Use of Affordable Open Source Systems by Rural and Small-Practice Health Professional - 2010

Target Population: Rural Health*

Summary: National efforts focus on improving medical quality and reducing costs by implementing standardized electronic health records (EHRs), which enable secure exchange of health information between different systems. However, rural health care providers and providers with small practices may not have the financial resources or expertise to purchase and maintain expensive hardware and software applications to participate in this effort.

This project seeks to meet the EHR application needs of rural and small-practice ambulatory health care providers throughout the United States using open-source EHR applications that are reliable, secure, confidential, standards and regulations-based, and able to be integrated with other health care systems. Hardware and software installation, usage, and maintenance costs will be optimized to maintain affordability.

The research team has conducted telephone interviews to assess the needs of rural and small practice doctors and is also making detailed assessments of promising open-source EHR applications. These assessments evaluate the functionality, trustworthiness, interoperability, performance, compliance, and affordability of open-source EHRs. In addition, the research team is developing a process that software engineers can use to evaluate existing open-source EHR applications and remove faults and vulnerabilities.

Ultimately, the team hopes to implement servers using open-source EHR applications that enable rural and small medical practices to obtain the benefits of EHR technology. However, even if promising open- source EHR applications are not identified, the platform being developed will function as a testbed system so that practitioners and their support staff or other researchers can continue to conduct research on a variety of health care applications.

• Conduct an assessment of the needs of rural and small practice doctors with regard to the capabilities, strengths, and limitations of existing open-source EHR applications. (Completed)
• Identify and evaluate promising open-source EHR applications. (Ongoing)
• Develop and disseminate a process for evaluating the functionality, trustworthiness, interoperability, performance, compliance, and affordability of existing open source EHR applications. (Ongoing)
• Advance software engineers’ understanding of best practices for developing new or enhancing existing EHR applications. (Upcoming)
• Implement servers using open-source EHR applications that enable rural and small medical practices to obtain the benefits of EHR technology as they run their offices and securely store, utilize, and share patient data. (Upcoming)

2010 Activities: The research team continues to work on testing the software development process. They developed a methodology for systematically creating a security test plan based upon system requirements. Additionally, they began an analysis that will inform software engineers who are developing health care applications of the most efficient and effective means of removing faults and vulnerabilities. This analysis is being conducted on five open-source health care information technology applications, specifically EHR applications: OpenEMR, Tolven, PatientOS, WorldVistA, and OpenMRS. In the process, they are finding and reporting vulnerabilities in these applications.

The team completed interviews with physicians and their support staff from four practices. These interviews gathered and analyzed the EHR needs of rural and small practice ambulatory health care providers. Data from these interviews are now being analyzed.

Analysis of open-source EHR applications continues. This effort assesses the capabilities, strengths, and limitations of existing open-source EHR applications towards meeting the needs of rural and small practice doctors. To date the team has identified 177 vulnerabilities in OpenEMR, Astonaut World VistA, and in a concurrent evaluation of a proprietary medical application.

A prototype system was installed on a virtual computing platform. The original plan was to deploy and maintain promising open-source EHR applications. However, sufficiently secure EHR applications have not yet been identified. Until secure EHR applications are found, the system will function as a testbed system through which practitioners and their support staff or other researchers can access and conduct research on the five healthcare applications.

Grantee's Most Recent Self-Reported Quarterly Status (as of December 2010): The research team continues to assess open-source EHRs and has installed a prototype system on a virtual computing platform. Interviews with physicians and support staff from rural and small-practice providers have been completed. Progress is roughly on track. The budget is somewhat underspent.

Preliminary Impact and Findings: Through extensive analysis, the team identified 177 vulnerabilities in OpenEMR, Astonaut World VistA, and a proprietary medical application. The team continues to find that most other open-source EHR systems are insecure, and results to date indicate that open-source developers of EHR applications are not aware of possible security vulnerabilities in their program code. However, the team has found one system that may be a viable EHR application. It has some problems but appears to be significantly better than other EHR systems. They are continuing to work with this application and have reported their security concerns to the developer.

Strategic Goal: Develop and disseminate health IT evidence and evidence-based tools to improve health care decisionmaking through the use of integrated data and knowledge management.

Business Goal: Knowledge Creation

*AHRQ Priority Population.