FacebookTwitterLinkedinInstagramYouTube

Top 7 Questions to Ask When Considering Hosting for Your EHR System

Selecting the right cloud hosting service for your healthcare organization’s EHR is vital for security and long-term success. Below are seven essential questions to ask when you are researching a cloud hosting solution to fit your healthcare organization.

1. Is a Public Cloud or a Managed Private Cloud the right solution for your organization? 

What is Public Cloud Hosting?

Multiple clients share infrastructure in a public cloud hosting environment. Hosting is offered to all industries with clients ranging from large eCommerce retailers to educational organizations, to individuals with personal websites. Some of the larger offerings include Amazon AWS, Microsoft Azure, and Google Cloud.

What are the benefits of Public Cloud Hosting?

  • Well-defined backup procedures.
  • Ability to add/change infrastructure quickly.

What are the drawbacks of the Public Cloud?

  • Standard Backup procedures are typically offered at an additional charge and may not be as granular as needed.
  • Specific server configurations may not be available.
  • Troubleshooting performance issues may be more challenging as the underlying infrastructure is not accessible.
  • Customer support may be limited and is generally industry non-specific.

What is Managed Private Cloud Hosting?

Managed Private Cloud Hosting offers a more targeted solution to clients looking for more control or industry expertise. These environments offer customizable solutions with less shared infrastructure than Public Cloud offerings.

What are the benefits of Managed Private Cloud Hosting? 

  • Superior customer support, in some cases, with industry-specific expertise.
  • Dedicated infrastructure is available.
  • Know exactly what infrastructure you are getting.
  • Backup procedures are usually included in the price and can be customized to meet your needs.
  • Some providers may give clients access to portions of the underlying infrastructure.
  • More customizable to meet your organization’s needs.

What are the drawbacks of Managed Private Cloud Hosting?

  • Changes and/or additions to infrastructure may take longer to provision.

2. How will you connect to the vendor’s data center?

Connectivity to the vendor’s data center can be established in several ways.

The best method will depend upon your current network and communication infrastructure and the necessary bandwidth needed for your organization. Your hosting vendor should help you decide and design a connectivity method that meets your needs and budget. This could include:

  • Point to Point connections (T1, DS3, Fiber Ethernet, etc.)
  • MPLS Node (data center is a node on your wide area network)
  • SD-WAN/VPN (Dynamic or static VPNs created by SD-WAN devices)
  • Client to Site VPN Connections (VPN connection using a software client)

These are the basic connectivity types, but they may be called something else by your communications provider.

3. What about data center security? What credentials does the data center carry? Do they have specific credentials for healthcare? Do they work with healthcare exclusively?

Datacenter security should be verified with potential vendors. HIPAA compliance as well as other data center certifications should be asked for and confirmed before selecting a vendor. This could include:

  • HIPAA/HITECH
  • PCI-DSS
  • FedRAMP/FISMA
  • SSAE18/SOC2
  • NIST
  • ITAR
  • GDPR, etc.

4. Do the replication and backup procedures meet your needs?

You should discuss data replication and backup procedures with your possible vendors. Verify that there is a replication of your data being performed, ideally to a secondary data center site. Check on RPO/RTO times

  • Recovery Point Objective (RPO) is the maximum length of time permitted that data can be restored from, which may or may not mean data loss. It is the age of the files or data in backup storage required to resume normal operations if a computer system or network failure occurs. (The amount of time where data may be lost. If your RPO is 5 minutes, in case of a disaster there is potential to lose the last 5 minutes’ worth of data)
  • Recovery Time Objective(RTO) How long does it take to return to normal operations after a disaster event.

Both RPO and RTO times can be discussed, and additional costs may be incurred to shorten these times.

Find out if there are backup procedures, and if so, what additional cost there may be for those services. You should also ask:

  • What are the backup schedules?
  • What is backed up?
  • What medium is used for backup?
  • Where are backups stored?
  • How long are backups stored?

5. How are planned and unplanned downtimes handled?

While 100% uptime is the goal, there will always be downtime for regular maintenance, upgrades, and other necessary planned downtime events. Work out a schedule and a process with your vendor so that these planned downtimes happen when there is the least amount of disruption to your business.

There should also be a plan and process for unplanned downtime events. Items such as notification, status reporting, backup systems, failover windows, and data recovery should be discussed and documented with your vendor before going “live”.

6. What additional charges should you expect to incur for the growth of data, additional servers, users, bandwidth?

Ask your vendor what additional charges may be ahead. These may include additional charges for additional servers, storage space, CPU, memory, etc. Make sure that you have a clear picture of what those extra costs may be based on your projected growth patterns for your business.

7. Will you have any access to the servers?

Many organizations want to have some access to the server environment. Check with your possible vendors to see what access will be provided to your team and what constraints exist.

We know this can seem like a lot to contemplate. When making your decision, be sure to consider all factors, both small and large, of potential hosting providers. Always be sure to confirm any certifications and, take into consideration service reviews from customers. Don’t be afraid to contact potential providers and ask questions directly, discuss contracts and terms and get an understanding of what they can offer you. Your choice could affect your healthcare services down the line, and hopefully, these tips will help make that decision a little easier.

Selecting the right cloud hosting service for your healthcare organization’s EHR is vital for security and long-term success. Below are seven essential questions to ask when you are researching a cloud hosting solution to fit your healthcare organization.

By |Hosting, Information Exchange|Comments Off on Top 7 Questions to Ask When Considering Hosting for Your EHR System

About the Author:

Joe brings over 25 years of experience in information technology consulting and healthcare to the eMedApps team. He has been with the company since the beginning over 15 years ago and continues to provide strategic leadership to the business teams. Joe’s expertise in developing and managing new business relationships as well as delivering strategic solutions to the healthcare community has set the pace for continual growth and excellence. He works directly with healthcare providers, educating them on new technologies and assisting with the selection, purchase, implementation, and support of those systems. In his spare time, Joe enjoys music, golf, camping, and fishing.