Open-Source EHR: Benefits and Drawbacks

August 14, 2014

As open-source software’s popularity grows, health IT has been slow to join the rising tide, even though EHRs were born open-source. What are the pros and cons of open-source EHR software?

As open-source software’s popularity grows, health IT has been slow to join the rising tide, even though EHRs were born open-source. What are the pros and cons of open-source EHR software?

Open-source software, according to the Open Source Initiative, a global non-profit that supports open-source development, “is software that can be freely used, changed, and shared (in modified or unmodified form) by anyone.” That does not necessarily mean that the software doesn’t cost anything; many companies sell open-source software.

Also, as an important point of differentiation, open-source software is not the same as an open API, or application programming interface. An API is a source code based interface that specifies how some software components interact with one another, or in other words, an API allows a software developer to more easily interface different pieces of software.

Probably the best known example of open-source software is Linux. Created by Linus Torvalds, Linux is a computer operating system like Windows or Mac OS, but unlike those examples, no one owns the source code, or the actual computer language that tells the program and computer what to do. As a result, anyone can develop a Linux-based operating system. Simply download the source code and start modifying it to your heart’s content. If an open-source developer creates a program based on open-source software, nothing precludes them from selling that program; they just have to make the source code available to users in order to qualify as open-source software according to the Open Source Initiative’s Open Source Definition.

As noted earlier, electronic health records software (EHR) was born as open-source software. VistA, or the Veterans Health Information Systems and Technology Architecture, was one of the precursors to modern EHR programs. VistA came into existence as the Decentralized Hospital Computer Program (DHCP), created by an executive order from then-VA Administrator Robert Nimmo in 1982. However, VistA’s origins can be traced even further back to 1965 and the signing of the Medicare Act.

In order to meet the requirements of the Act, the Department of Health, Education, and Welfare (now the Department of Health and Human Services) organized several internal agencies, including the Health Care Technology Division (HCTD). According to the VistA history project, the HCTD realized that computer software was likely the best way to “establish a baseline of data and information from which the changes in health-services delivery patterns, quality, and cost could be identified and tracked.” These same initiatives are what drove the creation of the EHR Incentive Program and the boom in health IT going on right now.

As is the case in any ‘boom’ industry, EHR software has had some well-publicized issues, including low user satisfaction, claims of fraud due to copy-and-paste or ‘upcoding’, poor interoperability between EHR programs, and even EHR vendors holding patient records hostage when providers switch programs. Open-source EHR software, while not a cure-all, can help solve many of these problems.

Unlike EHR vendors who offer their software under a traditional license, open-source EHR vendors have no incentive to protect their search code. One of the biggest issues with developing interoperability between EHR programs, one of the main goals of the EHR Incentive Program, is that EHR vendors are afraid of their competitors gaining access to their source code. Unfortunately, to achieve true, semantic interoperability, collaboration between vendors will be necessary.

Open-source EHR companies can and will collaborate much more easily than vendors with proprietary software licenses. Even if the vendors don’t cooperate, the community of open-source developers can create any custom interface or function desired, and often do so for free and upload their work to code repositories like GitHub, made available for use by anyone. Some open-source development communities are better than others, but some of the more active communities are far more prolific than even the dedicated developers at proprietary software companies; the number of custom functions, innovative features, and software updates produced by developer communities can be mind-boggling, especially when realizing that their work is often unpaid. Even if a vibrant developer community doesn’t exist, with open-source software a provider always has the option of hiring a freelance developer to create whatever custom functions or workflows desired.

While there are many positives of open-source software that would solve quite a few issues currently faced by the EHR-using community, open-source EHR is not without drawbacks. Security is usually the biggest concern; if the source code for the software is publicly available, then it theoretically is much easier for a hacker to gain access. Of course, any poorly secured system, whether open-source or proprietary, can be exploited by hackers. Any hacker that can beat the security measures in place in a hospital data center, open-source software or not, will likely be able to wreak havoc and gain access to sensitive information. Sure, it might take the hacker a little longer to discern what the proprietary code means versus the open-source code, but any hacker that can defeat the bank-level, HIPAA-compliant firewalls and access control measures that come with EHR software is going to be able to figure out what the proprietary code means, it may just take a little longer.

Another concern with open-source EHR is the perceived lack of support. Yes, while there are robust communities of developers in open-source software, it is rare that an open-source program offers the kind of phone-based technical support sought by most providers. There are a few open-source software vendors that offer 24/7 support, but as a whole, open-source EHR vendors do not have the same kind of support resources that proprietary vendors do. Also, because open-source software is usually the purview of so-called power users, implementation is rarely as easy as it is with off-the-shelf software, and there are often ‘hidden’ costs like custom functions and integrations that must be programmed by a paid consultant. This can create quite a few problems, especially when attempting to attest for Meaningful Use; custom software is notoriously difficult to have certified by an ONC-approved group.

In short, open-source electronic health records software is a great choice for providers or organizations who desire truly custom software solutions. While there are drawbacks, most are superficial and easily mitigated by spending a little money; as with most things in life, “you get what you pay for.”

Photo Credit: Maria Boehling at CC