Client Login: Enter password:



JonokeMed™
What is JonokeMed™?
Advantages
The JonokeMed™ Solution
Scheduling
Encounters
Accounting
Office Management
JonokeMed Jr™
Learn More
The JonokeMed™ G.U.I.
Training
Support
Internet-based Help
Demonstrations
Purchasing
Document Centre
Articles
Electronic Medical Records
The Paperless Office
Technology
Security

What to look for in an EMR system

by Glen Baxter

So you've decided to invest in an Electronic Medical Record (EMR) system. You want the benefits that a properly implemented EMR can give you: increased efficiency, quick and reliable access to patient data, and increased quality of patient care.

But how do you evaluate the technical information that an EMR salesman will give you? There is no silver bullet. Not every medical practice has the same requirements, and no single database or hardware configuration will work for every EMR system.

You begin to feel worried. Where do you start? Every time your tech-savvy friend tries to explain things to you, your eyes start to glaze over.

Important factors that are easily overlooked when implementing an EMR include the choice of computer hardware, the type of underlying database, and the safety and security of medical information. Making smart decisions in these areas has the same effect as evaluating what's under the hood when you're buying a car: without a reliable engine, you won't get very far very fast.

Purchase enough capacity. Look at least three years into the future. Buying only the minimum EMR software or hardware required for your current needs will only cause you grief down the road. Replacing one EMR system with another is a substantial cost and will significantly disrupt your business.

How big is the engine? What is the database engine underneath the EMR system you are considering? Is this database a good underlying technology to base your business upon?

Think of a database like a giant filing cabinet. Some databases can hold more files. Databases can really start to slow down as their virtual filing cabinet gets fuller and fuller. Some databases will not be able to cope with the amount of patient data that your practice requires (or will require). Some databases have an upper limit or additional licensing fees that will cap the number of simultaneous users.

Plan for maintenance. Just as every car requires the occasional tune-up, every EMR application and every database will require upgrades and maintenance. There are no exceptions. Plan for it. Shop around.
Over time, databases become less efficient as the catalog system for the database records becomes bigger. Also, the database begins to store data in little, scattered pieces rather than in single, unified blocks. How frequently will the database need to be re-indexed or de-fragmented to improve performance? How long does this take?

Budget for buying new application server hardware every three to five years. A surgeon wouldn't want to conduct a procedure using antiquated tools. The same applies to your EMR system. Look at these costs as an investment in your business ñ technology changes quickly, and your medical data storage needs will grow as your practice grows.

Run your EMR system on a dedicated server. If you are serious about having a responsive, reliable database of medical information, allow your server computer to devote all of its attention to it. Don't make a single server responsible for sending and receiving e-mail, policing network traffic, hosting your corporate web site, and hosting the database of your EMR system. All the applications on your server will compete for resources. In addition, this approach creates a single point of failure (if this single box dies, you lose everything) and may force you to take your medical application off-line every time a non-related application needs an upgrade.

Choose name brand hardware. Don't go with 'no name' computers, or custom-built computers that someone has built from disparate parts. If you have chosen an EMR vendor, ask your vendor what hardware they recommend. Then follow their recommendations.

The dependencies between hardware, software, and operating systems are increasingly complex and subtle. Long-term costs and down time (computer speak for 'my computer is broken, or unavailable due to maintenance,') often outweigh short-term dollar savings. Going with a proven hardware platform ñ from a vendor that has the time and resources to properly test their standard hardware configurations ñ is worth the premium.

Understand this: the Internet is not secure unless you take steps to make it so.

Think of the Internet as a loosely coupled collection of friendly and unfriendly computers. Information that you send over this network can pass through any number of unknown computers on its way between you and the site you're sending the information to. Also, every computer connected to the Internet can see every other. That's just the way the Internet works.

The only reason that an application like Internet banking is safe is that banks take two precautions:

1. they protect the financial information they store locally and
2. they shield the information that is in transit between you and them.

Invest in a firewall. If your medical clinic is connected to the Internet, you'll need to invest in a firewall to keep unwelcome visitors out. A firewall could be a dedicated computer that authenticates all traffic trying to get in or out of your local network, or it could be as simple as a network router that only accepts traffic originating from known sources.

For the best protection, look for an ICSA-certified stateful packet inspection firewall. ICSA-certified firewalls do more than authenticate who is allowed in and out ñ they also examine each packet of data coming in and out (to determine what each visitor is doing). Be sure to prevent suspicious or unnecessary types of traffic, even for authorized visitors! (For more information, see the web site here.)

Encrypt medical data that is sent over the Internet. If the EMR software you are using allows you to work from home over the Internet, make sure your VPN (Virtual Private Network) communication is strongly encrypted. Once data is properly encrypted, all that prying eyes will see is gibberish. Be sure to choose a VPN product that is certified to meet IPSec standards. Products that meet IPSec standards offer the highest levels of reliability, security, and interoperability.

When exchanging information with trusted third parties, it is important to use security products and protocols that are both secure and widely used. This is because, in an encrypted 'conversation,' both participants have to utilize products that agree on the method for encrypting information back and forth into readable form. For example, another way of securing data transmission over the Internet is to make use of SSH (Secure Shell). To encrypt e-mail and e-mail attachments, consider a widely used product such as PGP (Pretty Good Privacy).

Form a partnership with your EMR and hardware vendors. Like a good mechanic, you need to know that your EMR and hardware vendors will be there for you when you have problems. However, they can only help you if you keep them informed. Do not upgrade your hardware without prior knowledge and approval of the hardware and EMR vendors. A simple change in IP address can break communication between networked computers. Changes in hardware, hardware drivers, RAM, operating systems, etc. may require additional, cascading updates, or seriously affect the speed and reliability of your EMR application. Keep an accurate record of all changes done to all of your computers. If a problem occurs and you require assistance, have this change log available.

Funnel all of your EMR support and technology issues through one or two people. Your long-term happiness with the EMR solution you've chosen can depend upon having one or two people who stay on top of your system's technology and support issues. Free up one of these people whenever a problem occurs, and make sure that the people in these roles talk to each other. Over time, they will get to know the cause of typical issues. Often, they will be able to fix problems on the spot! Even if they can't, they will soon learn to ask all the questions necessary to confirm the nature of the problem.

Glen Baxter is a technical writer for Jonoke Software Development. Aaron Bevan, Jaime Albrecht, Norine Bevan, and Jody Bevan also contributed to this article. Jonoke Software Development Inc. is a Canadian company, based in Edmonton, with clients across North America. Jonoke has been developing software since 1988, specializing in cross-platform solutions.

Originally printed in
Canadian Healthcare Technology
March 2003