In the market for an EMR? Here’s a crucial question: Client-server or ASP? Relax. We’ll explain what it means. And help you decide.
Haven’t purchased an EMR yet but getting ready to take the plunge? Let’s say you’re now preparing carefully your checklist of vendor questions as you whittle your prospects down. Here’s one you won’t want to leave off: ASP or client-server?
Client-server refers to the traditional and still-dominant choice for most medical practices in the market for EMRs. Practices that opt for this model purchase their chosen EMR software, buy the hardware necessary to run that software, and assume responsibility for the care and management of the entire system, including backing up data, upgrading software, and handling any technical issues that may arise. While such a practice will certainly have help from its EMR and hardware vendors in performing these duties, the practice is ultimately responsible for carrying them out.
An ASP - or application service provider - refers to another EMR model in which a practice can purchase access to an EMR. ASP vendors sell EMR systems to their clients as a monthly service accessed over the Internet. The EMR software, its database (where all patient data are stored), and the hardware that runs everything reside in a central location outside the practice, maintained by the EMR vendor or a contracted third party. Clinicians and staff use a secure, Web-based log-in to access their EMR - not unlike how one accesses a secure banking site (although ASPs provide much tighter security).
ASPs and client servers are virtually indistinguishable when it comes to their effect on a typical practice’s work flow. Many leading EMR vendors offer both models, and in most cases, the applications work the same whether they are installed on a local server or delivered via an ASP. One caveat: Some EMR functions, like voice recognition, require local processing power on a PC; you may need to work out some technical solutions when using such capabilities with an ASP. If you are actively shopping, ask potential EMR vendors to specify (preferably in writing) any functionality differences between their client-server and ASP offerings.
The real difference between the two models is financial. If you go with client-server, you purchase a perpetual license to use the software. Assuming that you finance your purchase, once you’ve made your final payment, your only remaining financial obligation to your EMR vendor is an annual payment that generally covers new updates and help-desk support.
An ASP model requires no upfront cost for the software. Instead, you pay a monthly fee only as long as you use the service. Such fees usually range from $350 to $750 per provider for most practices. ASP fees are generally inclusive, covering help-desk support, software upgrades, daily database backups, and any server maintenance. Training and implementation - which will cost you a one-time fee - are not typically included. Many vendors will recommend that you also purchase something called a full or fraction T-1 line to ensure you maintain a reliable, high-bandwidth Internet connection. This option can cost an additional $500 or more per month.
So which is better? It depends. The ASP-vs.-client-server decision mostly boils down to how much IT support a practice is willing to take on. For practices that have the wherewithal and staff to maintain a server, perform regular data backups, manage often-complex software upgrades, and attend to the details of technical trouble-shooting, a client-server model is a great choice - and less expensive in the long run. But if you see those tasks as daunting and/or terrifying, then ASP is a better choice for your practice.
The ‘hot & cold’ of data storage
Your practice is your data; without it, you’re out of business. And your data is more vulnerable than you think.
The U.S. Small Business Administration has predicted that “every state in the country will suffer a natural disaster in the next two years.” The U.S. Department of Labor has stated, “Ninety-three percent of companies that experience a significant data loss will be out of business within five years.” And the University of Texas Center for Research on Information Systems has said, “Of the companies that lose their data in a disaster, nearly 50 percent never reopen their doors at all after the disaster.” With all that in mind, can you sleep soundly, knowing that your data are protected to the best of your ability against damage, loss, or theft?
What’s your backup and disaster recovery plan should you lose your patient and/or financial data? Many practices back up their data with tape during off hours. But if you have purchased an EMR or soon will, you’ll want to reduce the amount of downtime your backup procedures consume. Typically, practices use the “disk-disk-tape” method. Assuming your hardware is up to date, it’s faster to copy your data onto a secondary disk-based storage device and then copy the data to tape. Best practices dictate separating the physical locations of your primary and secondary storage.
Another modern alternative is electronic data vaulting, or “e-vaulting,” which refers to an outsourced, off-site storage system. E-vaulting is growing in popularity, largely owing to the rapidly declining cost of bandwidth. With e-vaulting, your data is quickly backed up to disk and automatically and immediately stored off site. Most vendors will offer to encrypt your backup data as they traverse cyberspace; consider this a mandatory step.
Some vendors will also offer to back up your data to tape at their site and store them elsewhere. One nice benefit of e-vaulting is that it gives you the ability to quickly restore your system at any alternate location. No need to retrieve a backup tape, a compatible tape drive, or a replacement server.
E-vaulting provides a reliable resource for expertise not readily available in medical practices.
Bruce Kleaveland is president of Kleaveland Consulting, a management consulting firm focused on healthcare IT. He can be reached at 206 527 6633, bkleaveland@msn.com, or via editor@physicianspractice.com.
Rosemarie Nelson is a well-known healthcare technology guru and principal with the Medical Group Management Association’s Health Care Consulting Group. She can be reached at RosemarieNelson@alum.syracuse.edu or via editor@physicianspractice.com.
This article originally appeared in the May 2007 issue of Physicians Practice.
Cybersecurity breach reports low during the pandemic
September 7th 2020A new report from CI Security suggests cybersecurity breaches were lower during healthcare's rapid transition to virtual care throughout the pandemic. In this episode of Perspectives, we look at why this might be and other aspects of their report with CI Security's Healthcare Executive Strategist, Drex DeFord.