What Software Companies Don’t Want You To Know About Your Data Security Liability

What Software Companies Don’t Want You To Know About Your Data Security Liability

Today I received an email from a client. He had a question I have been getting a lot recently. In the software world, companies have been using this topic as a way to manipulate doctors into buying their software. It really bothers me because, as a doctor, I would be really upset if I knew how much exposure they were really costing me had I bought their deception.

Two types of systems

There are two types of systems. Cloud/Web based and client server.

  1. Client Server means the server and data is stored in the doctor’s office. Then other computers in that office connect to that internal server. Each computer and the server need to have the software installed on them. The software needs to be updated on a regular basis. Examples are Chirotouch and Platinum
  2. Web/Cloud means the server and data is stored www.newsoftwares.net/folder-protect/howto/ in the cloud or more accurately, stored on a server that is in a data center connected to the doctor’s practice by the internet. In this case, the software itself is also stored on the same servers. You can think of it like quickbooks online version.

I want to own my data

Of course you do and you should. The lies start here. Some Client Server software companies have been telling doctors that if their data is on a cloud server they don not own it. There’s no other way to say it. It is a big fat lie. You always own your data. It doesn’t matter where the server is.

I want to keep access to my data

Again, of course. Client server companies have been telling clients for years, “if you ever leave that company you can’t access your data again”. It is a scare tactic, again a lie. If a company ever held your patient data and would not give you access to it, it would be illegal. By law cloud based systems must to store PHI (Protected Health Information) for 7 years or whatever is the legal requirement for that doctor’s state.

They will keep your data hostage

Maybe they are unaware, maybe it’s another lie, maybe they have no clue about running a business. Considering the other tactics I just discussed I have my own opinion.

The truth is we are all in business. Imagine what would happen from a PR standpoint if a cloud based system withheld access to a former client’s patient records. It just doesn’t make sense. In the age of Twitter, Facebook and other social media outlets withholding access to a client’s data for no real reason, legal or not, would be just plain stupid. Most cloud based systems have a clause in their contract for the case where a former client needs to gain access to patient files.

Again, consider the alternative. You buy a new client server system. You use it for a few years. You decide to go in another direction. Maybe you choose to move to the cloud. 5 years later a patient has a legal case unrelated to your practice and they request records that were on your old client server system from 7 years ago. By law you are required to provide them.

You go into the dark recesses of your office where your old server is. Hopefully you still have a computer connected to the server. In any case you haven’t fired either of those babies up in 5 years! Who are you going to call? How will you get the records? What if the server doesn’t even turn on?

If you don’t have a computer hooked up to that server you’d need to do so. Will a new computer be compatible? It would need to have the software installed on it in any case. Do you think that old software company will actually give you a license? What if they were bought out in the meantime? (There’s a reason all of these client server systems are getting purchased by the way)