Although, trusting a cloud based electronic health records system with sensitive health data can seem a little unnerving, investigation by industry experts and regulatory agencies that credential EHR systems against Center for Medicare and Medicaid Services (CMS). The same data security requirements are in place whether the data and application are housed on premise or in a virtual cloud based server. According to Gerard Nussbaum, director of technology services at management consultancy Kurt Salmon Associates at the American Health Information Management Association (AHIMA) Legal EHR Summit in Chicago earlier this month, HIPAA privacy and security rules do not specify whether a provider using a cloud-based EHR owns data in the medical records or if the information belongs to the service host as posted in Physicians Practice online publication. One of the points that has been expressed, is that data house in cloud is more likely to be encrypted than on-site systems and therefore more vulnerable.
I believe in cloud based computing solutions and have an affinity towards them. As with any system, a robust security protocol and plan must be in place and clear ownership within both a practice and an EHR vendor. If the San Francisco BART system can be hacked, along with numerous government agencies, then any system can be breached. The important part is staying on top of the latest security trends and advancements and strategically integrating them into your business processes.