Cloud-based Hosted EHR: Is a local backup a good idea?

The notion that Electronic Health Record (EHR) data is somehow “safer” when it is backed up locally is something raised in conversation from time to time. Is this really true? What kinds of assumptions lie behind such a question?

Traditional legacy EHRs have been mainly developed as enterprise client/server systems intended for local installation. And when the data is housed in local servers, some form of backup is important as part of a disaster-recovery plan. What is backed up is generally a compressed copy of the entire enterprise’s databases, table by table. This works when the data is local to a given clinical practice, since the data tables being backed up are entirely your own patients. Of course, as we have commented previously, you must take steps to insure that the local data backup is encrypted in a way that accidental theft won’t expose Protected Health Information (PHI), lest a HIPAA data breach occur.

In my own medical practice, where we have had an EMR system for a number of years, and have had a history of local hosting of them, we (unfortunately) have had experience with needing disaster recovery. We had one episode where a sprinkler system overhead pipe burst and flooded the servers – it took about 2 days to rebuild everything and get it back running, leaving the practice without access to EMR data for a while (we found ways to limp along, albeit injured). We had another incident of a viral infestation that rendered the system useless, which also resulted in a few days of diminished capacity. And a third incident occurred after a major traffic collision downed a utility pole which blacked out all power to the entire neighborhood for an entire day – we were without computer systems (the UPS only lasted for about an hour), phones, and the whole building was dark. However, were we to have had an externally-hosted server system, then battery-powered laptops and wireless could have had us functioning (though not really, as the whole building was dark).

The point of these anecdotes is to illustrate that with local installation of EMR systems (or any system, for that matter), local things can occur that result in the need for “emergency disaster recovery.” And if all EHRs were locally installed, data backup would be important. In fact some of the legacy CCHIT criteria for their own flavor of certification focus on data backup as part of disaster recovery protection. Given that CCHIT grew from an EHR trade organization and represented the industry’s attempt to define what was important in an EHR (prior to there being a national policy, as currently being elaborated by the ONC), it is not surprising to find that “criteria” based on the presumption of local installation would be included.

However, changes have occurred in the world outside that of legacy EHRs – in the past 5 years, or so, web-based technologies have flourished, as has the ubiquitous availability of broadband Internet access. This trend will continue, and at an accelerated pace. One of the campaign points of the Obama administration was to build and ensure broadband Internet access to everyone in the country, and plans for such a build-out are underway now.

There are now Internet-based EMRs, like Practice Fusion’s product residing on a secure, private cloud (with great care taken to ensure HIPAA-level privacy and security). Does this data need to be backed up locally? From the perspective of a physician, the EMR data hosted by an Internet-based provider is still “my patient’s data,” and if I have insufficient trust that the hosting environment is stable, or that my Internet connection is stable, then maybe I might think that this legacy-based belief in local data backup is valid.

Setting aside the technical issue of parsing out “my own patient’s data” from a massive, national, cloud-based database system in order to back it up locally (although you won’t be able to back up the server-end programming that manages this data and displays it to you via a web portal) – does such an effort make sense? Most disasters that affect data loss are local, as noted in the anecdotes above. And if the EMR data were hosted, much of the medical-service disruption that occurred could have been averted.

True, large-scale regional disasters (sadly) also offer experience supporting the benefit of Internet-based data hosting. After hurricane Katrina, local Internet and wireless were among the first items of infrastructure restored, in order to help with evacuation efforts. With wireless, or even satellite-based, Internet connectivity, EHR medical data access can be gotten – even when everything else in the social infrastructure (like your office building, or the roads) is destroyed.

A final example of Internet data hosting: email data can be hosted in an enterprise (in a company’s Exchange Server), and locally downloaded (e.g. to Outlook, keeping a file local to the machine on which Outlook is installed). Email data can also be hosted by web-based services (Yahoo, Google, for example), and no local software (e.g. Outlook) is needed to access them – only a computer with a browser and an Internet connection. Anywhere. Should you somehow figure out how to download and locally back up your “own” Yahoo emails? Are your emails “safer” that way? Or will your local data simply be another point of failure or risk-of-theft? At their end, Yahoo (or any other web-mail provider) take great pains to ensure continuous service availability, with redundancy and backup not feasible in a small-office or individual setting. They also take care of the software you need to access your data via a web portal (something you wouldn’t be able to download even if you could parse out “your own” emails from their cloud).

The same is true for Practice Fusion’s secure private cloud – the data hosting, backup, security and up-time availability are all in the background. The onus is removed from the burden of the local physician. And the notion that “it is important to locally back up your EMR data” fades away, leaving it only a worry surrounding locally-installed legacy systems.

Robert Rowley, MD
Chief Medical Officer, Practice Fusion EMR