Some Advantages of Leveraging a Cloud-Based Vs. Server-Based Pediatric E.H.R. for Independent Pediatric Groups

Cyber criminals target small businesses with inadequate or “dated” security.   Most independent Pediatric Practices are small businesses with less than ten Pediatricians plus support staff.  When choosing an E.H.R. for a Pediatric Practice, the leaders/owners should evaluate cloud-based E.H.R.s vs. an E.H.R. on a Server.   This article is to compare the security, management and office burden between using a cloud-based E.H.R. and server E.H.R..     It used to be that a High-Speed internet connection was an issue for cloud – based E.H.R. but that has changed with enhanced speeds on cable, fios and other high speed internet providers.   Additionally, 5g will provide a national fast and inexpensive high speed internet that can be accessed via the cell phone network.    A small server in an office has many security issues compared to an enterprise cloud-based E.H.R. like the PediatricXpress System.   Additionally, if a practice chooses to utilize a server based E.H.R. they will need to continuously invest time, money and focus to insure the practice appropriately manages security and data management.      Using an enterprise cloud based E.H.R. built on technology of the 21st century (like PediatricXpress) is a good approach to mitigate these issues and burden from Pediatric Practices.   There are many references and articles on the numerous benefits of cloud technology versus server technology.   This article provides some background on this topic.

Challenges for Managing a Computer Server Appropriately in a Pediatric Office

A pediatric office needs to maintain patient data in a secure and safe manner.   A Pediatric office is a small business that manages patient data as the primary component of their business.  As a business owner, the leaders should evaluate the options and technology when selecting a Pediatric E.H.R.   To do this, consider the challenges that make the servers managed by small to medium size businesses attractive to cyber criminals include:

• Lack of time, budget and expertise to implement comprehensive security defenses.

• No dedicated IT security specialist monitoring the systems 24 hours/day X 365 days/year

• Lack of risk awareness by the Business Owners/leaders of all the cyber threats and tools needed to manage these risks.

• Lack of employee training of the risks associated with the servers

• Failure to keep security defenses updated on the servers

• Outsourcing security for the servers to unqualified contractors or system administrators

• Failure to secure endpoints in the local server network.

The ‘old’ model was to use a server in the office and have the medical practice be responsible for managing the security and data management.   The computer server managed locally by a Pediatric Practice has a number of risks as well as burden for the practice team.

Some of the Risks and Burden of Managing a Server in a Pediatric Office

Even with the higher overall risk and data burden, some practices choose to maintain a server in the office.   Also, there continues to be some promotion of the ‘old’ technology by vendors that have not invested in development of modern platforms used in the 21st century.  Some sales pitches for maintaining the ‘old’ server technology is “Better to have your data in a server in your office”.   Banks do not do this with your money – they maintain a cloud system with many bank branches and many accounts on the cloud.   This allows higher level security than a local server and monitoring of the network at all times.   Let’s evaluate some of the risks of local servers.

 A client-server based- E.H.R. whether located in the office or hosted remotely has data and information risks on the local computers that have vulnerabilities (e.g. patient data stored locally).    Some of the risks of of an server in the office include:

• The server can be ‘stolen’ by taking the physical server from the office.

• Practice staff can download patient data onto a laptop or remote and take the data out of the office.

• The building does not have 24 hrs /day X 365 days per year security guards, staff and other measures to protect the server and network.

• The server does not have adequate 24X365 monitoring and management

• The office network is not protected by “enterprise” level security measures and managed routinely.

• An authorized person can take data or hack the server by connecting into the local network.

• The backups might be manually completed or not completed consistently.

• The software patches and updates for protecting the system might be out of date and/or not monitored.

 For a server based practice to have similar security and monitoring similar to the PediatricXpress system by PhysicianXpress, Inc., a Pediatric practice would need to purchase enterprise-level servers, network gear, facility and employ a team of network engineers that monitor and manage the network 24X365.   Additionally, the practice would need to invest in upgrades on the server.

Experts Recommend the Cloud vs. “old”  Computer Server-based Technology:

Greg Shannon, chief scientist at the CERT Division of the Software Engineering Institute at Carnegie Mellon states “small business is a huge target because attacks are automated. The criminals don’t care who they’re attacking, and while any given business isn’t worth much, they have viruses or ransomware that allow them to attack thousands or millions.”  He recommends “Moving to the cloud”.

In 2018, the keynote speaker at the annual Healthcare Information and Management Systems ( HIMMS) conference was Eric Schmidt (Previous CEO of Google) to discuss the current Health IT environment and how it must change to advance healthcare.  Eric understands technology, security and innovation based on his experiences leading Google.  His comments related to modernizing Healthcare IT for “Safer” data management via the cloud.

“Most of you sit in institutions that have proprietary data centers that have some sort of logic about them,” Schmidt said. “Most of that logic may have been true five or 10 years ago, but it isn’t today. We now have — much safer than your data center, much more compliant than your data center and much easier to use — cloud-based servers within our industry.”

Additionally, Salesforce.com, a multi-billion dollar corporation with a cloud-based product and service has extensive research and information on the security of the cloud.  Salesforce.com references “Silver Linings: Why your data is safer in the cloud”.  Some excerpts from this reference related to the benefits of cloud applications:

• “Cloud services erase the need for expensive on-site hardware installation and upkeep, and can be accessed by any authorized user over any standard web browser, from anywhere in the world.”  ….Unfortunately, the knee-jerk reaction — that data kept close to home is safer than assets maintained off site — may not be totally founded.”

• In-house data management carries with it certain problems. For one thing, data stored in on-site servers is susceptible to a number of dangers, from flooding and fires, to office break ins, to employee error. If those servers are damaged or stolen, then there’s a chance that massive amounts of valuable data may be lost forever. Additionally, as BYOD culture is becoming more commonplace, the risk of sensitive information making its way onto personal devices and then being lost, stolen, or misappropriated is significant.

• That’s to say nothing of the risks posed by employees themselves. 60% of all cyber attacks are carried out by insiders, with three-quarters of attacks involving malicious intent, and one-quarter relying on inadvertent participants.

• Finally, many businesses simply don’t have the resources or the training to effectively manage on-site data security.

• The stark reality is that on-site data isn’t nearly as safe as some assume. On the other hand, cloud security, particularly for businesses, is demonstrating itself to be a much more reliable option.

• The cloud effectively eliminates a number of the aforementioned security concerns, simply by virtue of being located off site. Disasters, break ins, and disgruntled employees have no access whatsoever to the physical servers that make up the cloud, and most cloud providers ensure that access to data is closely monitored, meaning that no one should be able to dump a bunch of company secrets onto a flash drive and walk out the door.

• Cloud providers also generally have much more in the way of resources to dedicate to data security. Where the average business is currently engaged in reducing IT budgets, cloud providers have built their entire business on client trust, making IT spend absolutely vital to ongoing success.

• To ensure the safety of client data, cloud providers rely on skilled cyber security teams backed by the latests security technologies — resources that are often well beyond what their customer organizations could afford on their own. Effective cloud providers offer security solutions at every security level, including infrastructure security, network security, and application security, to counter threats both internal and external.

• Cloud providers also bring with them the added security of compliance.

• Finally, with cloud providers handling the bulk of any and all security tasks, the need for trained, in-house cyber-security specialists disappears.

Large corporations and the government are all moving to the cloud.   Maintaining a server in a Pediatric office in most cases provides more risk to the practice as well as more cost and burden compared to leveraging an cloud-based E.H.R. developed on technology from the 21st century..

Don’t be fooled by an uneducated information or misinformation to sell your Pediatric practice an E.H.R. product that is dated with security issues.    We have Pediatric Practices that switched to Physician Xpress, Inc. for many reasons including that they used to be on a server E.H.R. or remotely hosted E.H.R. technology and reported either data loss and/or in some cases hi-jacking/theft of their data.

The PediatricXPress system by Physician Xpress, Inc. is the only Pediatric E.H.R that leverages an enterprise cloud-based E.H.R. with enterprise level security.   The benefits of this to clients with the PediatricXpress system, we manage the cloud, the security and the backups at no extra cost to Physician Xpress, Inc. clients.     This means that practices that leverage the PediatricXpress system do not need to manage this cost or burden since we manage this for your practice.