Communications Compliance with 45 C.F.R. 170.403
We do not restrict the ability of users of our health IT to communicate regarding the usability, interoperability, or security of our health IT, their experiences when using our health IT, our business practices related to the exchange of electronic health information, or the manner any user uses our health IT. Confidentiality or non-disclosure provisions of agreements with users of our health IT will not be enforced with respect to communications protected by 45 C.F.R. 170.403(a)(1) and (a)(2)(i).
SES Direct Certification Details – ONC-HIT 2015 Edition Certification and 21st Century Cures Act Updates
This Health IT Module is 2015 Edition compliant and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services. SES Direct v.2.0 is additionally certified as compliant with applicable certification criteria under the ONC-ACB EHR 2015 Cures Act Updates.
Developer name: Secure Exchange Solutions
Product name: SES Direct; Product Version: 2.0
Contact information: Rebecca Elhassid; 9600 Blackwell Road, Suite 250, Rockville, MD 20850; 888.470.9913; firstname.lastname@example.org
Certification date: 2/17/2017; Certification number: 15.04.04.2315.SESD.02.0.0.170217; Certification Criterion: 170.315 (d)(1-3); (g)(4,5); (h)(2). Clinical Quality Measures tested: None Additional software used: None
Support for Encryption and MFA Standards – ONC 21st Century Cures Act Certification
SES Direct encrypts all credentials in compliance with FIPS 140-2 as required by 45 CFR 170.210(a)(2) meeting the standard required by 45 CFR 170.315(d)(12). SES Direct has available support for multifactor authentication (MFA) for all Direct Secure Messaging use cases meeting the standard required by 45 CFR 170.315(d)(13). Documentation of support for SES Direct MFA is available upon request.
Costs and Limitations – ONC-HIT 2015 Edition Certification
SES Direct users conduct health information exchange with other users of certified Electronic Medical Record systems, members of health information organizations and any other user of a trusted Health Information Services Provider (HISP) that supports the transmittal, processing and receipt of Direct messages. Direct messages may include clinical data, notes, discharge summaries, transitions of care notifications, and other health-related information. Our SES Direct offerings support related Meaningful Use requirements for sending and receiving transitions of care summary documents.
Fees to support Direct Protocol Transport (170.315.d.1-3, g.4-5, h.2) are annual subscription fees and vary based on the number of addresses required and selected software options (users may choose from a variety of web-based and integrated solutions with options that include connection through SES XDR, SES Connect web service APIs, SES Online), as well as the configuration requested for the selected software (for example, whether the software will be deployed on a dedicated or shared domain). Depending on the configuration selected, the subscription fees and maintenance costs may be based on the number of transactions. Support for integration of this certified product module with other ONC certified Electronic Medical Record systems requires license costs, including annual subscription fees and annual maintenance costs.
Our base service includes limited storage and archiving of encrypted Direct messages on our hosted, HIPAA-compliant servers with the annual licensing and subscription fee at no additional charge. Most of our users rely exclusively on this base service. However, additional fees will apply if a user wishes to host or archive Direct messages and related content (e.g. attachments, metadata) on the user’s or a third party’s server(s). Users of our web-based service are subject to storage limitations on a per account and per domain basis depending on the configuration requested. Additional fees are required for each additional block of storage.
Use of our certified module allows users to exchange messages with all third-party HISPs with whom we have a trust agreement or who are part of a trust community or trust bundle in which we participate. Under the requirements of those agreements and those trust communities, bundles and associated frameworks, and our security policy, our Direct messaging solutions are restricted and users may be unable to exchange messages with users of third-party HISPs which are outside those existing agreements, communities, bundles, or trust frameworks. Should a user wish to establish a new connection with a third-party HISP outside of these existing agreements and frameworks, the user may contact Secure Exchange Solutions support (email@example.com), and identify the third-party party HISP along with contact information for that HISP. We will establish, maintain and support technology to manage the new connection provided that the third-party HISP must agree to accept our connection and trust agreement and abide by the best practices set by industry trust communities. We will make every good faith effort to establish such connectivity within a reasonable time frame (no longer than 30 days). However, we do not warrant that we will be able to establish agreements and required connections with all third-party HISPs.
We do not impose any contractual, technical or practical limitations to the use of Direct messaging to securely communicate with other Direct messaging users other than certain limits on use of our Direct messaging solutions for certain commercial (non-clinical) messages and restrictions on connecting our Direct messaging service to third-party HISPs outside of our established trust relationships.