Certifications

We are committed to providing outstanding solutions to out-of-hospital healthcare providers, as validated by our industry accreditation.

Updox cares about our customers and wants to exceed their expectations concerning Security and Privacy therefore we undergo four (4) very intensive accreditations bi-annually. During the rigorous accreditation process Updox provides evidence that meets EHNAC criteria in areas such as:

  • Review of HIPAA Privacy Policies and Procedures
  • Review to ensure HIPAA Security safeguards are in place (Administrative, Technical and Physical)
  • Identification and Review of Data Flows pertaining to PHI/PII within and outside of organization
  • Verification that Business Associate Agreements are in place and monitored with relevant entities
  • Review of Disaster Recovery Plans and Business Continuity Processes
  • Review of Customer Service Metrics
  • Validation of Compliance with industry standards
  • Review of IT Security best practices
  • Validation of system availability and capacity metrics

Privacy & Security Accreditation (EHNAC)

EHNAC is the largest accreditor of healthcare networks in the United States and has been accrediting electronic healthcare networks and related entities for over twenty years. Every assessment addresses both Privacy and Security plus EHNAC holds its candidates responsible for the method in which they deliver their specific services. HITRUST CSF® requirements for Privacy and Security are included within the program that Updox is accredited.

Key metrics EHNAC holds its candidates responsible include:

  • Demonstrating responsibility for transaction accountability and performance
  • Proving attainment of key customer satisfaction metrics
  • Conducting business in a fair and honest manner
  • Providing a workforce that is trained and resilient
  • Ensuring facilities and systems are properly managed with capacity assurance
  • Operating facilities and systems with resiliency and disaster preparedness
  • Scrutinizing third parties through interviews and on-site visits.

DirectTrust HISP, RA, CA, Accreditation (Direct Secure Messaging)

Our other three (3) accreditations are with a highly esteemed organization known as DirectTrust which is also known as a pioneer in the secure exchange of healthcare information.

Updox is accredited as a RA (Registration Authority), a CA (Certificate Authority) and a HISP (Health Information Services Provider).

Accreditation as a HISP, CA and RA by DirectTrust brings recognition that Updox operates at a very high-level pertaining to privacy, security, and trust in identity, and signals to users/subscribers that Updox is a trustworthy agent and service provider for Direct Secure Messaging.

A HISP is an organization that provides direct messaging services to securely transmit healthcare information over the internet.

An RA is an organization that verifies the identity of individuals using direct messaging. Identity verification helps further security by verifying that users “are who they say they are.”

A CA is an organization that issues digital certificates to direct messaging organizations and users. Certificates help to ensure that direct messaging is secure.

ONC Health Information Technology Certification

This Health IT Module is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.

Updox HISP, CA, and RA services are DirectTrust and EHNAC accredited and Direct services are ONC certified.

Direct Messaging

This functionality allows practice/hospital users to securely exchange direct messages with external providers. Direct messages may include clinical data, notes, and other healthcare related information. The process for sending/receiving direct messages varies depending on the EHR vendor partnered with Updox.

Secure Messaging

This functionality allows practice/hospital users to send and receive secure messages to/from patients using the Updox Patient Portal. The process for sending/receiving secure messages varies depending on the EHR vendor partnered with Updox.

Patient Portal

This functionality enables a practice/hospital to give their patients online access to their health information, exchange secure messages with providers, and transmit clinical care summaries to other parties using direct messaging or standard email. The Patient Portal is associated with a single practice/hospital.

Costs or Fees

This product may require a one-time integration fee, monthly direct messaging subscription per address, monthly Patient Portal subscriptions per provider, and identity verification fees per attempt. The applicable costs are specified in the business contracts between Updox and its EHR vendor partners.

This product may require a one-time integration fee, monthly direct messaging subscription per address, monthly Patient Portal subscriptions per provider, and identity verification fees per attempt. The applicable costs are specified in the business contracts between Updox and its EHR vendor partners.

ONC Certified Health IT Products List (CHPL):
https://chpl.healthit.gov/

HIT Vendor: Updox
Version: 2022.0
Date Certified: 12/30/2022
Certificate #: 15.04.04.2484.Updo.20.01.1.221230
Version: 2022.1 (if using the new Updox Patient Engagement Portal)
Date Certified: 12/30/2022
Certificate #: 15.04.04.2484.Updo.21.02.1.221230

Modules

  • 170.315(b)(10) Electronic Health Information (EHI) Export (Cures Update)
  • 170.315 (d)(1) Authentication, Access Control, Authorization
  • 170.315 (d)(2) Auditable Events and Tamper-resistance (Cures Update)
  • 170.315 (d)(3) Audit Reports (Cures Update)
  • 170.315 (d)(5) Automatic Access Timeout
  • 170.315 (d)(7) End User Device Encryption
  • 170.315 (d)(9) Trusted Connection
  • 170.315 (d)(12):Encrypt Authentication Credentials (Cures Update)
  • 170.315 (d)(13): Multi-Factor Authentication (Cures Update)
  • 170.315 (e)(1) View, Download, Transmit (Cures Update)
  • 170.315 (g)(1) Automated Numerator Recording
  • 170.315 (g)(4) Quality System Management
  • 170.315 (g)(5) Accessibility Centered Design
  • 170.315 (g)(6) Consolidated CDA Creation Performance (Cures Update)
  • 170.315 (h)(2) Direct Project, Edge Protocol, and XDR/XDM

2022 Updox Real World Testing Plan
2022 Updox Real World Testing Plan Results
2023 Updox Real World Testing Plan
2024 Updox Real World Testing Plan

Electronic Health Information

The Electronic Health Information Export feature enables an authorized user to perform an export of the Electronic Health Information (EHI) in accordance with the requirements set forth in 170.315(b)(10) of the Office of the National Coordinator (ONC) 2015 Edition Health IT Certification – Cures Update program.

Download File Format:
Updox EHI Export PDF

Please use this link to access more information –
https://help.updox.com/help/tools-account-administration

Please use this link to access more information regarding accreditation and certification information like our Real-World Testing Plans & Results, EHI Export, Certificate Practice Statement, and HISP Practice Statement.
https://help.updox.com/help/tools-account-administration