Though cloud-based EHR systems help to access real-time patient data from multiple locations to enhance clinical documentation and are affordable, there are several risks associated with them. In an EHR system, patient documents are stored on external servers which can be accessed via the web using a computer with Internet connection. You will always have to depend upon cloud vendors to access EHR data and create backups. This reduces your control on data, which leads to potential risks. Let’s take a detailed look at the major risks and how to manage them.
Even though you will require only a monthly subscription for a cloud-based EHR system unlike the system that needs to be updated and upgraded every 5 or 6 months, the following risks exist for a web-based system.
- EHR Errors – There are several kinds of EHR vulnerabilities such as fault data entry (50 inches as 50 centimeters), unexpected conversion (4.5 as 45), selection of wrong file or field or repeated mistakes, which may lead to serious medical errors. As physicians constantly copy-paste data within the EHR to save their time without updating daily notes on patients, the minor errors are duplicated and transform into major errors. In the case of a cloud-based EHR, these kinds of errors will spread to all other documents in no time. Once this happens, it will be difficult for you to track the errors and your entire system will remain faulty. Transcribing physicians’ dictations into accurate documents with the help of professional transcriptionists or transcription services and populating the EHR fields with that data through discrete reportable transcription (DRT) technology is the best way to avoid this dilemma.
- Internet Failure – Since the cloud-based EHR data is accessed via the web, Internet failure will drastically affect the entire working process. It was reported that in a recent Internet brownout, a number of small physician practices and clinics could not access the Practice Fusion (a free web-based electronic health record company) site and many of them sent their patients and staffs home. As it was not possible to log in to their system, physicians had no information about the patients, their problems or their co-pay involved. Canceling an entire day’s patient visits resulted in considerable financial loss to the practices.
- Data Security – Data breach is the most serious risk with a web-based system since the data is controlled by a third party vendor. Your data resides on the same database server thousands of other users are using and patient information may be compromised. Moreover, cloud vendors can mine your clinical data and even sell them to other companies. As per the HIPAA Security Rule, cloud vendors are allowed to create, receive, maintain or transmit electronic personal health information on behalf of a practice only if it has obtained satisfactory assurances that the vendor will safeguard the information in an appropriate manner. Apart from making an HIPAA-compliant contract, you should also include the following things in the contract:
- When and how your practice has access to the data and how to obtain that access
- How security is assured
- Where data backups are stored, how often they are stored and how they are accessed
- If the data is stored offshore, what local rules and laws pertain to data security
- How frequently the services need to be upgraded and how common downtime is
A 2012 report by the Centers for Disease Control and Prevention says that around 41% of healthcare providers were using cloud based EHR systems in their practice while a study by MarketsandMarkets points out that cloud computing would grow by 20% in healthcare until 2017. As cloud-based EHR adoption is increasing, there is an urgent need for practices to become aware of these risks and take efforts to manage them.