| Software as a Service (SaaS) is the new | | | | Software as a Service (SaaS) Model |
| generation of ASP model designed to reduce the | | | | SaaS model extends ASP benefits from |
| exorbitant costs of specialized medical practice | | | | outsourcing of system maintenance to simplified |
| management software. SaaS model is available | | | | financial responsibilities. SaaS vendors eliminate the |
| for all aspects of medical practice management, | | | | upfront costs to medical practice by making the |
| including scheduling, billing, and electronic medical | | | | upfront investment in hardware and licensing on |
| records (EMR), which are mission-critical for high | | | | behalf of all medical practices using the application. |
| quality clinical service, business operations, and | | | | To make such a financial commitment, the hosting |
| regulatory compliance. SaaS model extends the | | | | vendor must develop thorough expertise in |
| advantages of Application Service Provider (ASP) | | | | application maintenance and new feature |
| model, which in turn evolves from the traditional | | | | development. Such a requirement became feasible |
| Client-Server model. This article briefly defines key | | | | with recent technology progress in terms of |
| concepts and outlines a set of guidelines for SaaS | | | | security (128-bit SSL encryption) and |
| vendor selection. | | | | browser-based client performance along with |
| Client-Server (CS) Model | | | | AJAX coding methodology. The new generation |
| CS model involves central servers for database | | | | technology now compensates for earlier CS |
| and application logic and multiple client modules | | | | model deficiencies and justifies network-native |
| connected to the central servers via local area | | | | SaaS software development by design. |
| network. This architecture allows allocation of | | | | Because of higher specialization, SaaS vendor is |
| significant application logic on the client computer. | | | | able to focus on client business requirements, |
| Applications architects considering CS model must | | | | resulting in more responsive service and higher |
| weigh performance and security advantages | | | | client satisfaction. |
| against increased maintenance costs. CS benefits | | | | SaaS Vendor Selection |
| stem from local control of application logic and | | | | Medical practice in search of SaaS vendor must |
| data. CS shortcomings too stem from localizing | | | | focus on the following topics: |
| logic and data because local arrangement requires | | | | |
| the user to take responsibility over application | | | | 1. Functionality: Does the application deliver all |
| maintenance, including data security, redundancy, | | | | required functionality? Have you documented |
| disaster recovery, upgrades, backups, etc. | | | | functional requirements subject to practice |
| The medical practice utilizing CS model must | | | | business goals, including financial, practice workflow |
| develop in-house expertise and manage numerous | | | | and personnel objectives? Have you considered |
| services, including | | | | integrated practice management functionality |
| | | | including patient scheduling, SOAP notes, and billing? |
| 1. Internet connectivity, bandwidth, and routers | | | | 2. Training Plan: Will the vendor provide sufficient |
| 2. Servers for Web server software, email, and | | | | training? What drives the training process: practice |
| firewalls | | | | workflow changes or available software |
| 3. Database management | | | | functionality? |
| 4. Data feed management | | | | 3. Third-Party Application Interface: Does the |
| 5. Capacity management | | | | application work with existing applications already |
| 6. Redundancy management | | | | deployed in the office? What data exchange |
| 7. Application upgrade management | | | | requirements must be satisfied if you decide to |
| Financially, CS models require the software user | | | | purchase another application later? |
| to make significant upfront investment in | | | | 4. Performance: How do you measure application |
| hardware and licensing and justify the business | | | | and service performance? Are formal |
| case using ROI-based arguments, which make | | | | performance metrics available continuously? |
| little sense because of software and hardware | | | | 5. HIPAA Compliance: What controls are in place |
| innovation pace. | | | | to enable access only on a "need to see" basis? Is |
| Application Service Provider (ASP) Model | | | | every access instance logged using secure |
| ASP model shields the medical practice from high | | | | mechanism? |
| cost of specialized software and data | | | | 6. Service Level Agreement: What minimum |
| maintenance responsibilities but not from upfront | | | | service levels does the vendor guarantee to the |
| investment in hardware and in software licenses. | | | | client? What are the penalties for violating SLA? |
| Early ASP applications were created from | | | | 7. Problem Resolution: Is there a formal process |
| traditional CS applications by moving centralized | | | | to communicate problem identification and |
| data and application servers to a third-party | | | | resolution? How is it tracked? |
| hosting service provider and allowing access to | | | | 8. Data Access and Ownership: Who owns the |
| the application via HTML user interface as an | | | | data? Keep in mind that according to HIPAA, the |
| afterthought. The third-party hosting service | | | | patient is the ultimate owner of health data. How |
| provider would take the responsibility for | | | | secure and private is the connection? Does it |
| application maintenance and data protection. | | | | have Role based Access Control (RBAC)? |
| The medical practice using early ASP model | | | | 9. Disaster Recovery: How long would it take to |
| manages two costs: | | | | recover from a disaster? Is a secondary data |
| | | | center available 24 x 7? |
| 1. Licensing and monthly support fee to software | | | | 10. Disengagement Procedures: How long is data |
| vendor | | | | available upon severing the relationship? Who is |
| 2. Software hosting fee to hosting vendor | | | | responsible for data transfer to the new vendor? |
| (typically a "pay-as-you-use model") | | | | |