EHR Secure Cloud-Based Architecture
What is “Cloud”
The cloud has been for a while and businesses have been using remote or off-premise based services via the Internet for quite a number of years now. When you use a cloud-based application, you are accessing the system via the Internet where the application is hosted in shared, private or dedicated resource environment as opposed to being provided from your own on-premises servers. Cloud services are designed to provide easy, scalable access to the resources and services of the application, which are managed by a 3rd party provider. A cloud service can dynamically scale to meet the ever-expanding needs of its users. Popular examples of cloud services are web-based e-mail services like Yahoo Mail, hosted office suites like Microsoft online apps, and document collaboration services like Dropbox.
The development of a unitary environment able to support both an extensive use of the EHR and the implementation of a Big Data Analytics platform is made possible by the adoption of the Cloud Computing paradigm, a novel computation framework based onInternet and on the virtualization technology.
Why use a cloud-based EMR or EHR?
It’s a better business strategy. Spend time working with your patients, not your patient healthcare software. When your software is installed in your office, you have to deal with potential interruptions such as power outages, software upgrades, hardware failures and human error. With the software installed in the cloud, we upgrade the software for you without disrupting your practice. The cloud infrastructure is built on redundancy, meaning that your system is always available, even if there is an outage on our end. The services are designed so that outages are not noticeable to the users and all services remain available.
Again, it is scalable. Over time your EHR system will grow largely due to the increasing amount of patient data and additional updates in the application software that may require more computing power. This will require additional computing resources in order to maintain optimal performance. On the cloud, more server space can be added automatically using auto-scaling capabilities. This eliminates the need to buy additional costly hardware and perform ground-up configuration and disruption that would be required with an in-office solution to keep your system running.
It’s secure. With the increasing threat from hackers, both foreign and domestic, patient information is becoming more of a target and harder to secure. A local installation (in your office) requires extra attention to detail to keep secure. When you install the system in your office, you take on the responsibility of making sure the environment is safe from unauthorized access. By using our cloud-based solution you benefit from the infrastructure that is already in place to provide both security benefits such as a private IP network isolation, encryption, server load balancing and automated backups. The diagram above describes the high-level architecture of the Tekrapy Fusion System.
Ensuring the system is always available
It is a fact that Internet connectivity and the cloud environment are subject to outages just as an in-house system is also subject to hardware or software failures. We don’t have control over the Internet connectivity, however, we can minimize the possibility of the system being unavailable due to hardware or software problems. In a cloud-based system, there are highly skilled technicians supporting the infrastructure 24/7 monitoring it to keep it in its best condition. Tekrapy Fusion EHR utilizes server load balancing. Server load balancing means that there are two or more servers for every piece of the application software. If one of the servers experiences a malfunction due to hardware or software problems, it is automatically removed from production to prevent it from causing an impact on the service. When the issue is resolved, it’s automatically placed back into service. In addition to server load balancing, the databases that store the EMR application data are replicated to a “hot standby” in real-time. This means if the main database is unavailable for any reason, the system will use the replicated database. These fail-safes can be costly to put in place in an in-house system due to the additional storage and resources to administer and manage the system. With a cloud-based system, not only can you take advantage of ensuring your system has this protection, it is also more economical.
Protecting against loss of electronic health information
Backups are used, in the very unlikely event, to recover data after loss or corruption. All electronic protected health information (ePHI) and transaction logs are automatically backed up on a schedule allowing the ability to restore the data back to the point of the retention period. Instead of having to maintain an expensive onsite backup system and deal with tapes, backups are automatically performed within the cloud. Our backup policies include:
- Daily full database backups.
- Binlog backups taken every five minutes and stored in separate servers.
- The backups are also backed up to separate cloud drives daily.
- Databases are encrypted and replicated in real time to servers located in a different geographic location.
Keeping your electronic health information protected
Encryption is used to protect the health information while it is in transit. The encryption process encodes the information in a way that unauthorized parties or hackers cannot read it. We use 2048 bit SSL encryption throughout the entire user session to better protect against security threats. In short, the larger the key size, the more computationally expensive it is for an attacker to use brute force to compromise the infrastructure. The US National Institute of Standards and Technology (NIST) recommends that organizations depreciate the use of 1024-bit keys by year-end 2013. While 2048-bit keys deliver greatly increased security, they also require significantly greater processing power than 1024-bit keys. This means in order to maintain application performance and availability organizations need to adopt new SSL infrastructure specifically designed for stronger SSL. Our infrastructure is already designed to provide the same level of performance (speed) and as technology evolves and security requirements change, we will continue to update and change to protect sensitive health information.
What about disaster recovery and business continuity?
Your system is prepared for worst-case scenarios to ensure business continuity in the event of a disaster. Every component of the system is periodically placed into a “snapshot.” These snapshots can be used to start up a new component on any system to restore service quickly in the event of a disaster. This is in addition to the automated backups.