Part 2: 5 Best Security Safeguards to Prevent EHR Hacks

Keeping Online Protected Health Information Safe

By: David Toth, PhD. Director of Technology and Infrastructure 

One of the first decisions a facility must make when it comes to choosing an EHR is where the information will be hosted. Many EHR software companies give you the choice of having information stored on the cloud or on your own servers. Some give you the option of having your data stored and backed up on their own servers. Here are some reasons why vendor-sustained servers might be right for your security needs.

5 Physical Components of Online Security

1. Access Control Tools:

It's the literal nuts and bolts. Offsite hosting takes care of basic essential services like power, cooling, fire suppression, and more. This can be a more daunting task than it initially appears for those who plan on running their own systems, and what seemed like a simple thing to implement can quickly escalate in terms of both capital cost and effort.

2. Back Up:

Those who operate their own EHR servers must comply with HIPAA requirement for continued access during emergency operations. A reputable hosted EHR provider will have included full emergency operations provisions, sometimes referred to as disaster recovery or business continuity, within their hosted environment. Even if your location comes under cyber-attack or suffers a natural disaster, you can rest assured that your patient data is accessible by your authorized staff from anywhere there is functioning Internet access.

3. Services Infrastructure: 

In an EHR environment, networking, security, and server health must all be aggressively monitored and managed. This can add a tremendous load to internal IT departments, necessitate large expenditures for automated monitoring software, require third-party monitoring services, or all the above. With offsite hosting, you don’t need to burden your IT department, or rely on third-party products and services to ensure your EHR environment stays operational and compliant.

4. No Downtime:

When your information is hosted in a secure, offsite facility, you are assured of always being able to access your data. When self-hosted, you are at the mercy of your own infrastructure, and the planned and unplanned events which may cause access problems. A reputable hosted EHR provider holds your EHR solution in a robust high-availability environment designed for continuous operation, during both planned and unplanned events.

5. Data Integrity: 

HIPAA data integrity is a multi-faceted and complex part of being compliant. As we mentioned in the last post, people who choose to self-host incur all the responsibilities for compliance with all HIPAA rules. Even if your current infrastructure is already HIPAA compliant, adding a self-hosted EHR greatly increases to complexity of that environment and may require a complete overhaul of the current compliance measures. Reputable vendor-hosted EHR solutions are fully versed in exactly what is required to ensure complete data integrity. Using a reputable hosted EHR provider shifts much of the HIPAA compliance burden away from your local infrastructure and greatly reduces the effort required for your organization to be HIPAA compliant.


There are many things to consider when it comes to onsite or vendor hosting your EHR. Depending on your needs, local resources, infrastructure capacity, and IT capabilities it may not be necessary to use a vendor hosted system. However, due to the high up front and recurring costs, the labor required to manage and maintain a self-hosted EHR properly, and the complexity of HIPAA requirements, many organizations will see significant benefits by using a vendor hosted EHR system.

Selecting the right EHR and hosting option is vital to your organization. It is especially important to make sure your EHR has the right level of secuirty. Check out this blog post to ensure your organization has the right level of EHR security.