On-premise versus cloud-based EHR hosting? The answer is becoming more and more obvious.
Most of the resistance to could-based services is a hangover from the cloud’s infancy. Back then, there seemed to be a lack of transparency and control. You were asked to give up your most valuable data and operational tools to a hazy entity over which you had no sway, along with little knowledge of the practices, procedures, and protocols that were supposed to keep your organization up and running and safe from malicious attack.
That is no longer the case. Today, most cloud-based EHR hosting organizations are extremely forthcoming about the facilities at which your data is housed and the security protocols around that data. In fact, you can generally choose your level of security dependent on the criticalness of the hosted platform and data.
It’s worth examining the specific protocols and tasks that comprise effective data security and how they might be handled in an on-premise environment such as your practice or surgical center, versus a cloud-based EHR environment like Greenway’s.
With on-premise, the customer is responsible for ensuring that all patches to software, apps, and operating systems are applied in a timely manner. You must stay on top of the latest software for everything that makes your practice run — not just your EHR or practice management system, but the operating system and all of your ancillary tools, as well. That’s difficult to do without dedicated IT specialists — resources most practices lack.
“Many organizations do not understand the sheer number of patches that come out on a daily, weekly, or even monthly basis for the software platforms they run,” said Larry Whiteside Jr., Greenway’s chief information security officer. “Patching can be an overwhelming, or daunting, task for most organizations.”
In the cloud, patching is Greenway’s responsibility. There are policies and procedures to ensure that critical, high, medium, and low vulnerabilities are patched on a regular and routine basis. For instance, Microsoft releases software patches on Tuesdays. Greenway tests and deploys those patches monthly. If there’s a critical patch, Greenway will schedule an out-of-band maintenance window to complete patching sooner. This is a much shorter window than most customers would be able to accomplish, considering the time and manpower involved.
Reboots are usually required after patching which, for most practices, Greenway can do without causing minimal to no downtime, and without overtime, meaning the process does not have a negative impact on your business.
When most people think of anti-virus they think of the standard software from companies such as Symantec and MacAfee. These programs function from lists of known threats. When they identify one of the threats on the list, they alert you and spring into action. However, if a threat is new or unknown, these programs can’t help you.
Next-generation anti-virus goes beyond lists. It monitors system activity based on content and context. It looks at traffic coming in to your network. It monitors how the operating system or system functions are performing to identify anything out of the ordinary that might signal a threat. When it finds it, it can isolate the particular server involved to prevent the potential threat from spreading.
Unfortunately, most practices don’t have the budget, expertise, or manpower to harness this kind of threat protection. Cloud environments such as Greenway’s that work at scale, do.
Incident detection and response
Similarly, most practices do not have the level of IT maturity to develop and maintain endpoint detection response tools, policies, and procedures that streamline and automate incident response. It’s a significant undertaking.
“Inevitably, your practice is going to have your technology systems fail you, and your ability to recover is more important than anything else you do,” Whiteside said. “This is why organizations must plan and prepare before the downtime happens.”
For our cloud environment, Greenway has a full team that routinely tests tools and procedures. When a threat is detected on any hosted environment, the team can quickly isolate the server, and they know who to contact, how to engage law enforcement, and how to get the right forensics teams engaged. Some of this requires contracts with outside entities — again, costs and resources that most practices cannot muster.
The medical centers or office parks that house most practices are just as vulnerable to damage from earthquake, hurricane, flood, tornado, or fire as any other structure is. That means on-premise servers are equally vulnerable.
Cloud hosting environments are designed to withstand disasters. They have dual power feeds so that if main power is cut, there is an alternate source. They also have physical security and independent cooling in case of power failure. Some are even partially buried underground.
24/7/365 monitoring: When a typical practice closes for the night, no one sticks around to monitor the network. But malicious agents don’t keep 9-to-5 schedules. That’s why Greenway works in conjunction with our Hosting Partners to provide 24/7/365 security monitoring of our Cloud environment. It’s an additional set of eyes, always trained on your assets.
Cloud-based ehr hosting makes sense
In a highly regulated medical environment that mandates data security, in a threat-laden environment that demands constant vigilance, in an increasingly climate-challenged landscape that sees more devastating natural disasters, cloud hosting makes sense. It’s unrealistic to expect practices to maintain extensive IT staffs with specific knowledge in areas ranging from endpoint detection to incident response.
“With all that practices have going on in the evolving healthcare environment, their main priority is providing care for their patients every day,” Whiteside said. “Providers can take a tremendous burden off their shoulders by leaving the technology of their practice in the hands of experienced, dedicated IT advisers and professionals.”
Cloud-based EHR hosting offers practices state-of-the-art data security, as well as incident detection and response, in a hardened, consistently monitored environment. Don’t let outdated concepts from years ago stand in the way of protecting your practice.
For more information, click here to schedule a conversation with a Greenway representative.