Cloud-based EHR

Assessing the impact for independent providers 


Switching to an Electronic Health Record (EHR) can be a daunting task. The amount of time, money and labor that must be submitted into creating an entirely new way of entering and storing information can appear to be more work than worth. But with cloud-based EHRs, much of this burden is shifted to the Software as a Service (SAAS) provider, allowing the doctors and the practice to spend less resources on the installation and upkeep of the server and more time with the patient. The following article will explore all the benefits of choosing a cloud-based EHR versus a server-based EHR.

Cloud-based vs. Server-based 

Once you have decided to adopt an EHR system, the next decision that must be made is whether to choose a cloud-based or server-based service. The difference between the two is quite simple: with cloud-based EHR systems, data is stored on external servers and can be accessed with any device that has an internet connection, while server-based EHR systems store data within the practice on a personal server. From here, the differences between the two begin to diverge drastically.

Cloud-based EHR systems actually solve many of the issues that practices may be worried about when choosing to adopt  an EHR system. In server-based EHR systems, thousands of dollars are oftentimes spent in order to install and implement a server, hardware, and software. Additionally,  regular maintenance and  management from a local IT department is also needed. In contrast, cloud-based EHR systems are already established by a SAAS provider, meaning the expense of money and time diminishes dramatically. Much of the configuring, security and software is handled by the SAAS provider; thus cancelling a significant bulk of the anticipated work. And because the server is created and managed by the provider, this means that the vendor is more likely to meet HIPAA patient information confidentiality standards. This makes future expansions of a practice an easy task rather than a complete overhaul of the system. This is because the practice does not have to worry about the capacity of the servers or any additional licensing fees.

Cloud-based EHR Security

The 1996 Health Insurance Portability and Accountability Act (HIPAA), among several other mandates, helped to insure and protect the confidentiality and security of healthcare information. Included in this “healthcare information,” are patients’ electronic protected health information (ePHI). Consequently, this type of data must but heavily safeguarded. Fortunately, cloud-based servers are initiating careful and tactical efforts (such as conducting risk analyses, encrypting data, etc.) in order to assure that a patient’s ePHI is kept safe and private.

An article written by Shweitzer outlines the steps being taken by the SAAS providers:

“The provider can accomplish this with standard security controls like physical plant security, firewalls, intrusion detection/prevention systems, anti-virus software, patch maintenance, encryption, activity monitoring, identity and access management, and with governance-risk management-compliance policies and processes.”

Many describe the security of cloud-based servers as “achieving HIPAA compliance with bank-level security and high-level encryption methods.” Thus, these SAAS providers can be trusted to keep patient ePHI safe. In addition, cloud-based systems will not experience system crashes like a server-based system does. This means that in cloud-based systems, doctors will always have access to patient information, even in critical moments.

Automatic Updates and Impact on Policy Compliance

Because cloud-based systems are operated by external SAAS providers, practices utilizing these systems can be assured that they are always operating on up-to-date servers. This is because automatic updates exist within cloud-based EHR systems. Users then are likely to always be utilizing the most current version of the system allowing for the ease and capability of staying in compliance with federal security guidelines. For example, with the recent implementation of Stage 2 Meaningful Use, eligible professionals are required to safeguard the transitioning of patients and their ePHI’s due to referrals or transfers. SAAS providers construct their systems in such a way that allow for their users to meet federally proposed guidelines, such as the aforementioned Stage 2 Meaningful Use, and ultimately, not lose any money.

What Independent Providers Should Consider When Choosing an EHR System

After reviewing the previous information, what providers should consider when choosing to switch to EHR systems becomes quite simple. Here are some questions to ask yourself:

How much are you willing to spend?

If you are a small business, or are looking to cut costs, investing in a cloud-based server is the obvious choice. There are less up-front costs for licensing and installation along with fewer upkeep expenses with cloud-based servers. Money can also be saved if you are projecting a future expansion of the practice since cloud-based servers make it easy to add users or locations.

How much are you willing to spend on IT support?

On a similar note, cloud-based servers are cost effective when thinking about IT support. Instead of having to hire a whole new department, practices can be assured that their technical questions can be answered by their SAAS providers since an IT department is included in cloud-based servers.

Do you want wide access to the system?

If you want quick and wide access to the electronic health records then cloud-based servers are the better choice. Some examples of this wide access are if doctors use a variety of electronic devices, such as a tablet, to access ePHI’s. Another example of wide access is for doctors who are remote or mobile.

Are you willing to spend the time to meet security and federal regulations?

There are lots of precautionary steps that should be initiated if you are considering implementing an EHR system. Patient information should be kept safe and secure, and cloud-based servers provide extra levels of protections. With cloud-based systems, patient information is not kept within the practice itself, so theft of information is much less likely. In addition, cloud-based servers often encrypt their data so that if anything is stolen, it cannot be easily decipherable. Finally, cloud-based servers ensure that their systems are up to code and meet all federal regulations, including requirements such as Meaningful Use.


After reviewing all this information, it is important to consider if a cloud-based or server-based system is right for your practice. Both are distinct in the ways they operate and offer their services. The key benefits to cloud-based servers are as follows: savings on installation and maintenance both for the system and the IT department, automatic updates that allow for security compliance, seamless features that make it easy for practices to expand, and wide access for all users.