How Valiant Health Built a Secure and HIPAA-Compliant Clinic with OptiMantra

Odia Russette is an APRN and FNP, Advanced Practice Provider Compliance Coordinator, and co-owner of men’s health clinic, Valiant Health. 

With her strong background in healthcare compliance and patient care, she was instrumental in setting up Valiant Health’s initial security protocols and ensuring that the practice continues to operate with the highest standards of regulatory adherence and data security. Her expertise in navigating compliance challenges has been instrumental in shaping Valiant Health’s approach to safeguarding patient information without distracting from delivering high-quality, personalized care.

Valiant Health is an independent practice based in Texarkana, Texas, dedicated to providing comprehensive men's health services. Their mission is to offer personalized care that addresses the unique health needs of men in their community. By focusing on preventive measures, early detection, and effective treatment plans, Valiant Health aims to improve the overall well-being of their patients. Odia runs Valiant Health with her husband, Ron Russette.

Odia’s Challenge

‍Like many providers starting up, Odia had a million things on her to-do list as she helped launch Valiant Health - including massive renovations for their new space! - but she knew that proactively tackling data security and privacy as part of the initial set-up would help prevent much larger issues down the road.

To get started, Odia outlined several key challenges that were top of mind for her and Ron:

• Ensuring full compliance with HIPAA regulations, including privacy and security rules, for their fledgling practice - fortunately she was well-versed on those given her compliance credentials
• Implementing a robust data security infrastructure despite limited in-house IT resources.
• Selecting an EMR system that integrated seamlessly with their other security infrastructure - including their existing firewall and internet provider - while providing comprehensive security features.
• Educating new practice staff on best practices on data security and HIPAA compliance.

Planning Valiant Health’s Data Security Set-up

Odia started with some critical fundamentals - in her own words:  “I actually started with our risk assessment. Above all, we had to have both hardware and software protection which included a firewall, HIPAA compliant email and texting, a dedicated password-protected internet/wifi server, HIPAA-compliant software defender, and engineering controls such as screen privacy protectors and user-dedicated passwords."

The first few items on her checklist were:

• Putting in place the basic but necessary security hardware including firewalls, dedicated password-protected Wi-Fi, and HIPAA-compliant software defenders.
• Getting HIPAA-compliant email (through Gmail) with their own business domain
• Conducting an initial risk assessment of the business and space to determine the vulnerabilities in their process that could expose PHI 

TIP! As you finish up your basic set-up, take a fresh look at security vulnerabilities: "Take a moment to walk around your facility as if you were a visitor and look for those weak points where people who should not be able to see PHI might have access. Those vulnerable areas need to be checked and protected."

She then turned her attention to selecting the right EMR partner to house Valiant’s patient records and communications: 

• "The EMR we chose definitely needed to be one with a proven track record in HIPAA compliance that would comfortably integrate with our internet services. I cannot stress how important it is to have the right EMR system and ensure that it is compatible with your hardware, security software, firewall, and internet provider."

Finally, she made sure everyone on the team was ready to go with these new systems:

• Training staff on HIPAA compliance and data security best practices before launching was critical - "We provide team member training for new members and have a plan in place for annual training."

The Biggest Decision: Choosing an EMR

Valiant Health chose OptiMantra as its EMR system in part due to its proven HIPAA compliance and security features (and also due to its robust functionality, integrations, and affordable pricing!). 

Key aspects of OptiMantra’s system that contributed to Valiant Health’s decision included:

• Two-Factor Authentication (2FA): Providing an added layer of security to prevent unauthorized access.
  
  
• Secure IP Management: Enabling trusted locations to bypass 2FA while maintaining security.
  
  
• Access Controls: Restricting access to sensitive data such as patient charts, superbills, and analytics.
  
  
• Audit Logs: Allowing the team to monitor system access and review logs for compliance audits.
  
  
• Secure Patient Portal: Providing a safe way for patients to communicate with their providers without relying on unsecure methods like social media or text messaging. “Having the ability for people to send messages through the portal is one of my favorite tools because it’s so secure. I know that a lot of EMRs have this ability, but OptiMantra is just so user friendly. It just checks all the boxes as far as having security and safety”.

According to Odia, 

"OptiMantra really made this process much easier than I anticipated. OptiMantra is user-friendly with all the security features needed to ensure the protection of our patients' PHI. Saving secure IPs and the access controls are great features. I like knowing we can go back and check access points as this is part of a good annual audit of an organization's compliance."

Since Launch: Ongoing ‘Security Maintenance’

As important as it was to get the right initial pieces in place, just as important has been maintaining these processes over time - after all, data security is all about continued vigilance. 

For Odia and the Valiant Health team that has meant 

• Preserving the initial patient data protocols outlined over time
  
  • It’s easy to get lax with patient data and communications, but it’s critical that those stay in secure systems and on secure devices
  • You can also never do enough team training! 
• Conducting ongoing risk assessments and security training: 
  
  • "I was surprised by the ongoing hidden pitfalls, like understanding all the points of access that could be vulnerabilities.” 
  • The risks will change as your clinic, processes, patient populations, services,  front desk team, providers, or any other factors change
• Tracking system activity to ensure effective access controls (and no unauthorized system access!), and
• Staying ahead of evolving data security (more on that below!). 

How Odia Prepares Against Ever-evolving Opportunities and Threats

We asked Odia what she’s thinking about next when it comes to data security - she outlined the benefits - and risks -of AI. As Odia points out, "AI is both exciting from a benefit for clinicians and patients standpoint, but also terrifying from a cybersecurity view. We are in-depth exploring the risks because we hope to be at the forefront of utilizing AI to advance our practice." 

Valiant Health is one of the first beta partners for OptiMantra’s new AI charting integration with DeepCura.

They’ve also been using AI for their policy creation - "I do recommend to people that they look at AI when they're writing their privacy policies because AI can pull from the actual rules and give you a really great starting point and save you a lot of time. Because we did that, I used AI to help me write all of our policies and procedures." Though you also want to ensure that your policies are legally enforceable and compliant with your state-specific requirements.

By prioritizing cybersecurity from the start and partnering with OptiMantra, Valiant Health has built a strong foundation for compliance and data protection, setting an example for other independent healthcare practices.