January 19, 2009
Vulnerabilities of EMR Servers and Systems | Practice Fusion
For a medical practice, an EMR is a central, vitally-important system – once paper charts have been abandoned, the EMR system must be completely reliable. If it goes down, conducting ordinary business is extremely difficult. Thus, identifying potential points of failure and implementing safeguards to avoid catastrophic system-down situations is very important.
Locally-housed systems
Traditional EMRs have been built as client/server systems, which means that the data, and “core” of the system are housed in local servers within the practice. Inside the office, local workstations are connected to a local server in a Local Area Network (LAN); access to the system from outside the LAN require an internet connection and (depending on the software) some secure way of connecting to the server. Therefore, with these traditional “EMR 1.0” systems, the following vulnerabilities can be identified, and safeguards must be put in place to minimize each type of risk:
- Server failure. Hard drives within the server can fail. Therefore one should not invest in a low-end server, but instead one should have a redundant hard-drive array that mirror each other, in order that failed drives can be swapped out without service disruption.
- Network failure. Hardware failure within a LAN is of low-likelihood, though a LAN router should have enough unused “open” connections that could be used in case a particular connection goes dead. More likely than a hardware failure, however, is a software malfunction that affects the system – a viral infestation or a failed compatibility with software platform upgrades could cause the whole network to fail. Generally, good IT support will be needed to make sure recommended upgrades to anti-viral software and other upgrades are carried out smoothly.
- Data loss. Any of a number of issues can result in loss of data – software failures, hard drive failures, etc, can result in the all-critical database becoming corrupted. Data backup needs to be addressed – it can be on internal local backup media, or can be on external backup via an internet connection. Database backups must be set to occur on a regular schedule, so that if a “system-restore” needs to take place, the resulting state is as current as possible.
- Environmental catastrophe. Local power failures can result in a server and system failure – local battery backup (an Uninterruptable Power Supply) should at least be on the server so that a controlled shut-down can be done should a prolonged power outage occur. Though one does not like to think of these things, catastrophic events do occur – building fires, hurricanes, tornadoes, earthquakes. Granted that medical service from an office won’t take place during such catastrophic events, but once the event passes, re-building the system will needed. The hardware and software will need to be recovered, and the data will need to be re-loaded. Hopefully, the data backup storage is not destroyed by the same environmental catastrophe.
- Internet failure. The current world infrastructure of the internet has become very reliable, and the availability of broadband is essentially ubiquitous. And though internet connection is not very likely to go down, it can go down temporarily. For a locally-hosted, LAN-based EMR, this only affects connection from outside the LAN – depending on the practice (e.g. a multi-office group running off a single shared server), however, this can be very important.
Hosted, web-based EHR systems
Practice Fusion is a hosted, web-based system, and therefore many of the above-mentioned vulnerabilities are not present. The servers are remote, with industrial-level redundancies, multi-site backup, and automatic data backup – these are no longer the responsibility of the physician practice to manage. Since a LAN is not required – one only needs internet-connected computers – LAN-failure issues are not important.
The only real vulnerability is internet failure. Again, in the current era, such failure is rare. Nevertheless, it is wise to have a backup plan. If the internet connection is via DSL, or cable, or T1 lines, there should be some backup in the unlikely event of a temporary failure. A Bluetooth-to-cell phone connection to the internet is an option; a cell-phone or satellite-based plug-in device is potentially a handy backup to have on hand “just in case.” Some geographic areas have public wi-fi networks, and using these networks is quite easy, given that most modern laptop and notebook computers have built-in wi-fi capability as a standard.
Conclusions
Practice Fusion, as a hosted, web-based “EMR 2.0” solution, has dramatically fewer vulnerabilities – fewer points of failure – than traditional locally-installed EMRs. The entire local infrastructure needed to run these older client/server systems not only add hidden layers of cost to the EMR, but also present additional points of failure which need to be addressed. The simplicity of Practice Fusion – all you need is an internet connected computer – reduces the vulnerabilities dramatically. And even the vulnerability of internet connectivity is one which can be fairly-easily mitigated with some simple planning.
Robert Rowley, MD
Chief Medical Officer
Practice Fusion, Inc.