James Hartley is a doctor's doctor. Like many physicians, he knows a lot about aches and ailments but little about bits and bytes.
Hartley's lack of computer knowledge was painfully apparent about five years ago when he and a colleague decided to start their own practice, Family Physicians of Kansas in Andover.
"One of the first things I had to do was go out and buy a computer system... . I was looking at purchasing servers and realized that I didn't know what I was getting into," Hartley says.
Hartley understood, however, that he needed to computerize to provide good care and stay financially solvent. Fortunately, as Hartley was struggling, Physician Micro Systems, Inc., a Seattle-based company, approached the practice.
Family Physicians became one of many medical practices to access software through an application service provider (ASP), a company that distributes and manages software via the Internet and then charges customers a subscription or usage fee for the service.
The ASP concept -- Web-based access to top-notch software without an investment in hardware or the need for in-house technical support -- first appeared as something of a godsend for many medical practices, especially small groups that do not have the resources to devote to computer servers and all their upkeep.
The ASP reality, however, hasn't always lived up to its billing. Problems with Internet connectivity, patient health information privacy, data ownership, and the financial reliability of ASP vendors rained on the ASP parade.
Consider pros and cons
Certainly, ASPs have come a long way since their debut several years ago. But if you're thinking of using an ASP to access practice management or clinical software applications, you still should weigh the numerous cost, labor, and mobility advantages against the potential hurdles associated with ASPs, says Margret Amatayakul, president of Margret\A Consulting in Schaumburg, Ill.
For example, consider:
The availability and reliability of high-speed Internet connections in your community -- Although high-speed Internet connections such as digital subscriber lines (DSL) and cable are now available in many areas, they are not found everywhere. Plus, the quality of high-speed connections varies. "You've got to make sure you have enough bandwidth so communications can continue on a timely basis," Amatayakul says. In some situations, you might have to pay to have a more secure or direct line installed. When you need to see a medical chart right away, network downtime just isn't an option. And, in some communities, it just might not be possible to get the bandwidth needed at all.
Electronic security technologies -- Although security technologies such as encryption and authentication have become much more effective in recent years, they are still not foolproof. As such, you need to consider what type of transaction and data you are comfortable transmitting over the Internet. Ask vendors if they are compliant not only with the Privacy Rule components of the Health Insurance Portability and Accountability Act (HIPAA) but with the newly published Security Rule as well. Compliance with the Security Rule isn't required until 2005, but you won't want to have to look for another vendor then.
The ASP vendor's longevity -- The dot-com bust shuttered the doors of numerous "jump-on-the-bandwagon" new-economy companies. As a result, many of the companies still in business are, in fact, offering more viable solutions. But these companies are still vulnerable and could go out of business as well. Ask about vendors' financial picture. Even go so far as to ask for data on the number of sales they have made in recent months.
The ASP vendor's treatment of patient or practice data -- You have to make sure that you will be able to get your data back easily and cost-efficiently if the ASP goes out of business or is sold -- or if you decide to switch vendors. Even if an ASP promises that you can get your data back, you need to ask in what form. Make sure the data will be easy to convert to a usable form, not a proprietary one, or a form that can't be imported into any other software -- or if you will have to pay someone to convert it for you, urges Andy Reidel, director of business development with CureMD, an ASP based in New York City.
"If you are going to enter into a lease with an ASP, you have to have a data agreement," Reidel says. "You should be able to get a backup of your data whenever you want or need it. The data should be in a format that is usable when you want to move on with it."
Real-world reviews
Having worked through most of the kinks, many practices are now reaping the cost, efficiency, and time benefits promised by ASPs.
Family Physicians, for example, is well beyond the growing pains. When the practice first contracted with its ASP, numerous problems prompted them to briefly return to a combination of paper medical charts, transcription, and in-house patient scheduling software. Connectivity problems almost tabled the project the first time around. But the practice gave the ASP another try, and -- even though there are still some problems with DSL connectivity --feels the ASP benefits far outweigh any difficulties.
"I have been in this business for over 32 years, and I don't know of anything over that time that has allowed me to better care for patients than this technology," Hartley says. "It really facilitates the quick retrieval of clinical information allowing me to better care for patients. Plus, it allows us to document more accurately and get better reimbursement."
Granted, similar benefits could be had by using software installed in-house as well. But Robert Keat, MD, of Western Medical Associates, a 28-physician primary-care practice in Santa Cruz, Calif., says that accessing software via an ASP helps his practice significantly reduce costs. He figures the practice saves about $150,000 a year by using computer applications accessed via Axolotl, a Tampa, Fla.-based ASP. "We had a very expensive information technology infrastructure. We were spending close to $200,000 per year to support a client server network," Keat says.
Cliff Robertson, MD, president of Franciscan Medical Group, Tacoma, Wash., adds that his organization contracted with Axolotl because it did not require a huge upfront investment - another financial benefit. Instead of buying hardware and software outright, most ASPs instead allow physicians to pay a monthly lease rate, improving cash flow.
"Spending on information technology was at the end of the list. Using an ASP presented an opportunity to operationalize the expense and not have a capital outlay," he says. "In short, we didn't have to go through the process of competing for dollars with surgical equipment."
Maintaining an in-house computer system takes time as well as money. David Peterson, MD, who works in a two-doctor private practice in San Jose, Calif., for example, wanted to access advanced software without having to frequently upgrade his practice's hardware -- a process that can eat up time as each new machine is configured. He and his partner decided to go with MyDocOnline's ASP.
Easy remote access is yet another benefit of ASPs. Michelle Devoe, DO, one of the doctors in Pediatric Associates, a two-physician practice based in Ontario, Ore., can access her electronic medical record system provided by MedicWare Inc. of Irwindale, Calif., no matter where she is seeing patients.
"We have one clinic in Ontario, Ore., and the other in Weeser, Idaho. So, I just bring my laptop and access records and enter data right there on the spot. I have everything I need right in front of me on my laptop," she says.
Connectivity hurdle?
While ASP users are enamored with the mobility that the technology provides them, as anyone who uses the Internet knows, the reliability of the technology can be a problem. Plus, some claim that Web technology is not robust enough to support complex applications.
Amatayakul, the consultant, advises practices to make sure that they have a quick, reliable connection if they are going to be using the ASP throughout the day as they run the practice and treat patients. If they are only using the applications sporadically, however, connectivity should not be such a big concern.
Massoud Alibakhsh, CEO of Nuesoft Technologies, Inc., in Atlanta, thinks that his company has a solution for practices looking to use an ASP for a number of daily tasks. His company provides a technology that uses the Internet to start the computer software and then connects users directly to Nuesoft servers. As such, users can perform complex physician practice management computing tasks via a fast, secure connection.
HIPAA compliance surprising
Cost and convenience might initially attract physicians to ASP computer applications, but some have held back, concerned over HIPAA requirements for privacy and security. It seems unlikely at first glance that an online tool can be as safe as one kept in a medical office. However, the opposite may be true. Depending on the sophistication of a practice, hosted software may actually be more secure than keeping a server on the floor of the billing office.
"ASPs are in the business of keeping large amounts of data secure and available. That is what they do. So, it would make sense that they will have already invested in sophisticated equipment and come up with formalized procedures for data security, protection, and back up," Amatayakul points out.
For example, MedicWare encrypts its data with Secure Socket Layer technology. The company then provides a second layer of security. "We are able to confidently ensure that the system meets the security requirements of HIPAA," says Juswan "Jay" Ichwan, president of MedicWare.
The MedicWare ASP, like other ASPs, also helps to control access to patient health information. For example, the system enables doctors to see the entire medical record while front desk employees only see patient scheduling. Plus, the system creates reports detailing who accessed what information when, simplifying HIPAA compliance.
With these security and access controls in place, small practices might find it easier to tap into an ASP than to come up with their own technologies and protocols, says Daniel Hofmeister, an attorney with Chicago-based Neal, Gerber & Eisenberg. "Generally speaking, small practices have not focused on HIPAA to the extent that larger organizations have. Small practices simply don't have the resources to devote to the complex changes that HIPAA demands."
Turning to an ASP in an effort to comply with HIPAA, however, doesn't rid medical practices of compliance responsibility, Hofmeister notes. Physician practices are responsible for patient data no matter whom they enter into agreements with.
To make sure that the ASP is at least held accountable for its share of HIPAA compliance responsibilities, practices should make sure that a "business associate" agreement is in place. A HIPAA business associate is any organization that, on behalf of a healthcare entity, performs or assists in the performance of a function involving the use of disclosure of individually identifiable health information.
In addition, you should make sure that your contract with an ASP includes appropriate representation and warranties that the ASP is in compliance with HIPAA, as well as indemnity for your medical group if the ASP is not in compliance.
Future use
Certainly, many physicians have come to realize that ASPs have grown up. As such, more groups could begin to migrate toward using an ASP model in the future. "As time goes on, more physicians will realize that there is no need for smaller practices to invest in software and hardware, when all that is needed to access a rich platform of practice management functions is an Internet connection," says CureMD's Reidel.
John McCormack can be reached at editor@physicianspractice.com.
This article originally appeared in the July 2003 issue of Physicians Practice.
Cybersecurity breach reports low during the pandemic
September 7th 2020A new report from CI Security suggests cybersecurity breaches were lower during healthcare's rapid transition to virtual care throughout the pandemic. In this episode of Perspectives, we look at why this might be and other aspects of their report with CI Security's Healthcare Executive Strategist, Drex DeFord.