Health care organizations making the transition from paper workflows to electronic workflows are well aware it can be an arduous process. The health care industry has seen its fair share of success stories and failures, both of which make headlines to the glee or dismay of those involved. Purchasing an electronic health record (EHR) system
Learn more about purchasing an EHR system
Web-based EHR may make sense for some providers
What is EHR technology, and why is it important?
How Web-based EHRs for iPads, smartphones are driving health IT adoption
While some hospitals, practices and solo providers will elect to go the route of a Web-based EHR, others will choose a more traditional client-server system. This article examines the implications of both, and also offers insight from experts who have been on the frontlines of EHR purchasing.
Deciding between Web-based, self-housed EHR system hinges on functionality
Purchasing an EHR system that gives caregivers the opportunity to increase care quality without compromising workflow is ideal. Caregivers are always looking to develop better communication among one another, improve information accessibility and detail the progress of treatment to name a few clinical goals. The question -- can a newly purchased system include the EHR technology features needed to achieve the aforementioned goals?
"I would chose a product based on its clinical functionality," said Bob Murry, CMIO at Hunterdon Medical Center in Flemington, N.J., adding that "meeting the clinical needs of the organization" is the most important factor in deciding which system should be purchased. This will require organizations to assess workflow, determine best practices for care delivery and see which processes can be omitted entirely thanks to EHR implementation.
If the application service provider or hosting company is chosen and vetted correctly, their security is likely more reliable than that provided by a typical healthcare organization.
Bob Murry, CMIO, Hunterdon Medical Center
Furthermore, Murry contended that organizations need to ask themselves key questions before doling out finances, such as determining whether they want to set up and maintain the resources needed to host a system, or if they are willing to outsource -- and at what price.
Additionally, if the organization already has an EHR system but plans to purchase a new one, Murry urges the organization to examine how "similar the architecture of the new system [is] to those the organization already hosts or maintains." Answering this question can address EHR integration challenges and avoid the same challenges brought about from previous purchases.
For example, if a hospital seeks the functionality to access patient data on tablets and smartphones, a Web-based EHR system is a viable option because of its portability. "Flexible access and workflows" is a plus for caregivers, Murry said.
However, he added, EHR technology is always developing. In other words, portability alone should not be the end all, be all reason for purchasing a Web-based EHR. "Most mature EHR systems are only now developing mobile solutions, so don't let a slick new EHR iPad app steer you away from a tried and true established EHR," he said.
EHR vendor security a key question facing hospitals, physicians
In 2011, health care organizations in all 50 states experienced some type of data breach, some the result of EHR system hacks. When patient data and financial information are n is leaked to the public, the organization responsible faces stiff penalties and fines.
Security and privacy play a large role in EHR system purchasing; as a result, there are a number of factors to consider before making a purchase.
Since the hosting vendor handles application maintenance and is responsible for porting data to the cloud, Web-based EHR systems may appeal to smaller practices and solo physician offices. Some organizations welcome the idea of outsourcing these tasks, particularly if they believe doing so is a safer bet.
"If the application service provider or hosting company is chosen and vetted correctly…security is likely more reliable than that provided by a typical health care organization," said Murry. "It is literally the hosting company's mission [and] critical job to maintain security."
Although sending data to the cloud is a popular storage option, organizations need to consider that it takes time for the data to reach its destination. How data is secured during transit -- in addition to when it is at rest -- should be at the top of a hospital's list, said James P. Keller, Jr., vice president of health technology evaluation and safety at ECRI Institute. To that end, vendors responsible for sending data should have security policies in place that are not in conflict with the hospital's policies, especially as they pertain to encryption and data access.
Keller offered an additional tip for Web-based EHR security -- it is completely reasonable for organizations to ask for a full security-related disclosure statement from their hosting vendor. Moreover, since ECRI Institute is a federally designated patient safety organization, ECRI customarily provides such information to the organizations it supports through its PSO services.
In-house EHR security means having resources
Purchasing an EHR system to be operated in-house will likely require extra resources for security and privacy, which is why it's only larger hospitals that take this route. Considering the system will be located and used in or around the hospital, set aside resources to establish an IT team -- and even a security team.
Type of hospital matters in EHR purchasing
Another factor that pushed Hunterdon Medical Center to use a hosted model for their EHR and practice management system -- it is an independent physician practice association (IPA) comprised of both hospital-owned and private practices.
The private practices within the hospital did not want any physical computers or servers holding data in or around the hospital, especially because of the abundance of financial data, CMIO Bob Murry said.
Another reason for setting aside resources, Keller said, is to be able to fully address disaster recovery, since the IT and security teams will be tasked with setting up a replica of systems and servers off site. Furthermore, the off-site replica will need to be tried and tested, he said, to "make sure it can handle a full scale drop-out of your on-site EHR."
Besides disaster recovery, access security is key concern. Keller urges hospitals to maintain a full list of people approved for access to the system, especially if there are representatives from outside organizations who use the system for code upgrades or consulting purposes.
In-house, Web-based EHR systems can co-exist
Hunterdon Medical Center uses both in-house and Web-based EHR software, depending on the hospital wards. The ambulatory unit uses a NextGen Healthcare Information Systems Inc. Web-based EHR, as well as a practice management system hosted by Dell Healthcare Solutions. That decision was made, Murry said, because the "expertise required to keep the server farm running is significant and expensive." Additionally, the hosting company and EHR vendor share many clients, so the host is familiar with the EHR's functionality and its customers' cloud uptime needs.
Dell, through its contract, also performs server refreshes every three years. That turned out to be a beneficial move when a hardware upgrade was essential to install an EHR application certified for meaningful use. The hosting company was able to complete the app upgrade and server refresh without the need of additional resources, which "saved hundreds of thousands of dollars," said Murry.
Meanwhile, Hunterdon's inpatient hospital information and emergency department systems are hosted on-site. Those wards have a long history of hosting and managing their systems, Murry said. However, he added, the positive experience with the outsourced, Web-based EHR system means the medical center would reevaluate this model if it were to consider switching EHR vendors.
This was first published in March 2012