Debunking Common Misconceptions About Open-Source EHRs

By Mariia Kovalova

Electronic health records (EHR) are widely used by healthcare organizations around the globe. For instance, more than 90% of practices in the U.S. have already implemented this software. The systems most commonly used by physicians are Epic, Cerner, and Athenahealth, all of which are commercial EHRs. Judging by statistics, open-source EHR systems are underused in the industry, which is unfortunate, since this type of software offers unique benefits, especially for healthcare organizations with limited budgets.

Open-source software is often surrounded by misconceptions that hold people back from adopting it, so healthcare organizations that consider implementing an open-source EHR need to separate harmful myths from actual challenges that such a project can entail.

Myth #1: Open-source EHRs are less secure than proprietary systems

Patient data security is paramount, especially now, when data breach costs in healthcare surpass any other industry. Healthcare providers are understandably concerned about the security of patient information being stored in a system with an open code that can potentially be studied by cybercriminals.

However, there is no evidence that open-source software is more vulnerable than commercial systems. On the contrary, the open-source community unites people who fully understand the importance of security. They are transparent about vulnerabilities found in the system and collectively dedicate time and effort to promptly fixing them.

It’s worth noting that some open-source EHRs don’t have the same community support as others. Therefore, while one shouldn’t automatically assume that an open-source system is less secure than a commercial one, it’s worth checking if the system of your choice has an active community that contributes to its improvement.

Myth #2: Open-source EHRs have limited capabilities

While most open-source EHR systems indeed offer only essential features, it doesn’t mean that the adopters should stay limited to the default functionality. To properly choose and implement an EHR system, healthcare organizations need to determine what workflows they need to facilitate and which functionality is required for the task. If the functionality included in most open-source EHR systems is not enough, healthcare organizations can implement additional modules built by the community.

The advantage of the open-source system is that it can be easily expanded and modified to the users’ needs. Though such EHR enhancement projects require help from skilled developers, which adds up to the implementation cost, as a result, you can get a solution more tailored to the particular organization’s requirements than an out-of-the-box commercial EHR.

Myth #3: Open-source EHRs are difficult to implement

The level of technical skill required to set up and configure an open-source EHR depends on the particular system, as well as the scope and complexity of the customizations that a healthcare provider wants to implement. For example, OpenEMR, a popular web-based open-source EHR and practice management suite, is fairly easy to adopt and use, while OpenEHR is a combination of open specifications for building a custom solution, which can only be done by expert developers. Therefore, open-source solutions are no more or less difficult to implement than proprietary systems. To ensure the success of an open-source EHR project, healthcare organizations need to partner with an experienced technical specialist or choose an easy-to-set-up solution like OpenEMR.

Myth #4: Open-source EHRs don’t comply with regulations

The healthcare landscape is evolving, and the open-source community takes care to make more EHR solutions compliant with U.S. regulations. However, a few solutions that are more often used outside of the U.S. may still not be properly certified. For example, OpenEMR and commercial versions of the VistA EHR systems comply with HIPAA and meet the criteria of the 2015 Edition CEHRT, while OpenEHR doesn’t. However, if it so happened that the solution of your choice doesn’t inherently comply with the healthcare industry regulations, you can always hire software developers to align it with HIPAA regulations regarding data security, access controls, and patient privacy.

Myth #5:  Open-source EHRs aren’t suitable for large healthcare organizations

While small healthcare practices and non-profit healthcare organizations with budget constraints are usually the target user audience for open-source EHR software, there’s no reason why large healthcare institutions can’t also benefit from the low cost of such solutions. The best example of such a use case would be VistA, the open-source system implemented in Veteran Affairs hospitals across the U.S. The open-source systems are highly scalable and can be extensively customized to fit large companies with multiple medical specialties and care-related services even better than proprietary systems. Open-source software also tends to be highly interoperable with other healthcare solutions and therefore can fit flawlessly into enterprises’ elaborate IT ecosystems.

Summing up

Open-source EHR solutions are a viable alternative to commercial EHR software for healthcare providers regardless of their size or specialty. They have many advantages compared to the proprietary solutions, namely the cost of the base system, extensive customization capabilities, and better interoperability with other healthcare software due to code transparency. At the same time, the downsides of open-source include complex implementation, lack of compliance for some systems, and hidden adoption and maintenance costs.

Still, healthcare organizations that want to leverage the advantages of an open-source EHR shouldn’t be discouraged by the potential challenges, as they can be overcome with the help of an experienced software implementation partner.

Mariia Kovalova is a Healthcare Technology Researcher at Itransition, a custom software development company headquartered in Denver. Having working experience with both healthcare and IT industry, she is constantly on the lookout for technologies that will help providers optimize their processes, enhance patient experiences, and build up more resilience.