Application Overview
Vertex Medical Solutions develops V.O.S.S. (Vertex Online Scheduling and Submission), a comprehensive anesthesia practice management platform used by anesthesiology groups across the United States. The platform handles provider scheduling, case management, billing, and claims submission.
The Epic FHIR integration extends V.O.S.S. with automated access to clinical and administrative data already captured in a facility's Epic EHR, eliminating redundant manual data entry and reducing transcription errors for anesthesia teams.
Authentication: SMART Backend Services (OAuth 2.0 client_credentials with signed JWT)
FHIR Version: R4 (4.0.1)
End Users: Anesthesiologists, CRNAs, and practice administrators — no direct patient access
How V.O.S.S. Uses Epic Data
Patient Demographics (Active)
When an anesthesia provider completes a case at an Epic-integrated facility, V.O.S.S. retrieves the patient's demographic, insurance, and guarantor information from Epic. This data pre-populates the billing record, replacing manual entry from paper face sheets.
- Patient demographics — name, date of birth, gender, address, phone, SSN (last 4), MRN
- Insurance coverage — primary and secondary payer, policy number, group number, subscriber
- Guarantor — name, address, phone, relationship to patient
OR Schedule (Planned)
V.O.S.S. will retrieve upcoming surgical schedules to pre-populate the daily anesthesia schedule with patient, surgeon, procedure, and time information. This supports both:
- Sole-provider facilities — auto-create anesthesia cases from the OR schedule
- Shared facilities — enrich existing manually-entered cases with confirmed times, rooms, and surgeon details
FHIR Resources Accessed
| FHIR Resource | Operations | Purpose | Status |
|---|---|---|---|
| Patient | Read, Search | Look up patient by MRN; retrieve demographics | Active |
| Coverage | Read, Search | Retrieve active insurance coverage for patient | Active |
| Account | Read, Search | Retrieve guarantor and billing account information | Active |
| Appointment | Read, Search | Retrieve scheduled surgeries and OR appointments | Planned |
| Practitioner | Read, Search | Resolve surgeon and provider references | Planned |
| Location | Read, Search | Resolve facility and OR room references | Planned |
V.O.S.S. performs read-only access. No data is written back to Epic at this time.
Data Handling and Privacy
- Data is accessed only at the point of care. Demographics are pulled only when a provider completes a case at a configured facility. There is no bulk data export or background synchronization of patient records.
- Identity verification. Before applying retrieved data, V.O.S.S. verifies the patient's last name and date of birth match the case record to prevent cross-patient data contamination.
- Minimum necessary standard. Only the data elements needed for anesthesia billing are retrieved. V.O.S.S. does not access clinical notes, lab results, medications, allergies, or other treatment data.
- Existing BAA coverage. V.O.S.S. operates under a Business Associate Agreement with each client group. FHIR-retrieved data is stored in the same HIPAA-compliant infrastructure as manually-entered patient data.
- Per-facility configuration. Each facility's integration is independently configured and can be activated or deactivated by a group administrator at any time.
- No patient-facing access. V.O.S.S. is used by credentialed providers and administrators only. Patients do not interact with the system directly.
Security
Encryption in Transit
All FHIR API calls use TLS 1.2+. No patient data is transmitted over unencrypted channels.
Encryption at Rest
Patient data is stored in AWS RDS with AES-256 encryption. Backups are encrypted.
Authentication
RSA-signed JWT assertions (RS384) for token acquisition. Private keys stored securely on the application server with restricted file permissions. Access tokens are short-lived and cached only in memory.
Audit Logging
All FHIR API calls are logged with timestamps, facility, patient identifiers, and response status. Schedule modifications are tracked in a comprehensive audit table.
Access Control
Only authenticated administrators can configure EMR integrations. Provider access is role-based and group-scoped.
Error Isolation
FHIR API failures are logged and reported but never block clinical workflows. Case completion proceeds regardless of EMR connectivity status.
ONC Health IT Certification Criteria Applicability
V.O.S.S. is a specialized anesthesia practice management system that functions as a consumer of FHIR data from certified EHR systems. The following ONC certification criteria (45 CFR 170.315) are addressed as applicable to our integration:
| Criterion | Applicability |
|---|---|
| (d)(1) Authentication, access control, authorization | Implemented. Role-based access with session management and group-scoped permissions. |
| (d)(9) Trusted connection | Implemented. TLS 1.2+ for all FHIR API communication. SMART Backend Services OAuth 2.0. |
| (d)(10) Auditing actions on health information | Implemented. All FHIR calls and data modifications logged with user, timestamp, and action. |
| (d)(13) Multi-factor authentication | Not applicable. V.O.S.S. is a backend system; FHIR access uses certificate-based machine authentication, not user-interactive login. |
| (g)(7)-(g)(10) Application access / Patient selection / Data export | Not applicable. V.O.S.S. does not provide a patient-facing portal or expose APIs for patient data access. It consumes data from the facility's certified EHR. |
Criteria related to clinical decision support, computerized provider order entry, e-prescribing, and clinical data exchange are not applicable as V.O.S.S. does not perform these functions. V.O.S.S. operates downstream of the facility's certified EHR system for billing and scheduling purposes only.
Support and Contact
For questions about this integration or to request technical documentation:
- Company: Vertex Medical Solutions
- Website: www.vertexmed.com
- Support Email: vms_admin@vertexmed.com