The Medtronic Paceart® System organizes and archives data for cardiac devices across manufacturers and serves as a central repository for a patient's arrhythmia information. The Paceart System serves as a gateway through which data flows from programmers and remote monitoring systems to a clinic's electronic health record (EHR) system.
How the Paceart System Works
The Paceart System organizes relevant patient, device and programmer information to help you meet your clinic management challenges. It also provides access to trend analysis in reports, putting it right at your fingertips, so you get a quicker read on your patient's condition and device.
The Paceart System:
You'll find the Paceart system extremely adaptable. You can configure it to meet your present needs, easily adding new devices, patients or physicians. It works within the process of varied clinical environments. As you grow, the system is sophisticated and powerful enough to advance with you.
The Paceart system helps make information from varied sources available when it's needed. Paceart enhances clinic efficiency by:
Whatever device or programmer you're looking at, you'll see the information presented in a similar way – making it easy to quickly find what you want.
Medtronic's complete Paceart System includes both clinic and TTM management components.
You can configure the Paceart System to meet your present needs, so you can easily add patients or physicians. And it works within your current clinic processes. Then as you grow, the system is sophisticated and powerful enough to advance with you:
Optional CardioVoice® TTM Assistant works with our TTM Management system to provide unattended around the clock service:
While the complete Paceart System includes both clinic and TTM components, each is also available separately.
The Medtronic Paceart system is a computer software application that organizes relevant patient, cardiac device and programmer information to help clinics manage follow-up of implantable cardiac device patients. Paceart’s principal objective is to provide heart rhythm management solutions designed to allow clinicians and the cardiac device industry to optimize the care of patients with implanted cardiac devices.
The Paceart system is installed on Intel-compatible hardware running Microsoft Windows operating systems. The Paceart system uses Microsoft SQL Server for database hosting. Other components of the technical environment will include Microsoft Internet Information Server (IIS) if the provider has selected Paceart’s Web Access option.
The Paceart system creates an electronic patient record, which may contain patient-specific electronic protected health information (ePHI) data, including ECG and other monitored parameters and therapy events such as defibrillation and pacing. Patient data stored by the Paceart system can include for each patient: name, address, city and state, postal code, telephone numbers, fax numbers, Social Security number, medical record number, health plan beneficiary numbers, account numbers, certificates and license numbers, device numbers, date of admission and date of service.
The number of patient records managed by the Paceart system is dependent upon the storage capacity of the computer server hosting the ePHI data. Data are stored in a Microsoft SQL Server database.
Clinicians access ePHI via the Paceart system’s Windows-based user interface. Paceart allows the clinic’s system administrator to create and manage unique user identifications and passwords for each clinician accessing the system. User profiles controlling access to data can be created and assigned to individual user identifications and passwords. The Paceart System Administrator’s Manual details instructions for the creation and management of user identifications and passwords.
For patient care or data archiving purposes, data may be transferred from the Paceart system to another data management tool employed by the clinic. Information is transferred via Paceart’s Export Module, which creates an XML-based message that is transmitted by the clinic’s network infrastructure.
The following table represents examples of potential information security exposures associated with the Paceart system. Other information security exposures may exist depending on how this product is used within your organization.
|Security Exposures||Hostile or Intentional Activities||Non-Hostile or Unintentional Activities|
|External||The Paceart system-equipped computer is physically damaged, thereby preventing or delaying access to ePHI required for delivery of care. Theft of a Paceart system-equipped computer from the building results in ePHI being destroyed or disclosed. Physical access to the Paceart system-equipped computer permits the copying of ePHI to portable media for removal and later disclosure. The copying of ePHI data to portable media for removal and later disclosure.||ePHI is disclosed to service provider when Paceart system-equipped hardware is repaired or serviced and software support is provided. ePHI is left on Paceart system-equipped computers when equipment is retired, and a salvage company discovers patient data.|
|Internal||Employee copies ePHI to a portable media for removal and later disclosure. Employee intentionally deletes or modifies ePHI.||Employee spills liquids or causes other accidental damage to the Paceart system-equipped computer, thereby preventing or delaying access to ePHI required for delivery of patient care. Employee accidentally deletes ePHI from Paceart system database.|
These security features and recommended procedures for proper use of the system are intended to facilitate your HIPAA security compliance efforts.
|HIPAA Standard||Security Issue and Feature||Recommended Action|
Information Access Management
Paceart security features are based upon the customer’s selection of security model. There are two options. The first option utilizes the Microsoft SQL Server security model. The second option utilizes the Microsoft Windows security model. Both models provide for controlling access to the Paceart system application and ePHI. Both models allow for audit logging capabilities. Use of the Microsoft Windows security model allows for the use of Microsoft Windows security groups and logging.
To help prevent improper disclosure or loss of ePHI, installation of the full version of Microsoft SQL Server with use of the Microsoft Windows security model is recommended. This will permit the use of Windows event logging to track user activities. This will also permit the use of Windows groups for role-based administration of user access.
Paceart provides for the backup and recovery of ePHI using either the standard Microsoft SQL Server utilities or the backup capabilities of the Windows server. Data backups can be used to store ePHI on portable media or clinic-based storage systems.
Clinics should establish polices, standards, and procedures for the backup and recovery of ePHI.
Protection from Malicious Software
Paceart relies on the security controls implemented for the hosting platform on which it is installed. Customers are responsible for providing a secure platform on which the Paceart system can operate.
Clinics should install anti-virus software on the computer used to process and manage ePHI used by the Paceart application. The procedure should call for the timely updating of virus definitions. Security updates to the operating system are recommended upon consultation with Paceart Technical Services.
|HIPAA Standard||Security Issue and Feature||Recommended Action|
The Paceart system allows for the storage of electronic patient data on either a local workstation or a network-enabled server. In either case, the Paceart System utilizes Microsoft SQL Server to host the data. The Paceart system workstation client connects via ActiveX Data Objects (ADO [SQLOLEDB]) to the Microsoft SQL Server database, whether that database resides directly on the local workstation, on the clinic’s network, on a Virtual Private Network (VPN), or on a remote network accessed through dial-up. Customers are responsible for ensuring access to Paceart system-managed ePHI is secure.
Implement policies and standards for physical security for those workstations used to interface with the Paceart database, either on a local workstation or server environment.
|HIPAA Standard||Security Issue and Feature||Recommended Action|
Microsoft SQL Server is used to provide database support for the Paceart application. The Paceart application can provide for the use of unique user accounts and passwords in conjunction with either the Microsoft Windows security model or the Microsoft SQL Server security model. The Microsoft Windows security model provides additional benefits in the form of coordination with Microsoft Windows security groups, Microsoft Windows password policies and Microsoft Windows event logging.
Clinics should administer user access procedures consistent with the customer’s policies, procedures and standards for administration of applications and systems that maintain ePHI.
The accuracy and completeness of the Paceart system’s data depend in part on the policies and standards implemented on the host operating system. Risk to Paceart stability can be introduced from weak local security policies on the host platform. Security patches to the OS should be applied after consult with Medtronic Paceart Technical Services.
Implement policies and standards to secure and protect the host operating system on which the Paceart client application is to be operated.
This page provides a description of certain security features of the Paceart system. In addition, it provides recommended actions and suggested controls that may help you mitigate or otherwise address the information security risks that are associated with the product's use. However, these security features, recommended actions, and suggested controls may not ensure that all security incidents can be avoided, such as those related to the inadvertent or the unauthorized disclosure, deletion, or modification of a patient's health information. In addition, this document is not intended to provide, and should not be relied upon as, a comprehensive description or an exhaustive list of recommended actions and controls. As a result, your organization may need to implement additional actions and controls, depending upon your particular security requirements and needs.
If you use the Paceart® System together with the CareLink® Network, you were used to entering patient remote schedules two to three times into different systems. Now that's over.
CareLink and Paceart schedules are integrated to offer One-Stop Scheduling. Enter your CareLink appointments in the Paceart System or the CareLink Website, and you're done. Scheduling information is automatically shared between the systems, making your life simpler, more efficient.
If you use Paceart HL7® connectivity, you can schedule in your EHR or master scheduling system and the appointment transfers automatically to Paceart, CareLink, and the device. The following tutorial demonstrates how easy One-Stop Scheduling is:
Connecting implanted cardiac device data to the electronic health record (EHR) and into a personal health record (PHR) via a single, easily managed interface can help healthcare practices maximize efficiency in the workflow, potentially saving significant time and money.
The following study, conducted at The Ohio Heart and Vascular Center, showed a 9-minute per patient time savings in the clinic workflow processes1 when a device follow-up system is integrated into a clinic's EHR.
The Medtronic Paceart® System is the only device follow-up system on the market that integrates demographics, scheduling, and device data all in one place - providing a single solution for all device data and unmatched EHR coverage.
Paceart Time Study (PDF, 155 KB)
IHE is an initiative by healthcare professionals and industry to improve the way computer systems in healthcare share information. IHE goals are:
IHE Integration Statements describe how systems should be designed to interoperate. They identify the specific IHE capabilities a given product is designed to support in terms of the key concepts of IHE: Actors (a role that a given system performs) and Integration Profiles (integration function). The Medtronic IHE integration statement (PDF, 13 KB) describes how Medtronic’s data connectivity technology has implemented the IHE technical framework.
Medtronic participates on the Implantable Device Cardiac Observation (IDCO) committee, and successfully completed the IHE Connectathon testing of the IDCO profile in January of 2010. In this round of testing, Medtronic connected with EHR vendors including Epic, General Electric, NextGen, and Medical Micrographics.
Medtronic showcased its complete data connectivity solution at the Health Information Management Systems Society (HIMSS) annual conference in March of 2010. As the only cardiac device manufacturer participating in the Interoperability Showcase, Medtronic displayed its ability to connect cardiac device data to an Electronic Health Record (EHR).
Paceart System and EHR Integration, conducted by Validus Consulting, Inc. at The Ohio Heart & Vascular Center, Cincinnati, Ohio October 2008.