Hi, I’m the resident IT guy in a radiology clinic I work for as a sonographer. I’ve been teaching myself code online for the last 2 years. My employer offered me the chance to undergo a project for him to go paperless with the patient records. It doesn’t need to be online. I know enough to know that if I did host patient information on something like Google Drive, which I know how to do, that would be a major HIPPA violation.
I’m thinking that we just need a database along with software to view that database as needed on an internal private network. The blog I learned about OpenEMR from mentioned “self-hosting” as an option. That sounds like what I need, but others complained in the comments that such is not an option on OpenEMR and that OpenEMR is completely online. If it’s not possible, does that mean that others who are using OpenEMR are still paying a lot for server space? Some clarification would be appreciated.
“Online” refers to the fact that it’s a web application. It’s perfectly normal and reasonable to host it on an in-house web server on your local network.
We’ve been using OpenEMR in our Ophthalmology practice for the past 4 years completely offline as a security precaution.
In your clinic the local area network can be wired if there are any concerns about eavesdropping.
OE will do an excellent job storing patient demographics & billing (you can do it yourself), but integration with imaging devices is trickier (probably will require professional support).
Read up and understand the law. It’s mostly about reporting the disclosure of data to people that should not have it.
As to the technology this is the basic summary:
Data Safeguards. A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure.70 For example, such safeguards might include shredding documents containing protected health information before discarding them, securing medical records with lock and key or pass code, and limiting access to keys or pass codes. See additional guidance on Incidental Uses and Disclosures.