- By Peter Rorlick, Co-Founder and Vice President, Research and Development
A variety of older Electronic Health Record systems are still commercially available that are built in way that expects you – the customer – to host the application and the data, within your own internal network – on servers most likely residing within your IT department’s server room. Perhaps your organization is using such a system today.
That model represents the "old way" of hosting enterprise software solutions. A huge number of the software applications developed within the last few years are proud members of a new generation of cloud-based solutions that are hosted and managed by the software solution provider.
Old School vs. New School
For personal use as well as business applications, the evolution towards cloud computing has been accelerating. Today, most people spend the majority of their software-interaction time "in the cloud". Facebook, Twitter, Gmail, Outlook Mail, LinkedIn, and Google Drive are just a few examples of cloud computing applications that many of us use every day, without giving much thought as to where and how the software and the data are hosted. The typical user doesn’t even want to know the details of how and where those services are hosted. We just want those systems to be accessible at all times and from any device, and we want our data to be saved and protected.
Business and healthcare applications are following the same trend, with good reason. The best practice today is to let the solution providers do the heavy lifting, in terms of hosting and maintenance: let them be responsible for setting up and maintaining servers, load balancing, firewalls, intrusion detection/prevention, continuous software enhancements, performance tuning, 24 x 7 monitoring and troubleshooting, backups, disaster recovery, and so on.
Software as a Service (SaaS)
In the old model, customers purchased a license to install and use the software. This transaction usually involved a significant up-front one-time payment, and the customer usually had no financial recourse if they were subsequently unsatisfied or if they stopped using the software for any reason.
In the SaaS model, you are a subscriber. Most SaaS providers will grant you access to their software for a fixed monthly or annual subscription fee. Some SaaS pricing models are based on the amount of usage. For example, a small fee may be charged for each transaction or for each record added. In a SaaS model, you simply pay a small fee to use it, and in most cases it’s BYOD (Bring Your Own Device), enabling you to access the system on any internet-connected computer or phone or tablet.
One of the great things about SaaS is that the provider’s whole business model is based on keeping their subscribers happy so that they stay on board and renew their subscriptions, year after year. This means that subscriber satisfaction, reliability of service, and providing good value are essential priorities to SaaS providers. These factors have resulted in raising the bar in terms of the quality and value of the solutions that SaaS providers are offering. The software landscape is as competitive as ever, and in almost every business domain there are multiple SaaS vendors competing to sign up and retain subscribers. These vendors know very well that the only way they can thrive – or even survive – is by providing an excellent service and charging a fair price for it; otherwise, their subscribers will soon jump ship.
Another emerging trend that has contributed to ensuring a high quality of service is Crowd Assessment. If a SaaS provider’s software is too hard to use, or if it’s too slow or if their system is erratic, their subscribers will complain about it to the SaaS provider of course, but more importantly they will complain about it in public forums. Service businesses really cannot hide their flaws and failings any more. They have only one option if they want to succeed: they must provide good service.
Is your data safe?
Does SaaS and cloud-computing mean that your data is less protected? After all, when you use a SaaS solution, you are entrusting a team of people to store and safeguard your data. In fact, SaaS is very safe - a good SaaS provider is capable of protecting the confidentiality, integrity, and availability of your data to a greater extent than if the data were to be hosted within the walls of your organization. The reasons for this are simple. The SaaS provider has the benefit of significant economies of scale (providing the same service for many enterprises), so they have teams of dedicated experts available around the clock to make sure that the system, and your data, remain protected and available to the authorized users in your enterprise. And their servers are typically located in extremely secure facilities, with redundancy and failover capacity on standby.
In a SaaS EHR, your organization will operate within an "enterprise" within the software system, which is your database. Of course, when you’re signed in (with a password and possibly with an additional factor of authentication), you can only access the data that belongs to your enterprise. There are strict security boundaries that prohibit you and other customers from accessing each other’s data. Similarly, other subscribers are prevented from accessing your enterprise’s data.
Your access to specific features and data may be limited by the permissions granted to you by your organization’s enterprise administrators. The best EHR systems utilize role-based as well as group-based security permission schemes. A "role" describes what types of functions and what types of data a user is allowed to access. For example, a "physical therapist" role might be configured to allow the user to see and edit a patient’s medical records but not their psychology records, and they may only be able to see medical imaging records in read-only mode. A "group" defines the set of patients or athletes that the user has access to.
Standardization – why it’s important
Your organization’s administrators will be responsible for managing the user accounts and permissions, and for configuring the standardized behavior of the software. Standardizing the way data is recorded and captured across your organization is vitally important for several reasons. Firstly, it facilitates consistency and collaboration among healthcare professionals. Secondly, standardization of data capture makes it possible to analyze an aggregation of data to identify anomalies, trends, and outcomes. The best EHR systems include reporting and data analysis tools to perform this kind of analysis, which can be invaluable in ensuring a high quality of healthcare services and in identifying specific ways to improve those services.
Standardizing the way the system is used is also very important. You don’t want Dr. Smith recording his notes in the "Medical Notes" tab while Dr. Jones is in the habit of entering his notes via Word documents that he attaches to Physician Encounter records. Part of an administrator’s job is to ensure that the users across the organization are using the software in a consistent way. Consistency ensures that medical professionals can easily find and easily read each other’s information. The system administrator should work with the SaaS EHR vendor to define how the system will be configured, tuned, and adapted so that the system will encourage and facilitate healthcare best practices across the enterprise.
Four reasons to switch to SaaS
Companies such as Amazon (Amazon Web Services), Google (Compute Engine), Microsoft (Azure), Rackspace and others provide generic and flexible cloud computing hosting services, and their fees are reasonable because they do it on a large scale. A lot of big-name service providers – including banks, pharmaceuticals, Netflix, Dropbox, Instagram, and some SaaS EHR vendors – are taking advantage of these trusted cloud hosting services, so that they can provide a reliable and secure service to their subscribers at a relatively low cost.
For healthcare organizations, there are compelling reasons to select (or switch to) a cloud-computing EHR solution served up by a good SaaS provider:
- Assurance of round-the-clock system availability
- The SaaS provider monitors the system’s availability and performance continuously, and is responsible for immediate troubleshooting to ensure 99.9% uptime.
- Data backups are made continuously to servers at different regions/zones within the cloud. If one region or zone goes down, the SaaS provider can restore the system rapidly in another.
- Continuous improvements
- Software enhancements are added to the system regularly, at no cost and at no trouble to subscribers.
- The SaaS provider applies these updates within the hosting environment, on an ongoing basis.
- World class security
- Subscribers benefit from the physical and non-physical security of dedicated cloud hosting services, such as Amazon Web Services. In addition, the best SaaS providers ensure that all customer data is encrypted both in transit and while at rest, as well as ensuring that firewall protection is in place.
- There are also security mechanisms built into the EHR software itself, including session authentication, role-based and group-based permissions, etc.
- Significantly reduced Total Cost of Ownership (TCO)
- Subscribers enjoy a much lower TCO, thanks to the economies of scale related to the points described above. Your IT people do not have to install and maintain servers or load balancers (and therefore there is no need to arrange or maintain any physical security for such equipment). They don’t have to be responsible for making data backups or for Disaster Recovery. They don’t have to worry about monitoring the system’s performance and availability 24 x 7 or any related troubleshooting. Lastly, they don’t have to apply any software updates or hardware upgrades to the hosting equipment. All of this adds up to a significant reduction in the overall cost of using the software.