Much has been said about the advantages of cloud computing, or what used to be termed 'asp' solutions for EMR in lieu of in house client server applications, less costly, reduced maintenance and upgrade challenges,
Despite these advantages this methodology has not caught fire in medicine. The main reason is now apparent by the outcome of a demonstrated failure of AWS (Amazon Web Servicesl)
Many EMR vendors do not own their own servers. They are rented from companies like Amazon, Microsoft, Apple, ,and other less well known data bank companies. Chances are good that your EMR flows on the same server, and hard drives as Twitter or Facebook.
The uproar over the down time in those spaces was huge....and that for what has become an income generator or marketing vehicle for what was previously a meaningless trivial pursuit during idle time.
And so while there are some advantages and convenience in cloud computing, or application server providers. We all share the advantages and we also will suffer from the disadvantages.
On the other hand, if EMR is not affordable without the cloud, physicians if so mandated by unrealistic mandates and inadequate incentives (which do not support long term usage of EMR), since it is a one time payment) Physicians will have to make an uncomfortable decision.
How responsible can physicians or hospitals be for breaches by a vendor, or cloud system. Who will be fined...the hospital, clinic or the vendor? The cloud vendor, the EMR vendor or the individual physician?
IMHO it has reached the point that physicians can no longer attest, nor be the ultimate responsible party for HIPAA security nor the arbiter of it's success.
HIPAA becomes rather meaningless, except for the occasional well publicized incidents of large fines to large entities for their "breaches'" What about hackers? Often hackers just 'hack' for entertainment, just like playing an online game. Can they beat the system?