EHR implementation

Although the behavior of one EHR vendor was wrong, more serious problems are inflicted by government-run EHR certification criteria

This week eClinicalWorks resolved a lawsuit by agreeing to pay $155 million for falsely claiming it met Meaningful Use (MU) EHR certification criteria.   Although the alleged behavior of eClinicalWorks was wrong, we have much more serious problems inflicted by the government-run EHR certification criteria.  

The business of EHR vendors is to gain clients and earn profits.  Developing innovative tools that help physicians care for patients should be the primary focus of their business.  Instead, vendors are held hostage to government-run certification criteria that are constantly changing and sometimes ambiguous.  While I do not condone the apparent behavior of eClinicalWorks, I am much more concerned about the  certification processes that led to this situation.   

The certification process evolved out of the 2009 HITECH Act that promoted the use of EHR technologies by offering incentive payments to hospitals and physicians who successfully adopted and used EHRs.   This resulted in an unprecedented rush of business for EHR vendors.  While EHR vendors began ramping up resources to meet the demands of the sales cycle and EHR implementations, they were also hit with government-imposed EHR certification criteria--criteria that are still changing frequently and sometimes are ambiguous.  This exponential increase in EHR client demands along with rapidly changing certification criteria crushed EHR vendor resource availability.  This constraint on resources forced them to focus on developing and testing EHR products to meet the specific certification criteria required by the government.  In my opinion, the unintended consequence of overwhelmed EHR vendors is that they then did not have available resources to focus more on:

  1. Improving usability
  2. Identifying and managing patient safety risks inherent to EHR use
  3. Developing innovative tools and functions that actually improve how physicians care for patients 

As a result, EHRs were developed to meet MU EHR certification criteria, but failed to improve poor usability.  EHR products could meet certification criteria, yet fail to adequately address patient safety risks associated with implementation and use.  And the constraint on EHR vendor resource availability remains an impediment to the development of innovative tools and functionalities that EHR vendors really should be focusing on today.

Physicians do benefit from EHR certification by reducing risk during the EHR selection process.  That is why the Certification Commission for Health Information Technology (CCHIT) was created in 2006 as an independent, not-for-profit group.  CCHIT certification was based on a consensus of stakeholders who determined core functionalities that a basic EHR should provide.  I participated in that effort, albeit in a brief, very small way (providing some input on pediatric core criteria).  I recall we were careful to avoid requirements that could hinder EHR product innovation.  CCHIT ceased operations in 2014 after the government created the MU EHR Certification program.  

CCHIT certification was much less prescriptive than what the government imposes today.  Less prescriptive EHR certification was, in retrospect, the right approach to take.  And we did it without government involvement.  Government works at its own hindered pace, and that pace is much slower than what an unencumbered EHR market could accomplish.  I think the government needs to get out of the EHR certification business.   But whether government remains involved or not, the EHR certification process needs to learn from CCHIT and rely more heavily on building consensus of physician stakeholders.  We will do what is best for our patients.    

So, this week one vendor was called out by the government for false claims regarding EHR certification.  But that one vendor is really not the problem.  The real problem is that the development of all EHR products has been, and still is, impeded by the government's EHR certification program.  

Matt Murray, MD

cook children's health care system


Improved Physician Practice Preparedness To Recover from EMR Downtime and Other Technology Risks is Needed

It should not take 3 weeks to restore an EMR system.  

I was not surprised when one of my colleagues told me his EMR unexpectedly "went down", as there are many threats to hardware and software--wind, fire, water, construction equipment, human error and cyber crimes to name a few.  It was the rest of his story that was so disheartening.  As he recalled the struggles that his group endured for three weeks, his facial expression contorted into what I can best describe as that of "helpless resignation".   The complexities of technology had held him and his group hostage for three weeks.   At the time of our initial discussion he was still in the "grieving" stage, so I felt it to be too early to engage in a healthy discussion about IT risk management.   He needed to vent.   I needed to listen.  

And this story exemplifies what drives me to spend time collaborating with the Texas Medical Association (TMA) and others to raise physician awareness about the safe use of EMRs.   I do not have data, but my gut tells me that the majority of physician practices underestimate how vulnerable they are to EMR threats, especially small physician practices who lack internal IT expertise.  Perhaps the recent rise in ransomware attacks will actually be beneficial.  A ransomware attack on a physician office in South Texas earlier this year has led the TMA to increase communications to physicians about the threat of ransomware and other cyber attacks.    

Until recently the focus of preventive strategies against cyber attacks has been to ensure that the privacy and confidentiality of electronic medical records (EMRs) are maintained.   HIPAA stuff.   And this is understandable since privacy breaches are expensive for a practice to manage, and such breaches have the potential to financially hurt patients if their data is used maliciously.  But ransomware attacks are different because they make a physician's EMR unusable until a ransom is paid (or the EMR is otherwise restored).  Unlike privacy breaches, ransomware attacks are disruptive to the daily operations of the practice.  It is a disruption that impairs the ability to take care of patients who are in the office as well as those who call the office.  At the end of the day the physician is left struggling to take care of patients who are sick without access to information that is really needed.  This is a "new normal" that should brightly illuminate the need for improved disaster recovery preparedness and IT risk management for physician practices.    

There are ways to reduce the threat of ransomware attacks and other health IT risks.  A thorough security risk analysis can identify weaknesses that could be targeted by cyber criminals.  Steps can then be taken to reduce the chances of being victimized.  Establishing a habit of continually identifying and managing these technical risks will further reduce the chances of an EMR shutdown.  

But one of the major obstacles is that physicians generally do not have the knowledge, expertise and time to do this themselves.  Another obstacle is that security risk analyses tools are designed primarily for large healthcare systems and do not translate well onto a small physician practice.  That is why the TMA's ad hoc Health IT Committee is currently collaborating with a vendor, a state agency and one small physician practice to hone down a security risk planning tool into something that would be feasible and effective for small physician practices to adopt.  For now physicians have to rely on consultants or train/hire IT staff to identify and manage technology security risks.

Nevertheless, no system can be 100% "downtime-proofed".  So even if a physician practice adopts best practices for security risk management, they must be prepared for a disaster to strike at any time.  After a disaster strikes, maintaining the ability to effectively care for patients must be the first priority.  I have coined the term, "clinical continuity planning", to characterize this planning.  I base the term on a similar commonly used term, "business continuity planning", which is the plan businesses develop to maintain daily operations during technology downtimes and disasters.  A physician office certainly is a business and should have a business continuity plan to maintain economic viability during disasters.  But the life-and-death nature of patient care is so unique that I believe a clinical continuity plan should be developed by each practice and be considered as the first priority in disaster planning.  Business continuity is integrated with clinical continuity and is also vital to the physician practice, but it should be considered as a lower priority.  In the real world this means that when weaknesses in security and downtime planning are identified, clinical continuity weaknesses should be addressed before business continuity weaknesses are addressed.  
 
The most effective protection against a ransomware attack and other types of "downtime" is to have a complete back up of EMR data and an ability to quickly restore the EMR system.  If the practice can do that, they may not have to pay a ransom, and the impact on patient care can be minimized if the back up and restore tools/processes are effective.  
 
With the rise of ransomware attacks I believe the primary focus of health IT risk management for physician practices should be to ensure an acceptable degree of clinical continuity can be maintained during EMR downtimes.  Secondarily, the practice should understand the tools and processes that are in place to back up and restore the EMR in the event of a disaster.  And to make sure they get tested.    The first time a physician discovers that it will take 3 weeks to restore their EMR should not be after a real disaster strikes.   
 
 
mattmurraycook children's
 mgg
 

Keys to Gain Value from EHR Implementation and Use

Many physicians who use an electronic health record (EHR) are having difficulty realizing value in their investment.   A recent KLAS survey found that more than one out of every four physician practices are so dissatisfied with their EHR that they are considering replacing it.    Although many physician practices have earned a financial award by using an EHR to achieve “meaningful use”,  data is lacking on whether or not such efforts actually improve patient outcomes.  

I believe, anecdotally, that I practice higher quality medicine when using an EHR.    But I am a pediatric emergency medicine physician using a hospital EHR to document patient encounters in a children's hospital's emergency department, not a physician in private practice.  On the other hand, my past experience as a a Chief Medical Information Officer (CMIO) and Chief Information Officer (CIO) for my pediatric healthcare system provided opportunities to visit many private physician offices using a variety of ambulatory EHRs and to visit with many EHR vendors.  I met many physicians  who were happy with their EHRs and see the value.  Others I met were unhappy and see no value in their EHR.  Perhaps my most eye-opening experience came when I visited with a group of unhappy physicians who were using the same EHR as some happy physicians I had met one week earlier.   So what gives?

The answer is simple, but the explanation is complex.  

The simple answer is that the value gained from an EHR is dependent on how effectively it is implemented and used.   When well-implemented and well-used, an EHR provides clinical and financial value.   When poorly-implemented and poorly-used, EHRs detract from patient care and are a financial drain.  

The complex explanation might best be explained using examples.  So, based on my past visits with physicians who use various EHRs and on other personal research, I have created an outline of what I think are the key factors that allow physicians to gain value from their EHR.  I am in the process of writing a series of blogs with case studies to help explain each of these factors.  Stay tuned! 

Keys to Gain Value

 

cook children's

 

Dr. Matt Murray

Cook Children's


Health IT-related patient safety risks should inspire Congress to create a national patient safety board

The idea’s time has come. The U.S. healthcare system needs a national, independent entity empowered by Congress to oversee health IT patient safety. Now.

In today's world a health IT-related patient safety issue that is identified by a physician practice or hospital is investigated and managed in a nontransparent manner by the individual provider and the EHR vendor.  

Although the issue may be escalated to a local accountable care organization (ACO) or patient safety organization (PSO) that providers are increasingly becoming associated with, neither the issue nor the results of the investigation are reported to a statewide or national oversight entity. The patient safety data is therefore not collected, aggregated and analyzed at a state or national level. Without such oversight we are missing out on the opportunity to identify known avoidable health IT risks to patient safety and failing to disseminate knowledge on how to manage those risks. For example, if an issue is resolved at the physician practice between the physicians and EHR vendor but is not addressed at other practices that use the same EHR, then patients at those other practices remain at risk. 

I have observed EHR vendors tune in to patient safety issues more keenly in the past decade and sometimes make more visible efforts to ensure identified issues are addressed with all customers and not just the ones who report issues. And let's be clear that a majority of EHR-related patient safety risks are related to how an EHR product is being used or implemented by their clients and not due to inherent technical flaws with the vendor's product. Nevertheless, patient safety should be viewed as a shared responsibility between the physicians, their practices or organizations and the health IT vendors. Identifying and managing patient safety risks is done most effectively when all cooperate in a team effort.

In Texas there had been discussions within the Texas Medical Association about establishing a central, statewide EHR patient safety entity to monitor and manage health IT-related patient safety issues. The data would be rolled up from hospitals, physician practices and patient safety organizations across the state for aggregation and analysis. However, it became evident during those discussions that it would be feasible and much more beneficial to establish governance at a national level.

So why does this need to be a new, independent national agency charged by Congress to oversee health IT patient safety? 

Today there are many government agencies and private entities that I believe could and should contribute to patient safety surveillance and improvements, but none have the expertise, assets and time that are necessary to coordinate a national effort. In addition to the complexity involved with collecting and analyzing data from hundreds of institutions and PSOs, there are hundreds of unrelated EHR vendor products being used. There is not yet any available registry of health IT products, many of which are subdivided into multiple versions that sometimes vary widely in their available functionality. As a result, I strongly agree with the observations and recommendations described in an article by Singh, Classen and Sittig (J Patient Saf, Dec 2011; 7(4): 169-174) calling for a national patient safety board that is an independent government agency structured similarly to the National Transportation Safety Board. This entity would be charged by Congress to oversee HIT patient safety and coordinate with other agencies who can contribute to improvement in patient safety such as the Office of the National Coordinator, the Federal Drug Administration, the National Institute of Standards and Technology, the Agency for Healthcare Research and Quality, the Center for Medicare and Medicaid Services, the National Quality Forum, local patient safety organizations, local healthcare organizations who collect patient safety data, other local EHR patient safety reporting entities and industrial (EHR and HIT) trade associations. All of these entities need to function in a cooperative fashion in order to effectively identify and manage health IT-related patient safety risks.

The recent health IT report from the Food and Drug Administration Safety Innovation Act (FDASIA Health IT Report) proposes a framework to improve health IT-related safety risks including a proposed National Patient Safety Center. 

I am concerned, however, that the proposal does not appear to provide this entity with enough authority to get the job done effectively. A national patient safety entity must have the authority to not only monitor activity and provide learning opportunities for vendors and providers, but also to regulate activities, investigate events, ensure issue resolution and require compliance. I do not see enough "teeth" given to the entity proposed by the FDASIA report. 

The primary focus of a national Health IT Patient Safety Center should be on the dedicated surveillance of HIT-related safety risks and to promote learning from identified issues, potential adverse events (“close calls”) and adverse events. But it must also have the authority to effectively manage identified risks and ensure compliance with best practices for health IT patient safety.


Healthcare Industry's Triple Strand of DNA: health IT, payment reform and patient empowerment

Earlier this month I used a genetics anology to describe the amazing progress with electronic health record (EHR) usage by physicians over the past two years (see Progress being made to splice information technology into the healthcare industry's genome in Texas).   Facilitating this progress are the EHR Incentive Program and other federal health IT initiatives that the Office of the National Coordinator for Health IT (ONC) oversees. 

Last Thursday the National Coordinator of ONC, Dr. Farzad Mostashari, took my genetics analogy one step further in his keynote speech at the HIMSS12 Annual  Conference for health IT in Las Vegas.   And I have to admit that he improved upon it.  I guess that's why he's in Washington D.C. and I'm not. 

Dr. Mostashari warned the 36,000  conference attendees that along with this continued progress there are two other societal trends to align health IT with.   He advocated for "twisting health IT to create a triple strand of DNA" with payment reform and patient empowerment. 

Health IT, payment reform and patient empowerment.  The triple strand of DNA to splice into the healthcare industry.  I like that. 

Payment reform is seriously needed to align incentives with the provision of quality care in an efficient manner.   Right now I am basically paid to "encounter" patients and to do procedures.       Although I am personally motivated to provide high quality care, the incentives are oddly there for physicians to "see more" and "do more" rather than to "see it done best".     In addition, my documentation is based on meeting reimbursement rules to make sure I get paid rather than being based on communicating a clear picture of my findings and care plan.   I absorb the extra time it takes to do both.

Consequently it is no surprise that for decades EHR vendors developed products based on episodic care.    Physician's sought out products that would help them document and get paid for patient encounters.  Documentation templates and charge capture functionalities were developed to maximize chances for reimbursement.    

The potential for EHRs to improve quality and chronic disease management is just now starting to be realized.    The ONC's health IT initiatives enacted by CMS under the HITECH portion of the 2009 Recovery Act are providing the push.   But as payment reform proceeds, whether it be value-based purchasing, accountable care or some other program, EHR vendors will be incentivized even more to shift development efforts into chronic disease management and clinical decision support that are a basis for improving patient care. 

And the third strand of DNA to splice into the healthcare industry, patient empowerment, is indeed an active and growing societal influence.  But I will have to blog about that another day...


Bipartisan Health IT Support and ARRA Insulate EHR Incentive Funds From Budget Cuts

A physician colleague recently asked me why I am confident that CMS will not cut off EHR incentive funding in the future.   This question is important to him and other physicians who plan to qualify for up to $44,000 in CMS incentive payments by achieving the meaningful use of EHRs.   They fear that the dragging economy and political discord will result in budget reductions that will cut this and other important health IT funding programs.    What I see, though, is a decade-long track record of bipartisan support for health IT initiatives and a 2009 federal law that requires CMS to provide funding for the EHR incentives and other health IT programs.

In his 2004 State of the Union speech President Bush envisioned the adoption of EHRs for all Americans by 2014.   Since then bipartisan support at both the state and federal levels for health IT initiatives toward the achievement of that vision has held strong.   At the federal level CMS  not only established a new office in 2004 to support health IT, the Office of the National Coordinator of Health IT (ONC) but has also increased funds to support ONC initiatives which promote the adoption and use of EHRs.  CMS works collaboratively with ONC and has consistently shown an understanding that the broad adoption and effective use of EHRs are necessary to better manage spiraling healthcare costs.   CMS understands that the data captured by EHRs is superior to claims-based data when attempting to analyze quality and establish benchmarks.    Physicians have long complained that claims-based data is incomplete and does not fairly demonstrate the quality of care they provide.     EHRs must be broadly adopted in order to capture accurate and meaningful data that can then be used to improve quality or save costs.  

It is important to recognize that CMS is required to provide EHR incentives to physicians by law.   Specifically, the $800 billion American Recovery and Reinvestment Act (ARRA) of 2009, commonly refered to as the Stimulus Bill, allocates over $36 billion to health IT programs through the Health Information Technology for Economic and Clinical Health (HITECH) Act.   This funding includes an estimated $34 billion for the Medicare and Medicaid EHR Incentive Program and over $300 million to support state-wide health information exchange efforts.

In order to cut funding for EHR incentives, this means that bipartisan support would have to be garnered in the House and Senate to rescind ARRA or part of ARRA.   The intent of ARRA  initiatives is to stimulate economic activity and produce jobs.   In the current economic environment it would seem very risky, perhaps even foolish, for a politician to drum up support for new legislation that eliminates economic stimulus activity, especially if that activity is already producing jobs.

So, is the EHR Incentive Program stimulating the economy and producing good jobs?   I am not an economic expert, but from what I see around me the answer is clearly, "yes".    I see job openings in the local paper for healthcare system IT analysts and other staff, I speak with IT consultants most of whom are actively seeking personnel, I hear about physician offices investing into the economy $10,000-$70,000/doctor to implement EHRs or upgrade other office technologies, I read about physicians receiving $44,000 federal incentive payments and about hospitals receiving larger amounts, some of which is surely returned into local economies.  The graph below is a composite view of the 3-year stock performance of the health IT sector since 2009.   EHR vendors and other health IT companies appear to be thriving well since ARRA was passed despite the depressed economy.

HIT Sector performance

I suspect that several years from now when experts analyze the impact of the $800 billion stimulus package, the puny $36 billion provided to health IT initiatives through the HITECH portion of ARRA will go down as perhaps the most bang for the buck in terms of stimulating the economy.  

The EHR incentive funds appeared to be well insultated from budget cuts for these same reasons. 


Texas Medical Association video provides in-depth look at meaningful use, how RECs can help physicians

This video does a good job of describing Meaningful Use, the electronic health record (EHR) incentive program and how the four regional extension centers (RECs) in Texas leverage federal grants to subsidize services for physicians that help them select/implement or upgrade an EHR, and then use their EHR to improve quality of care and meet the Meaningful Use requirements.  

The four RECs in Texas currently charge primary care physicians only $300 for consulting services valued at $5,000.  These services include:

o    Select and implement a certified EHR (or upgrade your current EHR to a certified version)

o    Optimize your practice workflow,

o    Achieve meaningful use,

o    Qualify for EHR incentives, and

o    Obtain CME credit hours      

 cook children's


Twitter Chats and Physicians (#eRx630)

Today I (as @drmattmurray) and @TexMed moderated our first Twitter Chat that focused on the topic of e-prescribing. To participate in a Twitter Chat a physician must have a Twitter account and must know the date, time and Twitter hashtag for the Twitter Chat.  In our case the hashtag-- #eRx630--refers to e-prescribing and the date, June 30th, by which time physicians must meet the CMS requirements regarding the use e-prescribing. Physicians who fail to use a qualified e-prescribing system or certified EHR to enter at least 10 e-prescriptions during eligible Medicare encounters will incur a 1% penalty on 2012 Medicare claims.    On the other hand, those who meet this requirement are eligible for a 1% bonus. 

Despite the high importance of this subject matter, there were not any other physicians participating on this particular Twitter Chat.   At least none that we heard from.   It was lonely.  

However, we considered this to be an experiment and a chance to experience what it is like to actually moderate a Twitter Chat.    Without a lot of participating "chit-chat", it was difficult to coordinate questions and answers with my friends @TexMed and @TexMedHIT.     We basically asked each other questions or even asked ourselves for our own answers.  I think we did get out some excellent information, but this would have been more valuable with some active back-and-forth dialogue.   Again, though, the purpose of this venture was to dip our toes in the water to see how this type of format could be used in the future. 

Twitter Chat among physicians will certainly have challenges, but I think it will find it's place as a useful mode of communication for specific purposes and in certain situations.  The format will need to be refined, and this means we will have to try it (like today!), experiment with it, refine it and keep doing that PDSA thing to it (Plan-Do-Study-Act).   Eventually it will find a place where it serves as an effective way to communicate some things.     I already have found Twitter useful at large medical conferences that use a hashtag to communicate real-time information.    It is a matter of finding the right niches. 

One of the useful aspects of a Twitter Chat is that a transcript can be created of the entire conversation.  This means that you don't have to be "online" and engaged in the Twitter stream for the entire duration of the chat.   Since most physicians are hard pressed to find an un-interrupted hour, they would find it very helpful to be able to access and peruse the transcript at their leisure.

Here is a transcript of today's Twitter Chat #eRx630:

ERx1 
ERx2 
ERx3 
ERx4 
ERx5 
ERx6 
ERx7 
ERx8 
ERx9 


Help Available For Small Physician Practices to Overcome Technology Challenges

American Medical Association (AMA) President, Cecil B. Wilson, M.D., said in an AMA Commentary this week, "Physicians should take the time to explore their practice needs, assess their practice's readiness to adopt health IT and select the right system for the practice --and its patients".    This is wise advice that I wholeheartedly agree with.

I also agree that the successful adoption and meaningful use of electronic health records (EHRs) impose many new challenges onto physician practices and that overcoming these barriers is especially difficult for physicians in small practices or solo practices that are constrained by limited resources.   My only disappointment with Dr. Wilson's message to physicians is that it failed to highlight how Regional Extension Centers (RECs) can be leveraged by physicians to address these issues with EHR adoption and use.

The HITECH portion of the 2009 Reinvestment Act (ARRA) included over $677 million in grant funds to establish RECs across the nation to cover every geographic region.   The purpose of each REC is to provide consulting services to physicians that help them overcome many of the described barriers to the adoption and use of EHRs.   It is important for physicians to know that the RECs receive federal subsidies specifically based on and proportionate to the number of primary care physicians in solo or small group practices (<10 physicians) that they successfully help adopt, implement and meaningfully use an EHR.  In other words, RECs are financially dependent on providing effective health IT consulting services to a segment of physicians who have the greatest need for such services.

In Texas there are four RECs including the North Texas REC (NTREC) for which I volunteer time as Board Chairman.    Other Texas physicians volunteer their time to comprise 50% of the governing boards for each of the four RECs.   Our goal is to ensure that our RECs are physician-friendly and remained focused on providing high quality services that meet the technology needs of small physician practices in each region.   Texas RECs collaborated with each other to create a common business plan that leverages the federal subsidies to charge Texas physicians a token fee of $300 for IT consulting services worth over $5,000.    

NTREC will receive 100% of their allotted subsidies if we successfully help 1,500 physicians adopt EHRs and achieve meaningful use.   Since last October more than 500 North Texas physicians have enrolled for NTREC services; over half of them have already successfully implemented an EHR and are now working on the achieving meaningful use of their investment.

My hope is that physicians in other states will emulate our efforts by actively engaging in the governance of their region's RECs to ensure that they are physician-centric and remain focused on addressing the unmet needs of the small physician practices.

 


Comparison of Web-based vs. Traditional EHRs For Physician Offices

An ambulatory electronic health record (EHR) can be provided to the physician practice through one of two different models:    

  1. Web-based-- also referred to as a "hosted EHR" or the "ASP Model" where the physician accesses the EHR through an Internet connection
  2. Client-Server (C/S)--  the traditional model where the EHR server may physically resides in the  physician's office

Both models are considered to be acceptable, but each has inherent pros and cons to consider.   The traditional model of choice has been the “client-server” model.   In this model the EMR software is installed on a server that is typically located in the physician’s office.  The physician and staff access the EMR through computer devices that are connected to the server through a local area network (LAN) set up in the office.  The computers may be connected wirelessly to the network if desired.   This model has a few similarities to loading Quicken on your home computer and then using Quicken to pay bills online: 

  1. After loading Quicken onto your computer you will periodically be advised by Quicken to take "updates" to fix known "bugs" in the software.  Similarly, you will load the EHR software onto the server in your office and physically download any updates to fix "bugs" that the vendor discovers and fixes.     
  2. Microsoft periodically advises you to take security updates on your home computer.  Similarly, the EHR server will need to take periodic updates from Microsoft.
  3. You may later decide to upgrade Quicken to its latest version, and then purchase and install the Quicken upgrade on your computer.  Similarly, you will want to upgrade your EHR software periodically, usually every 12-18 months.
  4. You may decide in the future to purchase a new home computer that is faster;  you will have to then load the Quicken software onto that new computer and transfer all of your old Quicken data to the new computer.  Similarly, you will need to periodically replace the EHR server with a newer one that is faster, stronger and/or meets future recommended requirements of the EHR software.  And make sure your data gets transferred as well.

The web-based model is gaining popularity.  In this model the EHR software is located on a server at a remote location designated and hosted by the EHR vendor.  The physician and staff access the EHR through the Internet on computer devices in the office.  This is analogous to online banking that you access on your home computer and use to pay your bills online (instead of using Quicken).  Using this analogy: 

  1.  You will not physically have to take updates because the bank will update the software themselves
  2.  Microsoft will not ask you to take Microsoft security updates to the online banking server because the bank hosts the server and will do that themselves
  3. When there is an upgrade to the online banking software, you do not have to purchase and physically load that software on your computer because the bank does that on their server that you are simply accessing.
  4. If the online banking server is too slow you will not have to purchase a new server, the bank will do that (if enough customers complain)...and they will migrate your data over to that new server)

Here is a comparison chart for these two EHR models:


Inhouse_vs_Hosted

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Personally, the business side of me is strongly averse to allowing a 3rd party vendor to take care of the “heart and soul” of my practice (i.e. the revenue dollars and the clinical data).   Hence, in private practice I would strongly favor keeping the server in-house.     However, the clinic I currently work at is a small part of a large academic institution.   For our ambulatory EMR I am leaning toward recommending a web-based model.  The presence of an institutional IT Department whose primary purpose is to support the education of thousands of students, not to understand and dedicate the resources needed to provide a high level of clinical IT support required for a clinician using an EHR.  And I know who is most likely to get trumped down the road when conflicting priorities arise!