- Security
Your agency’s electronic records are only as secure as the cabinet (the database) they are stored in. If that file ends in “.dbf”, stay away from it.
- Technology Employed
Five (5) years is the generally-accepted technology lifetime of a software. Even if a software is still useful (“if it is not broken, why fix it”), the platform (OS) may no longer support it. Yes, you can still drive your Model-T but where will you take for repair?
- Customer Support
If your vendor has 75% of its staff in customer support, it is a problem. The best software is one which almost no support is needed. Support (or the lack of it) is an indicator of how good a software is.
- Hosted versus in-house
Hosted (sometimes disparagingly known as “hostaged”) systems keep your files – they reside someplace other than your office’s. Browser-based (those s/w using browsers – Internet Explorer, Chrome, Firefox, others) software are almost always hosted systems. There are laws governing physical storage, security, access, and manipulation of electronic patient health information (e-PHI) records. Does the vendor provide backup of your electronic records?
- Fees
Startup (sometimes called “set-up” or “one-time”) fees can be substantial. Monthly fees? Annual Maintenance Fees, Support Fees, Termination Fees, etc.? Fees (or non-payment of it) can be especially intimidating for hosted systems. They can cut off your access to your files in a snap.
- Outright Purchase
Don’t! There is almost no rationality in purchasing software of this nature UNLESS there is nothing else to pay thereafter – which is unheard of. Why?
Rules and regulations constantly change! What are you going to do with a software that cannot be updated. Most vendors charge a periodic maintenance fee (on top of the rental/subscription fee) for this purpose.
Technology change. Software makers can create other versions on other platforms and leave you hanging dry with the software you purchased.
And even if there is nothing more to pay, that purchase is only as good as the lifetime of the seller company.
- Use Termination
If you decide to terminate usage of the software, does the vendor cut off your access to your electronic records? Or does your vendor permit usage of the software only for viewing stored records? Better yet, does your vendor provide out-conversion of the electronic records?
- Business Associate (BA) Agreement
Do you know where your e-PHI is and do you know how it is protected? YOU SHOULD (in accordance with HIPAA under the HITECH Act)!. The BA today should come from the entity that is about to share the PHI – that means, YOU. In most cases, the vendor issues the agreement and in many cases it is designed to protect their skin – not you, from the law. Here are a few pointers that should be in your BA (in general, but not limited to):
Business Associate agrees to meet compliance to all requirements of the HIPAA Privacy and Security Rules specifically meeting requirements to the implementation specifications, both “required” and “addressable” of the HIPAA Security Rule
Business Associate should make available upon request all compliance information to show proof when a request is made, or in the event the Covered Entity gets audited or undergoes a compliance review
