Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: Yes.
Recommend for your HIPAA risk management needs?: Yes.
# of Caveats: 0 view caveats→
# of Usage Notes: 9 view notes→

Relevant Product Characteristics

  • This product is designed specifically with mental/behavioral health professionals in mind.
  • The leadership or management behind this product includes at least one mental/behavioral health professional.

What Is This Product?

WRS Health provides practice management systems that can be customized according to both desired features and care speciality. WRS also has the capability to custom build features based on the needs of the user. This cloud based EHR is robust and feature rich. The behavioral health version is known as “psychiatry cloud” and does allow for electronic prescribing, including for controlled substances. WRS provides EHR features such as patient portal communication, scheduling, text and voice reminders, payment management, medication management tools, MIPS and MU tracking for medical providers, and website integration.

WRS Health has a strong company culture that promotes security and privacy and provides high levels of customization to facilitate security settings, client communication, and user access levels. The EHR provides significant reporting on security audit, access and usage logs — a functionality that is often anemic in the majority of practice management systems.

WRS has numerous ancillary products and services that you can integrate into your practice, such as kiosk sign-in and copay collector for waiting rooms and an electronic pen that allows you to digitally upload forms that a client handwrites — which is great for standard forms and intake paperwork.  Additional services include a remote clinical assistant and scribe that will prepare for and document encounters, follow up on patient education, prescription submission and order tracking to coordinating follow-up activities. Medical billing services can also be contracted.

This platform would function well for integrative clinics who need features that work for multiple types of clinicians and larger groups who have multiple physical locations and staff that perform functional admin roles.  WRS Health is well suited to support the needs of a large group practice, or for a busy solo practitioner with a support staff in particular need of e-prescribing functionality.  The abilities for customization would make this a great fit for mixed practices who provide both medical and mental health services.

The features may be a bit robust for most solo practitioners, so the cost/benefit may not be worthwhile for individual clinicians who do not require all the features and for whom the features don’t translate to cost-savings in support staff hours.

The company will provide extensive support, training, and customization depending on the needs of the practice and will work to provide solutions unique to your practice needs.  They offer over 500 chart note templates — and if you need a different one, they will make it for you.

Caveats

Caveats are criticsms of the company or product that we feel are relevant to your risk management or other important considerations.

None

Notes

Notes cover points where the product can’t ensure compliance or ethical action for you. These help you know what your part of the compliance puzzle looks like when using this product. A high note count usually correlates with a feature-rich product, and not necessarily with a product that has problems.

1) Be sure to complete the BAA

Business Associate Agreements are issued when you sign the contract and before you import any data. Be sure to sign and return the BAA so that it is fully executed. 

 

2) Set a strong password (and consider using a password management program)

WRS does not support 2 factor authentication, so we recommend changing the settings of the password from the standard 8 characters required by the system to a passphrase containing at least four words and unique to this system. We would highly recommend pairing with a password management system to enable a complex passphrase and regular changing of the passphrase.

3) Be mindful of how you use the secure messaging portal

WRS includes integrated secure messaging; this is where you send a client an email that doesn’t contain the actual message and they have to log into a portal to retrieve it (escrow method.) Be aware that the message does, by default, include the name of your practice and your practice “branding.” WRS does offer the ability to remove this branding and have a generic message sent instead. Determine if this option is better for the risk management needs of your practice and client population.

4) Perform collaborative risk analysis and obtain informed consent before entering client’s email address into demographics

When you enter a client’s email address into the system when entering demographics, the welcome email to the portal is non-optional and will immediately send.  Be sure to perform a collaborative risk analysis with the client to determine the safety. After the initial email, there are options for both the provider and the client to restrict messages sent to the client. You can manage the initial email by alerting the client of its upcoming receipt, or not entering the email into the demographics field.

 

5) Avoid sending unsecured appointment reminders or payment notifications without proper collaborative risk analysis

We know you hear us say this in many other reviews, but it bears repeating no matter the tool we’re discussing.

WRS Health offers appointment reminders by email, SMS text message, and voice. It can also send other notifications with the option of including specific diagnostic information.

Be sure to have an informed consent discussion with your clients before sending them email, SMS text, or voice notifications. We recommend being very explicit with your clients around contact methods for both appointment reminders and billing.

Remember that when using conventional email or text messaging, you need to determine if simple opt-out is sufficient for your ethical and legal needs. Read our article on unsecured communications here for some guidance to help you decide what you need to do to around appointment reminders to stay legal and ethical in your practice. It is also covered in Engaging in HIPAA Security and Digital Confidentiality as a Mental Health Professional, Module 4: Using Email, Text, Phone, and Video in a HIPAA-Compliant Manner.

If it turns out that unsecured email or text communications are legally-ethically workable for you, WRS Health executes a Business Associate Agreement with you, which makes it legal for them to send those emails or texts on your behalf.

6) Be sure you are following simple security measures like using appropriate passwords and computer/device security

It’s important to make sure whatever device you’re using to access WRS is secured against threats to privacy. Our HIPAA Investigation Repellent course covers smartphone security in detail. Our video on how to use the security features of your smartphone is also quite helpful.

7) Don’t change chart note setting to share notes with clients automatically

Because this systems interface is designed to span medical to mental health, there are settings that will automatically share chart notes with clients.  The system’s default setting is that chart notes are not automatically shared, do not change this setting unless you have reason.

8) Review and set user access settings according to need/appropriateness

Chart notes can be kept private to just location (since there is the ability to have multiple locations under one umbrella) or by practitioner. Chart access can be completely locked. If you have more than one clinician in your practice who has access to the same clients’ files, lock your client progress notes once you’ve completed them. Locking the note will help make sure it remains clear who created and edited the note. Another way to mitigate the risk of another clinician overwriting or changing progress notes is to be cautious about the permissions you assign to other clinicians or non-clinical staff.

 

9) Make sure ancillary features are governed by comprehensive security policies and procedures

The programs’ ancillary features, such as the check-in kiosk, will need to be governed by security policies and procedures that specify how the physical and technical security is established and maintained for the devices facilitating those features and functionality. E.g. the device must only be connected to secure and authorized/permitted WiFi and network connections.

The ancillary features of WRS Health, such as the electronic document pen, do not pose the risk of additional compliance issues if use follows the relevant specifications of a comprehensive physical and technical device security policy and respective procedures. The pen itself will automatically send written information, such as intake documents, and upload them to the appropriately designated chart. No data is retained within the pen device itself, meaning the pen operates as a conduit.