disorder (MDD): Suicide Risk Assessment|
Costs and Limitations of Certified Health IT
Limitations may include, whether by contract or otherwise, the use of any capability to which technology is certified for any purpose within the scope of the technology’s certification, or be in connection with any data generated in the course of using any capability to which health IT is certified.
Limitations that could affect the usage of certified capability include:
- One-time license fee, applicable per Provider.
- Fixed monthly fee per provider to use the software and services as stated in the signed contract.
- One-time cost per each integration setup. The integration fee is for each health information exchange, such as Lab Interface, HL7 Interface, Immunization Interface, Imaging Interface, etc. where applicable.
- Monthly cost per e-prescribing/e-checking Provider.
- Additional charges to enable EPCS prescribing per Provider & to establish connection with new Trust Network.
- Provider licenses as PhyGeneSys is licensed on a per Provider basis that cannot be shared between Provider.
- Third-Party Interfaces.
- Signed contract when purchasing PhyGeneSys. That contract does not contain limitations for the certified capabilities.
- In order to use the Patient Education InfoButtons, our software is dependent on the NLM MedlinePlus Connect API launching secure website: https://medlineplus.gov and https://apps.nlm.nih.gov.
- In order to use Implantable Device List, our software is dependent on the NLM AccessGUIDID Device Lookup API: https://accessgudid.nlm.nih.gov/resources/developers/device_lookup_api.
- The PhyGeneSys software does not directly encrypt data at rest. PhyGeneSys recommends the use of third party software to fully encrypt all disk drives where the software is used. This whole disk encryption ensures that all data stored on the end user device is encrypted in a FIPS 140-2 Annex A compliant method so that the PHI is protected. For example, BitLocker (https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview) can be set to encrypt an entire disk volume using the AES encryption algorithm.
- Pursuant to Secure Exchange Solution (SES)’s security policy, the Direct Messaging capability is restricted, and users will be unable to exchange messages with users of third-party HISPs with whom the developer does not have a trust agreement. Secure Exchange Solutions is a member of the DirectTrust community and is capable of exchanging with others within the DirectTrust community.
- Electronic Prescribing [Relevant certification criteria: §§170.315.b.3] – This functionality allows providers to send unlimited prescriptions electronically to pharmacies and receive unlimited refill requests from pharmacies. Providers may pay an annual or monthly subscription fee ongoing based on their preference. No contractual limitations.
- Receiving/Transmitting Transition of Care Summaries [Relevant certification criteria: §§ 170.315.b.1 and 170.315.h.1] – This functionality allows users to send and receive Direct-based messages to/from other users of certified health IT systems. Direct messages may include clinical data, notes, and other information. Providers may pay a monthly fee ongoing for Direct messaging service. Users will be limited to exchange Direct Messages with users and 3rd party Health Information Service Providers (HISPs) that have a trust agreement with EMRDirect.
Some of the costs listed above recur monthly/yearly and some are one-time setup costs.
There are costs associated with the software itself, user licenses, monthly subscriptions, any third party options / modules as selected by the client and for implementation and training. Third-party vendors are integrated within the software; therefore, the client may not choose any service they wish for integration purposes.
Limitations may include, but are not limited to, technical or practical limitations of technology or its capabilities, which could prevent or impair the successful implementation, configuration, customization, maintenance, support, or use of any capabilities to which technology is certified; or that could prevent or limit the use, exchange, or portability of any data generated in the course of using any capability to which technology is certified.
- There are no technical limitations to PhyGeneSys version 5.0.
Additional Software Required:
- SQL Server 2008 R2 or later
- Windows 2008 R2 Server or later
- Windows 10 Professional
- MS Office 2010
- MD Toolbox for eRx
- EMR Direct for Direct Messaging
- Medline Plus
Link to the Drummond Certificate:
Click here to view the PHI Medical Office Solutions ONC Certification Certificate for PhyGeneSys.