There are so many things to consider when buying an electronic health record (EHR) software. Most of your attention is probably on the specific features and services that each EHR vendor offers, and rightfully so.
You want to make sure that an EHR’s capabilities match your organization’s specific needs.
However, a question that may be just as important as what an EHR offers is how the EHR’s servers will be hosted.
Essentially, this determines how and where you store the health information of all the patients at your organization.
Seasoned providers are often keenly aware of the functionality they require in an EHR. But when we start talking about servers, hosting and the cloud, it can make their head spin.
As the software company in this relationship, we thought we would step in to give you the low down on the EHR server situation.
First, let’s identify the two ways your facility can host your EHR’s server.
For this approach, the server is physically installed at your facility and managed by your facility’s in-house IT department.
Also known as server-based hosting, or local server hosting, this option requires your facility to take on the hosting burden by itself.
For this option, your facility’s server is managed by your EHR vendor at their data center.
It is also commonly referred to as vendor-based or cloud-based hosting. In this approach, your facility accesses your EHR through an internet connection.
There are pros and cons for each hosting approach, which can be explored by comparing the following key differences:
- Cost Breakdown
- System Maintenance
- System Security
EHR Hosting Cost Breakdown
The upfront cost to set up a local server at your facility can be quite substantial.
For starters, you have to purchase the server itself. This includes paying for the hardware requirements and installation.
Besides the actual server, there are several other elements your facility may need to buy to establish a proper hosting infrastructure:
- Network Infrastructure: Routers, switchers, firewalls
- Computer Hardware: Data storage equipment
- Third-Party Supplemental Software: Operating systems, database software, virtualization software
The list, and thus cost, can add up quickly.
We mentioned quite a few technologies that your organization may have to buy and maintain if you commit to in-house hosting.
Some helpful questions to ask yourself at this stage are:
- Does your current IT department have the knowledge and/or resources to accommodate the scope of your operation’s local server?
- Would an in-house hosting approach require additional hires, or increased hours to payroll?
Even if your IT department is capable of handling a local server, your organization will most likely have to pay for some form of system backup and disaster recovery services as well.
Once the physical infrastructure is purchased and installed, your facility often still has the cost of software licenses to consider.
Though this all seems quite costly, a number of these requirements are one-time purchases.
Once your facility shells out the considerable initial investment, your self-hosting budget can remain relatively low and static.
However, intermittent upgrades to your servers are often unavoidable and will run up cost again.
This approach does not usually require upfront capital investments for new hardware or storage systems.
Virtually all you need to access your vendor-based EHR is a computer and a connection to the internet.
It is typical for EHR vendors to charge a monthly service fee to take on the hosting burden for your organization. This fee is subject to increase depending on the policies of the vendor.
For example, a vendor may charge your facility for each new software license to account for the added storage space you are taking up on their servers.
These fees are not static. They may steadily increase over time depending on the EHR vendor and the growth of your organization.
When you host your EHR on a local server, your facility is tasked with establishing your own data backup and recovery procedures.
Data backup and recovery procedures are critical in health IT:
- Data Backup: Copying patient data to a separate location/server so that the data exists somewhere else in case of emergency
- Data Recovery: Retrieving the patient data that was backed up so that it can be restored and used
When running a modern healthcare organization, there is always the risk of data breaches, cyberattacks, and natural disasters.
Besides the many difficulties associated with each of these emergencies, they usually make it impossible to access data on the EHR.
In the busy clinical environment, clinicians cannot afford to lose access to the data they need to treat their patients. As a result, backup and recovery procedures must be set up so that treatment is not interrupted during an emergency.
With this hosting approach, developing these emergency protocols falls on your organization. Your IT department must manage these important processes, or you must hire third-party services for backup and recovery.
No matter which option your organization chooses, this is an additional cost your facility will incur when hosting in-house.
Another factor to consider is how much server space your operation requires in the present, and how much you may need in the future.
The space and processing power your local servers need typically depends on how many users your operation is supporting. In many cases, this is a number that will fluctuate, and ideally, increase as your operation grows.
Figuring out your facility’s usage requirements is a tricky task. It may be outside of a smaller IT department’s expertise. If your facility makes these decisions by itself, mistakes or bad judgment can be costly.
Lastly, managing software updates becomes your facility’s responsibility, too.
Your organization will be required to diligently monitor any release of software patches or system upgrades. There may be server aspects that need to be promptly modified by your team to preserve maximum EHR performance.
As for vendor-based hosting, the IT experts at your EHR vendor manage all system maintenance at their data center.
These professionals should be knowledgeable and comfortable with the servers they work with. They were hired to manage your data for you, and thus take virtually all the system maintenance burden off your organization’s shoulders.
EHR vendors should offer backup and recovery protocols within your managed hosting agreement. Established companies routinely backup your data on a schedule that guarantees minimal data loss in the event of an emergency.
Any disaster situations that harm or impact your data falls on the EHR vendor to address and reconcile.
As a result, organizations that opt for vendor-based hosting can trust that their data is being taken care of without any stress or time associated with actively preparing for emergencies.
With a managed hosting approach, the issue of server space can be fairly negligible as well.
Server space is often sold on-demand so that your organization only pays for the space you need. Any uncertainty related to buying server space for the present and future growth is eliminated.
Storage can simply be added as your facility’s growth dictates.
One possible downside for this pay-as-you-go model is if an EHR vendor limits the amount of data that they will store in their servers. If you are considering a managed hosting approach, it is a good idea to ask if there is a cap to the cloud storage available to your organization.
Looking to system updates, EHR vendors that offer managed hosting handle them internally.
Any patches or upgrades that the servers require are completed by professionals so that your business goes on without a hitch.
Personal health information is some of the most sensitive data in any IT environment. Securing such private information for your patients should be any facility’s top priority.
This is even more critical if you are storing patient information on a local server. Any security breaches fall squarely on your organization.
Here is an idea of the requirements for HIPAA-compliant servers.
As you can see, maintaining the integrity of patient information is extensive and intensive work.
If your organization cannot secure patient data in a HIPAA-compliant manner, you open yourself up to liabilities. Is your IT department capable of implementing the required hardware elements, and updating them as needed to satisfy HIPAA requirements?
The IT team and data center under an EHR vendor’s control is generally regulated with strict guidelines.
Take it from an EHR company – HIPAA is always on our mind.
A big part of a vendor’s IT infrastructure is ensuring that HIPAA-compliant practices are being observed and upheld across the board.
There is a peace of mind in letting the EHR vendor take care of all HIPAA and security matters. That way, you can trust that qualified professionals are upholding the highest standards of patient data integrity.
And, in the event of a data breach, the liability is one that the vendor takes responsibility for.
Though the locality and ownership of an in-house server open facilities up to potential problems, there are also decidedly positive elements to this approach.
For example, when you manage your own server and data center at your facility, you get complete control over the system. You choose how and where data is stored.
This level of control allows healthcare organizations to customize their health IT systems extensively to fit their specific needs.
There is also no need to rely on an internet connection to access patient health data when managing your own server. As a result, your facility can maintain the continuity of operations if and when the internet is down.
Furthermore, having the server at your facility may local server may increase the speed and performance of your system as well.
A benefit of vendor-based hosting is the ability to access your system from anywhere, anytime.
Mobile access to your EHR is becoming critical in the modern healthcare environment.
For example, patient engagement is more important to customer satisfaction than ever before. Your facility relies on remote capabilities for these features, as well as the overall efficiency of your operation.
The main concern with vendor-based hosting is the fact that if the internet goes down, on your side or your vendor’s side, your facility will not have access to your data.
Established EHR vendors are likely to have excellent internet connections, as well as diligent backup features and recovery protocols to mitigate this risk.
However, in a worst-case scenario, your facility may not be able to access the data you rely on to treat your patients safely and securely.
EHR Hosting: Making the Right Choice
We hope you have a better grasp of what each EHR hosting option offers, and do not offer, your organization.
As you research EHRs to find the one that best suits your facility, you may find that your new understanding of hosting approaches narrow down your choices significantly.
Were you impressed by one hosting approach in particular? Or are you still on the fence? Either way, you may be interested in what Sigmund has to offer.
Though most of our customers opt for managed hosting, we also have the ability and experience to support your facility if you choose an in-house approach.
If you would like to learn more about how Sigmund manages patient information in our data center, or how we assist a facility with their local servers, speak to one of our knowledgeable professionals today!