About Care Orchestrator

Care Orchestrator allows home care providers and physicians to manage patient information. The software provides a central data management system that tracks patient progress, collects, and analyzes compliance and therapy data, and provides valuable reports about the data. The system is accessed through a supported Web browser, thereby enabling anytime, anywhere access to patient data. Automatic scoring or diagnosing of a patient's therapy data is not performed by this software.

Care Orchestrator is highly secure to help meet requirements for HIPAA compliance and privacy laws. This includes access security as well as the security and privacy of transmitted data.

Note: Care Orchestrator should only be used with compatible Philips therapy devices.

Indications for Use Statement

Care Orchestrator is intended to support clinicians by tracking data on patients who are prescribed compatible therapy devices in accordance with the intended use of those therapy devices. Care Orchestrator provides remote patient data collection and viewing and is intended to be used by healthcare representatives (e.g., Physicians, Clinicians, Clinical Users / Clinical Assistants, Durable Medical Equipment providers) in conjunction with compatible non-life support therapy devices to adjust prescription and/or performance settings. Care Orchestrator allows read-only access to patients. Care Orchestrator is intended to be used in hospital, institutional, provider, and home care settings.

Security and Privacy Controls Used by Care Orchestrator

Care Orchestrator uses strong encryption algorithms to provide a secure and protected environment.

By default, Care Orchestrator includes provisions to limit and control access to the system. These settings are configurable and include the following:

Username and password protection
Auto Logoff
Account lock out
Role definition
Role based function access

Philips Respironics offers Care Orchestrator as a service to its customers. Each customer has the ability to access the data and the option to create "users" who can also access the data.

Care Orchestrator provides an optional Federated Identity Management capability to support Single Sign On. Organizations which require Multi-Factor Authentication (MFA) are recommended to opt-in to the Care Orchestrator Federated Identity Management capability. Please contact your Philips representative for information.

Care Orchestrator checks data input into any user input fields and detects if the data contains HTML elements. When HTML elements are detected, the system strips out the HTML elements and leaves any plain text in the input field.

How to Report a Security Incident

Philips Security information can be found at https://www.philips.com/security. Reference Product Support for information on reporting a security issue.

How to Maintain a Private and Secure Environment

Philips Respironics suggests that you adhere to the following recommendations for maintaining the privacy and security of your work and IT network environment.

Maintaining a Secure Working Environment

Always log out and close your browser(s) when leaving your workstation.
Install and maintain regular updates and security patches to your computer’s operating system and networked computers in a timely manner.
Install and maintain regular updates of anti-virus and malware software according to local IT policies and procedures.
When changes are made to your IT network, hardware and software environment, ensure that all pre-existing connectivity and interoperability are complete and correct before resuming interactions with Care Orchestrator.
The PC installed with Care Orchestrator Data Card Server is to be used in a health care setting, and may be part of your organization's IT network. Maintain the hardware, all software components, and IT network on which this software is installed according to local IT policies and procedures.
Ensure that you download the most recent version of the Data Card Utilities when prompted.
Care Orchestrator does not automatically clear the screen, which may contain patient data. You may adjust your computer’s screen saver settings to automatically or manually clear the screen and to require a login when restoring the screen.
Anytime you store patient information on external media, the media should be protected appropriately (i.e., stored securely).
Ensure that Microsoft Windows or supported operating system is configured using the best security practices possible including but not limited to:

Require a username and password to access the PC.
Maintain a strict password policy with respect to expiration, failed login at-tempts, password strength/complexity and password re-use.
Hide password characters during entry (by default).
Configure auto log off after some period of inactivity.
Provide access to only user roles authorized to view or edit patient demographic and prescription information.
Access to your PC’s BIOS should be password protected.

Maintaining a Private Working Environment

While using any software that displays and maintains patient information, follow these guidelines to protect your work area and to guard against unauthorized access to patient information.

Lock your PC (Windows Key + L) to protect your data when you leave the work environment.
Blank or lock the display automatically after a period of inactivity when non-authorized users have access to your work environment.

Use of Removable Media

Removable media can be a source of a malware or a virus. Ensure that media is scanned using your locally installed anti-virus software before uploading any data into Care Orchestrator.

Ensure you are running the most recent version of the Care Orchestrator Data Card Utilities.

Contraindications

No known contraindications.

Cautions

All users should be aware of personal data displayed on Care Orchestrator screens, forms, and reports.
Federal law restricts this device to sale by or on the order of a physician.

Warnings

Care Orchestrator should not be used to diagnose the condition of the patient.
Care Orchestrator is not a substitute for direct patient monitoring.
The data provided in Care Orchestrator is only one of several elements to consider when evaluating the effectiveness of the therapy.
Prescription changes should only be made on the order of a licensed physician.
Creating or changing a prescription should only be completed by a trained medical professional.
A patient’s prescription should be verified as correct before transferring it to the patient's therapy device.
Associated therapy device manuals should be read and understood prior to viewing compliance data or changing a patient’s prescription.
System access features should not be disabled. These features provide a secure work environment to reduce the probability of unwanted access to the system. Users are responsible to follow the policies and procedures that govern their business practices when altering security settings.
Removable media (i.e., an SD card or USB drive) should never be removed from the reader during data transfer to or from the card. Users should wait for the confirmation message to display following the read/write operation.
Timely assignment (and de-assignment) of a device serial number will reduce the potential for issues when re-using devices between patients.
Data originating in Care Orchestrator, and transferred to removable media, downloaded and/or printed, contains sensitive personal data, and should be treated in a confidential manner. It is your responsibility to control the use and distribution of these outputs to only authorized individuals.