Introduction
Electronic health records (EHRs) have a great potential for the improvement of healthcare quality and efficiency. Given the significance and frequency of EHRs use (AbuKhousa, Mohamed, & Al-Jaroodi, 2012), the choice of EHRs appears to be an important decision; in particular, it is necessary to consider the alternatives of a locally hosted and cloud EHR. Both have their advantages and disadvantages, which is why the choice is not apparent and will be discussed in this paper.
Advantages and disadvantages; inherent risks
Cloud EHRs have the apparent advantage of not requiring complex IT infrastructure or specialists for its implementation (Rhodes-Ousley, 2013, pp. 578). The latter are also not needed for maintenance or back-ups mostly because the maintenance is carried out off-site. Moreover, cloud EHRs are typically relatively cheap, which is a significant advantage given the need for cost-efficient healthcare (Luna, Rhine, Myhra, Sullivan, & Kruse, 2016). Finally, cloud EHRs can be regarded as an innovative shift towards “netsourcing,” an extension of outsourcing (El-Gazzar, Hustad, & Olsen, 2016). Rhodes-Ousley (2013) points out that even security measures and risk management can be netsourced for a price (p. 580). As a result, cloud EHR could be a good choice for a small establishment or even personal practice. It is noteworthy, however, that cloud EHRs need an Internet connection to function. In fact, securing an Internet connection might require additional spending (for example, a second connection could be used to this end). Also, El-Gazzar et al. (2016) mention that data in a cloud can be “frozen” by the government for investigation.
Local EHRs do not depend on the Internet. However, local EHRs are likely to cost more and require a more complicated infrastructure and expert workforce both for the installation and maintenance. Still, the latter aspect can also be beneficial: as pointed out by El-Gazzar et al. (2016), deficient client competency can result in security issues. Thus, having competent IT employees is helpful when working with sensitive information. Also, local EHRs are typically faster, more flexible, and perform better, even though cloud applications are also developing (Luna et al., 2016). Similarly, El-Gazzar et al. (2016) point out that cloud computing is a more recent invention than locally hosted EHRs, and the policies, legislation, best practices, and other significant aspects that are related to cloud EHRs are often less mature, which is why cloud EHRs might be less secure and reliable. Therefore, a locally hosted EHR is likely to be an appropriate choice for a larger organization that has the resources which can be spent to ensure greater productivity and security (Rhodes-Ousley, 2013, p. 578).
Ensuring the safety of data
It is also noteworthy that some healthcare workers may feel uncomfortable with storing information off-site, especially when protected health information (PHI) is concerned. However, locally hosted information is also under a certain risk. In the case of a natural disaster, for example, the data that is hosted remotely is safer than the local one since its physical infrastructure is not going to be destroyed. Apart from that, both on- and off-site storages are under the risk of cyber-terrorism and various internal and external threats, including data breaches and thefts (AbuKhousa et al., 2012). As a result, security considerations are required for both types of EHRs. Access controls of different kinds, encrypting, and data loss prevention techniques are an appropriate strategy for both types of EHRs (Rhodes-Ousley, 2013, pp. 203-208). With respect to clouds, a private cloud is supposed to be less risky (El-Gazzar et al., 2016), and locally hosted EHRs need the infrastructure risk management (Rhodes-Ousley, 2013).
Conclusion
It can be concluded that local EHRs appear to be a safer choice, which has its disadvantages, including the fact that it is very resource-consuming. At the same time, cloud EHRs are developing to become more secure, and they can be an acceptable alternative with its advantages and disadvantages. Security considerations are required for both options. Thus, the choice of the type of EHR needs to be customized needs and capabilities of a particular organization or buyer.
References
AbuKhousa, E., Mohamed, N., & Al-Jaroodi, J. (2012). E-Health cloud: opportunities and challenges. Future Internet, 4(4), 621-645. Web.
El-Gazzar, R., Hustad, E., & Olsen, D. (2016). Understanding cloud computing adoption issues: A Delphi study approach. Journal of Systems and Software, 118, 64-84. Web.
Luna, R., Rhine, E., Myhra, M., Sullivan, R., & Kruse, C. (2016). Cyber threats to health information systems: A systematic review. Technology and Health Care, 24(1), 1-9. Web.
Rhodes-Ousley, M. (2013). Information security: The complete reference, second edition (2nd ed.). New York, NY: McGraw-Hill.