My ACP Decisions Overview and Security Primer
This article provides an overview of the My ACP Decisions platform, its core tasks, and how it handles information to accomplish those tasks.
The My ACP Decisions Platform consists of API web services, a front end web application, and a mobile app for iOS and Android.
My ACP Decisions platform provides an easy way for clinicians to share videos and documents from the ACP library with patients. In its simplest form, the My ACP Decisions platform generates a unique URL each time a clinician shares content with the patient. When a patient visits this URL, the system tracks whether or not the patient has viewed a video or opened a document without collecting PHI.
The steps to this process are as follows:
- The clinician selects one or more videos or documents from the library.
- The clinician confirms their order, which generates a unique code.
- The clinician shares that unique code with the patient.
- The patient enters the code at home on the website myacpdecisions.org or or using the ACP Tools app for iOS or Android.
Note: At no point is any PHI collected by the system from patients. All a patient has to do is enter their unique anonymous code.
Critical vs Non-Critical Systems
My ACP Decisions is not a mission critical system like an EMR. Its core function is browse the diverse library of ACP Decisions content and to generate links to share that content.
Analytics, Reporting, Event Collection
It is important that the clinician be able to verify that a patient has viewed the content previously prescribed. The clinician is provided a history of the previously ordered content. By searching the patient's code, the clinician is able to see any attempts to view the content associated with the patient's code.
- If a code has been entered and the legal agreement has been accepted by the patient, the code is considered redeemed.
- If more than 80% of a video has been watched, it is considered viewed.
- If a document has been opened, it is considered viewed.
- When all content has been completely viewed, the overall status of the order is marked complete.
Note: Our system does not collect or store any PII for PHI when logging these events.
Administrators are responsible for inviting new administrators and clinician users to the system. Administrators are invited using their employee email address.
There are two ways an organization can enroll clinicians into the platform:
- Individualized Clinician Logins: An administrator enters the clinician's name and work email address. It is up to the clinician to set their own password.
- Simple Clinician Logins: An administrator creates a simple username with a simple password. This is designed to be used by one or more clinicians.
Optionally, when using simple clinician logins, an administrator can associate 1 or more employee emails with a shared username. These emails are used to announce if the password has changed. The ability to associate these emails can be disabled if your policy does not allow entry of employee email addresses.
If employee email addresses are used in either of the two approaches above, the My ACP Decisions system will store work email address of the clinician and administrator. See below for more details on how we store and treat sensitive information.
- All traffic transmitted by My ACP Decisions Platform is encrypted over HTTPS and SSL.
- Clinician's names and email addresses are encrypted at rest in the database.
- My ACP Decisions servers operate in a shared cloud environment (Rackspace).
- Multiple layers of monitoring at the server, web application, and domain levels are used to detect and protect against the intrusion, denial of service attacks, and other bad actors.
- We use name, email, and usernames to provide the following services:
- Authentication (Signing In and Out)
- Reports on the Utilization of the Content Library
- Reports on Code Usage
- Providing Clinicians a History of Codes They Have Issued
Techniques for Minimizing Employee Data Entry
If you prefer not to enter employee data while using the platform, we recommend the following options:
- Use the simple clinician login approach instead of the individualized login for adding clinicians;
- ACP Decisions can disable the ability to associate email addressed when using the simple clinician login approach;
- Use non-identifying nicknames and usernames when issuing accounts
If the workarounds outlined above still do not comply with your organization's policy and security practices, ACP would be prepared to introduce features that auto generate usernames and passwords in a de-identified manner (which would not require entry of names, usernames, or email address). For example, a newly issued clinician account might have the name “Memorial Health Clinician 1” and the username “memorialacp1”.
Alternatively, ACP Decisions could pursue an SSO integration compatible with your organization's requirements assuming coordination with your IS/IT teams.
Some organizations may need to integrate My ACP Decisions with their EMR. My ACP Decisions allows an outside system to order content (generate codes). Each time in order is confirmed, the EMR has the opportunity to record the the unique code in the patient record. If the EMR needed to display the status of the order at a later date, it can ask the My ACP Decisions API for a status update.
Throughout this process, the My ACP Decisions API has no opportunity to collect PHI or PII.