Can HealthIT exist in a cloud computing environment?

Healthcare Clinical Information Systems can be hosted in the cloud as described in this HealthcareIT News article. Hospitals are not rushing to embrace public clouds rather for privacy and security reasons hospitals are hosting applications in a private cloud. A radiology application is highlighted, for example Carestream Vue – the benefit being collaborative view of radiology images amongst phyisicans who don’t have to use a computer at the hospital to use the RIS/PACS software. 

To translate the HealthIT News article terminology into cloud computing terms, I will quote some of the sentences and provide links and details

Financial benefits

“Cloud-based healthcare IT services reduce or indeed eliminate investment costs and replace them with running costs.”

Deployment benefits 

Enables the user to deploy whatever tool and whatever client wherever they want. And in addition, they don’t have to become IT gurus themselves to maintain the system

In cloud computing “investment costs” = CAPEX (Capital Expenditure) and “running costs” = OPEX (Operational Expenditure). For healthIT professionals who need an overview of cloud computing, please see this post

Software as a service (SaaS) and infrastructure as a service (IaaS) have been marketed as potentially attractive alternatives to buying large-scale information systems

Here is SaaS  and IaaS explained for those quite unfamiliar with the terms.



Back in the saddle, galloping to secure electronic health data.

Gentle reader,

After a hiatus of a few weeks, adjusting to my new position selling this, I am back in the blogosphere.

With my new focus on security for cloud, virtualization and general data center, I bring a new perspective and focus on healthcare IT – that is security of patient data. Ever so important if patient records are going to go electronic, especially if stored in the cloud. Aside from my new paid position, I have also had the privilege of volunteering under the stewardship of Arien, as the leader of the Security and Trust Workgroup of NHIN-Direct. I also have the privilege of working with the likes of Sean Nolan, who wrote a terrific compliment on my comparison of a Google and Microsoft PHRs.

So, securing electronic health data: Last week I attended a CSO (Chief Security Officer) conference in San Francisco and learnt some interesting lessons:

  1. Trust is fundamental in healthcare – patients may not disclose an embarrasing disease if they fear the data is not private.
  2. Security is required for regulatory purposes and patient safety.
  3. Computers are not personal. When IBM coined the term, PC or Personal Computer, computer users at work believed that the computer they used was theirs. Thus security software that is designed to restrict the flow of data, prevent users from accessing certain websites, download specific files or copy files to disks/thumb drives is viewed by the user as an invasion of their personal space, a restriction on their personal computer. Don’t make users paranoid to do their job or feel that big brother is watching their every mouseclick, but rather explain the highly personal nature of healthcare records and the need to secure access.
  4. Refine business processes. Often one reads of data lost when a laptop or external hard-drive is stolen, for example: 600 patient records lost on a stolen laptop. A natural reaction is one of horror and surprise. While certainly justified, a more analytical reaction would be “Employees are rarely malicious or dishonest, so what business process necessitated copying patient data to a laptop?” Refine, the business process that necessitated this action. Remove the individual choice of where to store patient data, rather make a business decision and apply a policy based on the data.

More on cloud and SaaS security to follow. I was pleased to read that the VA is taking steps to tighten security.

It’s good to be back!

MUMPS anyone?

As a kid I got mumps and stayed home from school with swollen glands;  today there is the MMR vaccination for children fortunate to live in developed countries.

I am not writing about the disease though, rather the programming language used to create electronic medical record software, for example: VISTA and EPIC. This is another assignment from my class, Healthcare Informatics – the University of California, Davis.

If you were writing a new Electronic Medical Record (EMR) software solution today, would you use MUMPS, which is admittedly widely deployed?

Those in favor might argue:

  1. MUMPS is the language used by existing EMR deployments from large established EMR vendors,
  2. The MUMPS database does not waste disk space as it uses sparse arrays and B-trees queries are  faster than indexed relational databases.
  3. MUMPS based EMR systems installed today are stable and reliable.

I posit no, because:

  1. Where would you find MUMPS programmers today? Are new college graduates proficient in MUMPS or JAVA/C++ ?
  2. How would you interface with other EMRs today? Interoperability is the one of the biggest challenges between healthcare systems today and creating a new EMR system based on older non-standards approaches will not result in an interoperable system.
  3. Rather than run a MUMPS based system on large monolithic hardware, a new EMR system could be written on distributed highly available hardware.

Of course there is also the option of not writing your own EMR software,  but rather using a Cloud computing EMR solution from vendors such as  AdvancedMD or (my local favourite) Practice Fusion.

How to select and deploy an Electronic Medical Record system

This blog entry is a brief summary of readings I have covered as part of my training in healthcare Informatics from the University of California, Davis and is sourced from this paper and this book

The medical practice has to be ready to adopt an EMR and most importantly to recognize that the medical practice is adopting a vision, not just a technology. A vision means the practice will offer better patient care, a more efficient office and improved financials.  The most important role in the implementation of an EMR is a ‘champion’. The role of this champion is to gain buy-in and trust from perhaps reluctant staff in the medical institution, since workflows and business processes will likely change. Users of the new system must have high psychological ownership of the new technology.

Steps in the implementation of an EMR

Information gathering

  • Collect information: Patient data, radiology and lab reports
  • Assess workflows: Appointment scheduling, events during and after a patient visit, unscheduled visits and questions etc
  • Financial impact: Beyond the initial cost of the software are costs for training, maintenance and upgrades.

Selection Phase

Subsequent to information gathering, the medical practice selects an EMR. A few choices: proprietary vendors such as EPIC, Cerner and Eclipsys or  OpenSource alternatives . Both require creating evaluation criteria and extensive RFI/RFP processes by a project steering committee. Furthermore members of the medical practice should visit other practices and view their EMR implementations.

Keys to success

  • People are key to the successful implementation of an EMR. Everyone, clinicians and yes patients, must be aware of the new system to gain buy-in.
  • Workflow will be redesigned
  • A good project plan: just like the rollout of any enterprise software system, a good project plan is required that that clarifies responsibilities, sets objectives, generates tasks, and provides tight control and feedback with ongoing problem solving.

Alternative solution to installing an EMR

Of course a simpler alternative would be to select a hosted SoftwareAsAService (SaaS) offering that requires no in-house software, servers, or expensitve technical support staff.  A SaaS solution that I like and have interacted with over the blogosphere is Practice Fusion. Contrarians might argue that a hosted service is a one-size-fits all solution that does not fit the current practices of a medical practice. I would counter that an in-house system will be expensive to modify to suit a medical practice’s needs.

Hosted or in-house, the medical institution must recognize that their workflows and practices will have to change if they wish to gain the undeniable benefits on an Electronic Medical Record.

Image below courtesy of HIMS Analytics

Cloud based EHRs – a response to PracticeFusion

In response to Dr Rowley’s posting

Note: I attempted to comment in the EHRBloggers blog but there were technical glitches with the “word” verification (used to prevent spamming) thus I am writing my comment here

Dr Rowley,
Thank you for your well crafted insight into the benefits of ‘cloud’ oriented EHRs, especially for solo practitioners who may not wish to invest in in-house hardware, software and associated maintenance.
Some responses:
1. Is a solo practitioner or very small medical practice, likely to have the high bandwidth internet connection required for SaaS based EHR?

2. Like any other SaaS solution, does the Dr’s practice grind to a halt because an Internet connection is down (due to the fault of the ISP or any other conditions beyond his control) and the physician cannot request an EMR for a patient?

3. The ‘care co-ordination’ you write about sounds wonderful, my question is what technical standards exist for medical practices to exchange EMR data ? Or is the ‘care co-ordination’ you write about restricted to medical practices that use the PracticeFusion cloud?

Looking forward to the ongoing conversation