Policies and disclosures

Introduction

Learn about our product certifications, as well as industry certification standards.

Corepoint Promoting Interoperability (formerly Meaningful Use)

Corepoint Integration Engine has successfully passed 2015 Edition EHR certification, which can be used to comply with Promoting Interoperability (formerly Meaningful Use). The following versions of Corepoint Integration Engine are certified for the 2015 Edition:

  • v7.2, 15.04.04.1291.Core.71.03.0.181231
  • v7.1, 15.04.04.1291.Core.71.02.0.180727
  • v7.0, 15.04.04.1291.Core.07.01.0.171231
  • v2016.3, 15.04.04.1291.Core.16.0.0.170327

Criteria which Corepoint Integration Engine has successfully passed include:

  • 170.315.d.1 Authentication Access Authorization
  • 170.315.d.2 Auditable Events Tamper Resistance
  • 170.315.d.3 Audit Reports
  • 170.315.d.5 Automatic Access Time-out
  • 170.315.d.6 Emergency Access
  • 170.315.d.7 End User Device Encryption
  • 170.315.d.8 Integrity
  • 170.315.d.9 Trusted Connection
  • 170.315.f.1 Immunizations
  • 170.315.f.2 Syndromic Surveillance
  • 170.315.f.3 Reportable Labs
  • 170.315.g.4 Quality Management System
  • 170.315.g.5 Accessibility Compatibility Technology

Rhapsody Promoting Interoperability (formerly Meaningful Use)

ONC Health IT CERTIFICATION (2015 Edition)

Rhapsody Integration Engines 6.4 through 6.6 achieved Office of the National Coordinator for Health Information Technology (ONC-Health IT) 2015 Edition Health IT Module Certification via Drummond Group LLC, an Authorized Certification Body (ACB) that has been empowered to test software for compliance with the requirements of the US federal government’s program. The stamp of approval designates that the software offers the functionality that enables eligible providers and hospitals to meet the requirements of various regulatory programs that require use of certified EHR technology.

This EHR Module is 2015 Edition compliant and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.

The completed certification covers the following Health IT modules:

170.315(d) Privacy and Security

  • 170.315 (d)(1): Authentication, Access Control, Authorization
  • 170.315 (d)(2): Auditable Events and Tamper-Resistance
  • 170.315 (d)(3): Audit Report(s)
  • 170.315 (d)(5): Automatic Access Time-out
  • 170.315 (d)(6): Emergency Access
  • 170.315 (d)(7): End-User Device Encryption
  • 170.315 (d)(8): Integrity
  • 170.315 (d)(9): Trusted Connection

170.315(f) Public Health

  • 170.315 (f)(1): Transmission to Immunization Registries
  • 170.315 (f)(2): Transmission to Public Health Agencies – Syndromic Surveillance
  • 170.315 (f)(3): Transmission to Public Health Agencies – Reportable Laboratory Tests and Values/Results
  • 170.315 (f)(4): Transmission to Cancer Registries
  • 170.315 (f)(5): Transmission to Public Health Agencies – Electronic Case Reporting
  • 170.315 (f)(6): Transmission to Public Health Agencies – Antimicrobial Use and Resistance Reporting
  • 170.315 (f)(7): Transmission to Public Health Agencies – Health Care Surveys

170.315(g) Utilization

  • 170.315 (g)(4): Quality Management System
  • 170.315 (g)(5): Accessibility-Centered Design

Rhapsody Integration Engine

  • Certification for Rhapsody Integration Engine version 6.4 was officially achieved on September 18, 2018. CHPL Product Number: 15.04.04.2113.Rhap.64.00.0.180918
  • Certification for Rhapsody Integration Engine version 6.5 was officially achieved on January 2, 2020. CHPL Product Number: 15.04.04.3043.Rhap.65.01.0.200102

The additional software relied upon to comply with one or more of the certification criteria include:

  • Microsoft SQL Server

The following additional costs are required in order to implement:

  • Costs include initial software license, annual software support/maintenance, and optional services implementation fees for projects requiring Lyniate assistance.

Corepoint Intended Use Disclosure Statement

Corepoint® Integration Engine is intended only for the electronic transfer, storage, or display of medical device data, or the electronic conversion of such data from one format to another in accordance with a preset specification as specified in the product manual and/or related documentation. Corepoint Integration Engine is not intended to be used for active patient monitoring, controlling or altering the functions or parameters of any medical device, or any other purpose relating to data obtained directly or indirectly from a medical device other than the transfer, storage, and conversion of such data from one format to another in accordance with preset specifications.

InterOperability Bidco, Inc., doing business as LyniateTM, its affiliates and subsidiaries makes no warranties and the functionality described within may change without notice.

Corepoint® is a registered trademark of InterOperability Bidco, Inc., manufactured in the United States, by InterOperability Bidco, Inc. All other trademarks displayed in this document are the property of InterOperability Bidco, Inc., doing business as LyniateTM, its affiliates and subsidiaries or their respective owners, and may not be used without written permission of the owner. Corepoint Integration Engine is not intended to be used for diagnostic purposes, or to replace clinical judgment or responsibilities. All patient information shown in any imagery is for representation and demonstration purposes only and is not related to a real patient.

Copyright © 2021 InterOperability Bidco, Inc. doing business as LyniateTM group of companies | All rights reserved | www.lyniate.com

Rhapsody Intended Use Disclosure Statement

Rhapsody® Integration Engine is intended only for the electronic transfer, storage, or display of medical device data, or the electronic conversion of such data from one format to another in accordance with a preset specification as specified in the product manual and/or related documentation. Rhapsody Integration Engine is not intended to be used for active patient monitoring, controlling or altering the functions or parameters of any medical device, or any other purpose relating to data obtained directly or indirectly from a medical device other than the transfer, storage, and conversion of such data from one format to another in accordance with preset specifications.

InterOperability Bidco, Inc., doing business as LyniateTM, its affiliates and subsidiaries makes no warranties and the functionality described within may change without notice. This EHR Module is 2015 Edition compliant and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.

Rhapsody® is a registered trademark of InterOperability Bidco, Inc., manufactured in New Zealand, by InterOperability Bidco, Inc. All other trademarks displayed in this document are the property of InterOperability Bidco, Inc., doing business as LyniateTM, its affiliates and subsidiaries or their respective owners, and may not be used without written permission of the owner. Rhapsody Integration Engine is not intended to be used for diagnostic purposes, or to replace clinical judgment or responsibilities. All patient information shown in any imagery is for representation and demonstration purposes only and is not related to a real patient.

Copyright © 2021 InterOperability Bidco, Inc. doing business as LyniateTM group of companies | All rights reserved | www.lyniate.com

Lyniate Responsibly Disclosure

Lyniate supports the responsible disclosure of security vulnerabilities, as it is one of our top priorities to protect the privacy of our customer and patient data.

We ask that if external parties find any sensitive information, potential vulnerabilities and/or weaknesses that they please help by disclosing it to us in a responsible manner.

We request that parties do not engage in any of the following:

  • Attempts to modify/destroy/corrupt other users data.
  • Attempts to (D)DoS Lyniate products, services or applications.
  • Any violations of applicable law.
  • Accessing other users’ account details or any other user’s private information PHI.

We may ask parties to destroy any information they hold that does not belong to them, after we have confirmed the vulnerability. This includes Protected Health Information (PHI) or Personally Identifiable Information (PII), and any other information we deem a threat to the security of our customers.

Customer Security:

Since we deal with PHI and PII we require that any such information is transmitted and/or stored securely. We request that details of any PHI/PII or the disclosed vulnerability not be disclosed to any third parties or to the public to the extent legally possible.

Bug bounty:

We do not currently have a paid bug bounty program.

Commitment:

Reports submitted to Rhapsody in good faith, and pursuant to this process, will result in Rhapsody’s commitment to the following:

  • We will acknowledge any person who responsibly discloses bugs/vulnerabilities in our products or infrastructure in the product change logs/release notes, unless they choose to remain anonymous.
  • Any information shared with us will be kept confidential within Rhapsody where permitted by law.

HL7 and FHIR

®Health Level Seven, HL7, FHIR and the FHIR [FLAME DESIGN] are registered trademarks of Health Level Seven International, registered with the United States Patent and Trademark Office. The use of these trademarks does not reflect HL7’s endorsement.