SaaS EMR versus Client Server EMR

I think the debate over a SaaS based EMR versus a Client Server EMR is never going to end. Maybe we should just have a peace treaty and decide that whoever has a SaaS EMR is going to love the SaaS model and the benefits and features of a hosted EMR solution. The client server EMR people are going to love their in house “doctor controlled” EMR software with its inherent features and benefits.

What inspired this post? A few old threads popped up on my stats page. First, is a SaaS EMR versus Client Server EMR poll I did back in June of 2009 about which type of EMR setup people prefer. Here’s the results (as of this posting):
Client Server EMR (Client Install) – 35 Votes
Client Server EMR (Web based) – 28 Votes
Hosted Web based EMR (SaaS/ASP) – 84 Votes
Huh? – 3 Votes
Doesn’t Really Matter – 7 votes

That’s good enough as a tie for me. Probably reflects the chasm we have in EHR and EMR companies. There’s plenty of each to go around.

The above poll also led me to this post about the myth that a SaaS EHR is required to show meaningful use. I forgot that some EMR companies (or likely their sales people) were spreading these crazy myths about meaningful use.

About the author

John Lynn

John Lynn

John Lynn is the Founder of, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • Agreed. No use fighting. I’ve talked to enough providers that swear by and are passionate about one or the other. No amount of argument and counter argument will change what they believe in. Also, from a vendor’s perspective, there’s room for all to thrive and succeed. So vendors, let’s resolve to not put down the other side, and resolve to be and do the best you can in 2011. Help providers get their Incentive money. Success will breed success. As providers currently sitting on the sidelines see that this is for real, they will invariably join.

  • My concern with a hosted solution is the confidentiality of the records and data security / integrity. Is there any federal regulation that addresses due dilligence on behalf of the SaaS suppliers. How can they assure that the data is safe today and will remain safe years from now? One other thing in making a decision whether to go with a SaaS solution or keep the records locally, is accessability. Do you an idea of the impact to a practice if you cannot access a remote application or its data for along period of time? How good are the could suppliers at establishing and honoring service level agreemets? Does anybody have any refeences of know about any studies in this area? This will be very helpful insight in order to make a decision.

  • Hi Juan,
    Some really great questions. I’ll do my best to answer it.

    The best assurance you get for the security and integrity of a SaaS based EHR is that the vendor will have to (or you better make them) sign a business associates agreement. Once that’s signed, then they are required to abide by the same HIPAA laws as a medical provider. So, they’ll be held liable if something happens.

    I haven’t seen the service level agreements being as much of an issue as a clinic’s internet connection. Most SaaS EHR providers do a great job keeping their systems running. In fact, in the past 5+ years I can’t think of any major incidents I’ve heard of as far as crazy downtime for a SaaS EHR vendor.

    Instead, the weak link is your local internet provider. Certainly you have to have a plan of what to do when your local internet goes down because they dug up the wires outside your office when they were doing some construction (or other such even). Some have redundant internet connections. Wireless phones, ipads, etc also can provide a nice secondary internet connection for some clinics. Others just keep operating without access to the EMR and then input the data into the EMR later. Many doctors can still see and care for the patient without the chart.

    I haven’t seen any studies in this regard. I’m not sure how you’d even study it.

    I hope this helps.

  • We took a look at the HHS’ data on large-scale (500+ people affected) HIPAA violations. We found that there were only 7 violations involving EMRs since 2009, and all involved on-premise systems. In fact, a majority of violations were due to theft and loss of both paper and electronic storage devices.

    It will be interesting to see if these numbers change as more users adopt cloud-based/SaaS EMR options.

    Full report on the subject here:

  • The reality is that which model works best for you depends on whether you can have a substantial IT staff in your practice. A one person practice, no. A 50 person; maybe. Even then, how many practices have DR sites with backup PC’s and servers (backed up to at least every night)? Try and remember what a medical practice is for – to practice medicine, not IT.

    BTW, just because you have it in house does not mean your system and data are safe and secure. Your offices are probably much easier to break into then a secured data center. A cloud based system is fairly easy to secure on the doctor’s office end. But imagine – if you have a server, and you have a break in – one of the first things they wheel out is your server!

Click here to post a comment