robertovasquez wrote on Sunday, September 13, 2015:
If I can set it up openemr in-house server at the clinic and manage the server remotely. Why do I need to spend time and cash for hosting service?
robertovasquez wrote on Sunday, September 13, 2015:
If I can set it up openemr in-house server at the clinic and manage the server remotely. Why do I need to spend time and cash for hosting service?
fsgl wrote on Sunday, September 13, 2015:
Users who subscribe to a hosting service have indicated that they value the ability have remote access to OpenEMR.
It would seem more secure to have OpenEMR on one’s own server rather than rely on hosts. Often the command line is unavailable with hosting. Unless a user has total control over his server, he has handed over the security of the medical records to outsiders, who may or may not deserve this trust.
Hosting may be good for commerce, but merchants are not held to the same ethical & legal standards as medical practices.
If a practice is not competent enough to harden OpenEMR from hacking; there remains only one alternative, stay offline.
kylenave wrote on Sunday, September 13, 2015:
Keep the HIPAA issues in mind as well. You must be able to sign a Business Associates Agreement with the hosting company and only companies that understand HIPAA compliance will do this which drives the monthly server cost from $25/month to ~$400/month.
I was running on a hosted server until I realized this would be a problem in an audit so I set up a server in the office. It is a big investment in time though to learn all the ins and outs of installation, management and security but for me I decided it was worth it.
Currently I’m using OpenEMR only for very low volume practices so the cost of a HIPAA server was prohibitive. Might work if I had enough hosted on a multi-site server.
robertovasquez wrote on Sunday, September 13, 2015:
HUMMM
Seems that virtual machine in-house server is a good option !!!
visolveemr wrote on Monday, September 14, 2015:
When considering High Availability of the server, despite of any problems or disasters, hosting will be the better option.
Thanks
OpenEMR Customization/Support Team,
ViSolve Inc
visolveemr wrote on Monday, September 14, 2015:
visolveemr wrote on Monday, September 14, 2015:
fsgl wrote on Monday, September 14, 2015:
The BAA does not automatically protect a practice from culpability if there is a breach of HIPAA.
If portability is a must, virtualization is safer choice than hosting.
tmccormi wrote on Tuesday, September 15, 2015:
Like religion this is a issue that is a personal choice and requires due diligence when making the choice. For very small practices with no IT support or expertise in house, then hosting makes sense, for small pracitices with some IT skills and access to local IT service people then a in-house server and/or VM makes sense.
For bigger organization the issue, is well, bigger
There is more than HIPAA to be aware of, like backups and disaster recovery, redundant hardware, remote access, wireless security and being the one on the hook for security audit response.
We support both kinds.
–Tony
kylenave wrote on Tuesday, September 15, 2015:
Well said… to reiterate, I’m using it for a few different therapists mainly to gain experience with it before deploying to larger clients.
I wouldn’t even consider hosting it myself for an actual medical practice where their revenue would be impacted by any of a million reasons why a server could go down. At that point the cost of a hosting provider that understand the HIPAA issues as well as all of the regular IT reliability issues, etc would be well worth it.