5 Questions to ask your EMR Vendor about IT Infrastructure
When buying a house, the location, the open space, community area, interiors, all together combine and go towards the decision to purchase. However, even if everything else ticks the right boxes, would you ever consider buying a house, and putting your family under a roof, where the structural integrity is questionable?
Why do you then not question and worry about the structural integrity of the infrastructure on which your entire Clinic, plans to operate. Critical medical data for thousands of your Patients are going to be housed in the EMR you select. Is the EMR robust enough to hold up under not so ideal conditions?
Is the infrastructure resilient to network failure and hardware outages. Has physical access to the servers storing your data, been thought through? What happens if the hardware storing your Clinical data crashes, is their a stated backup policy? Servers can be housed in the most exotic of countries to save on the hosting bill, what happens if the country of choice by your EMR Vendor is plagued by political trouble – remember the Arab springs that spread like plague? Or the annual Vietnam dropouts, where the entire country got cut off from the rest of the world.
You might be wondering, there must be laws that takes care of all of this. The good news is, Yes! there are laws, but the bad news is that such laws are very specific to a very few developed countries only. And in such countries too, the laws are very limited in their demands off the EMR Vendor. Almost all of the queries raised above are not handled by any legislation, which brings us back to the age old idiom, “Caveat Emptor.” You need to ask your Vendor, not just about features, and the software, but also about the Infrastructure housing that software.
You must realize that Infrastructure is not a one-time cost, it is a lifelong commitment for your EMR Vendor, ie recurring bills month after month, year after year. This is why a bigger motivation to cut corners on such costs, every penny saved multiplies itself into months and years to yield sizeable savings, at the Client’s expense.
Here are 5 Questions to ask your EMR Vendor about the IT infrastructure on which you plan to run your Clinic and store data of your Patient:
1. Where are the EMR vendor’s Servers located
You need to be sure your data is kept on servers, which are physically located in a known, safe, developed country. Privacy laws and Intellectual Property are usually well established in such countries.
The very implication of “developed country’ also implies a robust ecosystem of required amenities that will lead to establishment of quality data centers in which the infrastructure gets housed. Your data is only then safe and secure.
2. What redundancies are inbuilt in the IT infrastructure used by the EMR Vendor
No matter how good the infrastructure is, everything has a use by date, and eventually outages and failures will occur. The best practice approach to infrastructure therefore is building in redundancies. Having 2 of each, one primary and the other secondary ideally, with auto-failover mechanisms would be the ideal scenario to have. However it also means the monthly bills for your Vendor will literally double up. A PMS + EMR, runs critical operations. Not having redundancies will expose you to downtime, if any component of the infrastructure fails – and fail it will. Your vendor needs to allocate enough of a budget towards ensuring their infrastructure supports redundancies to handle such outages, with an uninterrupted experience for your Clinic.
3. Which company’s Data Centers are being used by the EMR Vendor
We are all for startups, but not at the expense of safety. Data Centers are highly capital intensive line of business. Building quality Cloud Data Centers are prohibitively expensive. Cutting-edge Cloud data centers cost hundreds of millions of dollars, and hence are dominated by the Big 3 – Google, Amazon and Microsoft. They charge a premium, as they offer premium Infrastructure as well. You must find out from your EMR Vendor if they are using one of the Big 3. Stay away from local cloud offerings, they are too far behind in the game, and the technology is usually dated, or open-source and hence dependent on the vagaries of non profit organizations that seek to build a consensus to achieve any form of advancement
4. How secure is the Physical Access to Servers where the EMR vendor keeps data
Snowden got away with critical data, because he managed to obtain physical access to the Servers on which the data was kept. You should find out from your EMR Vendor, which portions of your data is kept within the reach of the Vendor’s employees, within the Vendor’s offices. The chain of security is only as strong as the weakest link. Ideally none of your data should be outside the perimeter of the Cloud Data Centers. And even there, your vendor should make reasonable endeavors to sign up with the Cloud Company the highest level of physical security that can be commercially purchased, to ensure even the employees of the Cloud Hosting company cannot access the EMR Vendor’s servers, which in turn guarantees the security and access of your Clinic Data kept on those servers.
Such a level of security can be purchased by putting down lump sum annual commitments by your EMR Vendor to the Hosting Companies. Question here is, is your EMR Vendor doing so? Find out by asking the question.
5. Is your EMR vendor Cloud Based or Web-Based
Difference between the two is enormous. Cloud is scalable, with a high degree of support for scalability to handle growth, and disaster recovery in the event of the worst case scenario. In comparison to Cloud, Web based hosting is far less elastic to changing business demands of scaling in or out. Cloud being a more recent phenomena will also indicate to you, how strong the development team of your EMR vendor is. Are they stuck with a dated legacy system that is soon reaching its use by date, OR; are they still relevant to advancements in technology. Is there technical team behind their EMR, and have the expertise to keep up and re-architect the solution for the Cloud.
The architecture required to achieve a pure cloud solution is usually cleaner, limited and hence much simpler. You are assured of a current and relevant EMR in the process.
Just as you would not buy a house based on the interiors, do not end up buying an EMR just because it ticks the feature list boxes. Go behind the scenes and ask your EMR Vendor the right questions to ensure you partner a company which has the mindset to offer you the very best in Software, and equally the very best of IT Infrastructure to run that software.
Clinicea exclusively uses Microsoft Azure end-end and is a “Pure Cloud solution”, with inbuilt redundancies spread across multiple developed countries across the globe.