Cloud-based EHRs raise data rights questions

With cloud-based electronic health record systems becoming more popular, providers should carefully read their vendor contracts regarding their rights and use of their patients' data, according to American Medical News

Gerard Nussbaum, director of technology services for the global management consulting firm Kurt Salmon Associates, tells amednews that since the data in the EHR is stored in the cloud, not at the host site, the vendor and others have access to the data, even if the provider owns it. That leads to issues regarding rights to the data, which the parties need to address.

One of the issues involves data mining. According to Nussbaum, some EHR vendors aggregate the data in the cloud from all of their clients' EHR systems for analytics. However, individual providers need to be able to mine their own data for purposes of attesting to Meaningful Use and to provide accounting of disclosures to patients.

Another trouble spot is data backup and recovery, especially during a natural disaster. Providers need to know that there's a back up site, that the transfer of the data to that site will be seamless, and how to access it from the second site. If the backup data is encrypted, the provider needs to know the key.

Lynette Ferrara, partners at CSC's Health Informatics Practice told amednews that providers should not only get assurances that they can get and use the data from the cloud but to have the vendor demonstrate how to do so. For instance, if a vendor can't tell the provider how to retrieve data, that should be a deal-breaker, she says.

To learn more:
- read the amednews article

Related Articles:
Put your health IT dollars in cloud computing, virtual apps 
Cloud computing in healthcare: the question is if, not when 
5 EHR predictions for 2012