Most of you don’t realize that you have been using cloud based technology for many years.  Email, Facebook,  Google Docs, other Social Networking sites are all Cloud based. Your credentials are kept in “secure” locations and encrypted with strong authentication technology.  This type of technology or applications are called SaaS, short for Software as a Service.  It has its purpose especially when it’s your own information and you trust its contents. Some of the rules around security today is to eliminate your personal information from Social Network sites, online document stores, etc.  Not because you want to, not because you don’t trust the provider, but because these are the site prone to Hackers that steal your private and confidential information.

It then becomes a matter of trust.  Banks spend 10’s of millions of dollars to keep their systems secure. Governments spend more.  They can afford to.  But are they Hacker proof ? No, they are not.  As they lock one open  door into their domain, another one opens so it becomes a constant problem and a constant spend for them to keep secure.  Hackers are no longer your teenage kids or one man shows anymore.  Today hackers are more sophisticated and dedicated to infiltrate any personal information that they can secure and then sell that personal information on the internet.  Governments and Finance are the primary target areas, Social Networking has already been hit and continues to do so today –  Just ask Facebook where millions of records were recently compromised. Once again, it’s all a matter of trust.

Health records is the next wave and the Security Industry already is aware that this vertical will be targeted.  Saas health providers are telling us that they are secure.  That what our banks, governments, social networking sites, security vendors all told us in the past.  All have been hacked, records have been compromised and your only concern is YOUR personal information.

So if you subscribe to a SaaS Practice Management Service the question that you need to ask is whether you become liable if the credentials of for 100 or 1000 or 5000 patients/clients can be compromised and who becomes responsible for their information, not your own personal information, but that of your many patients.  Have you informed your patients/clients that their information is being placed on the web ? Should they know that it can be compromised ? Have you told them that the SaaS salesman told you that the data was secure ? Do you have liability insurance to cover you for your patients information that may have their identity violated ?

Saas for health records or Private Server for health records – The choice is yours.