How to Build an EHR System

You have an idea of your own EMR system or EHR software, now what? If you don’t know where to start, how to create an EHR, this guide would be the best place for it. The recommendations inside are based on the 4+ years of experience we have in developing and customizing successful HIPAA/GDPR-compliant EMR/EHR systems for hospitals, private practices and physicians, outpatient facilities, pharmacies, medical software businesses and EHR startups from USA and Europe.

Contact us to know how our EHR/EMR experts could help you with EHR/EMR development or selection, EHR integration, EHR implementation, EHR data migration, training or support!

Differences Between EHR and EMR

The terms electronic medical record (EMR) and electronic health record (EHR) are defined differently by the U.S. Department of Health and Human Services. It matters because EHRs include more features than EMRs and thus require more investment to develop.

The EMR is an electronic records of health-related information for an individual patient that is created, and managed by providers and staff members located within a single healthcare organization.

The EHR is an electronic records of health-related information for an individual patient that is created, and managed in 1) a manner that conforms to nationally recognized interoperability standards, so that it 2) can be utilized by members of more than one healthcare organization.

When You Need to Build Your Own EHR System or Customizable EMR?

  1. You create your own EHR startup to better solve your target customers' problems.
  2. Packaged EHR solutions available on the market are not customizable enough to align with your specific practice and its operational goals.

The medical software market is full of boxed systems that claim to be “customizable”, yet the most customization you could do is change the fields in the forms. This forces the medical professionals to fit a predefined framework, rather than adapt to their personal style of working with patients or managing their practice. In addition, the current approach to record keeping often requires doctors to spend more time with a computer than interacting with the sick people and observing their symptoms. While some of the issues can be solved with appropriate technology (e.g. using voice recognition for fast data entry), the best way forward would be a different design philosophy.

The EHR should be easy to personalize, and it is the software that should adapt to the doctors’ needs, not the other way around. As usual the actual users (doctors) are not taken into account. That is why providers HATE the EHRs available.

The most typical challenges doctors face with pre-built EHR solutions are described below:

  • "We are using many different systems and need a customized solution. We have looked at many EHR systems and they are dismal and overpriced, they will NOT do the job. We have outgrown our system and need a solution with a modular approach. It must be very easy for providers and nurses to use. This is crucial to prevent physician burnout and not make doctors into data entry clerks. "
  • "I developed a mental health treatment plan template software for myself using one of the Form Management Systems and has recently allowed several other physician's in my clinic use it. The feedback has been tremendous and I've been encouraged to consider developing a new Mental Health EHR based on what I have. The idea actually came from frustration with all the mental health EHR's I've worked with and the seemingly unbridgeable gap between "writing good, legible and useful" notes with "billable notes"!"

Where to start

Formulate your idea in a request for information

In case you would like to create a new EHR system for your practice or are trying to customize an electronic medical record your request for information might look like this:

  • I would like to discuss the development of a EMR/EHR for my group practice of specialist physicians. I'm interested in an EHR that allows for forms customization. How much will it cost?
  • We currently have a paper system and would like to upgrade to EMR. What would be the cost of its developing?
  • We are searching an EHR system that we can implement to the clinic. What is the deployment and maintenance fee of it? And what is the term of such kind of software? Can we arrange a call to discuss possible partnership?
  • I would like to start a EHR SaaS development project with you. In addition, I would like to build an IOS and Andriod app for patients to book their appointments, review their medical history, receive their E-prescription, and to link their health insurance information with their profiles. Kindly contact me for more details and with an estimated price quote.
  • We need an EMR for patient encounters with the appropriate backend database and frontend API layer for providers, nurses, and a receptionist. We plan to expand that to online scheduling, lab integration, CPOE, and billing.
  • We are a rapidly growing healthcare startup company looking to build our own EMR software to fit our needs. I would like to set up an initial call this week to inquire about your services. We need a platform-agnostic EHR because we will use either AWS or GCP as cloud storage and compute engine. The system needs to be future proof with common standards so that we can add further APIs, apps as needed. We will need a robust backend database which stores information as per industry standard (HL7 v2, v3, FHIR, etc), it MUST be able to have easy interoperability so that we can add API for bidirectional communications with other systems (eg LIS).

Case#1 How We Developed a Custom EHR System For a Regenerative Orthopedic Clinic

Our client was an investor from the USA (we have signed an NDA so we are not able to disclose the client's name and detailed information) who wanted to create brand new EHR software because the available solutions didn’t fit the needs of his target audience. In collaboration with healthcare consultants from his partner - an Orthopedic clinic - he planned to develop a web-based SaaS EHR system with the following key features:

  1. Medical Records (Data collection forms, Dashboards);
  2. EHR business intelligence. Benchmarking reports that show the difference between treatment results of a particular patient and other similar clinical cases. Doctors can utilize these reports to compare their data with the information on the other patients with the same diagnosis and treatment plan (incl. medications) both in their clinic and other locations using this EHR;
  3. Patient Portal (with “patient passports”).

Facing the lack of in-house software developers, the client decided to outsource the EHR development and asked Belitsoft to develop the MVP version of such an EHR software.

How we organized the EHR software development process

Allocation of an EHR Business Analyst. This EHR system was designed to be multi-featured with many interdependencies. In addition, the customer has planned to regularly add new functions once the software was on the market. So to make the system scalable and future-proof it was important to identify the potentially conflicting requirements and resolve them before the actual development begins.

This is why Belitsoft has assigned an experienced EHR Business Analyst (BA) who has previously worked on other healthcare systems to the project team. Their domain-specific knowledge was especially useful in translating the customer’s business needs into technical requirements.

Software Development Model Selection. Agile software development process was chosen because the Client wanted to build a large and complex software product staying highly involved in the project development and customization. In addition, the team needed to stay flexible to adjust to the constantly evolving business requirements. 

Effective communication is always 50-60% of a successful custom application development, that is why a proper communication plan was established:
1) The communication was mostly remote. The client has visited Belitsoft office just once before the development process began to get acquainted with Belitsoft management and development team.
2) The MVP software development process was divided into sprints - periods of time during which a portion of programming work had to be completed and made ready for client’s review. From the fifth sprint onward we were preparing e-mail reports for the client every 1-2 weeks to enable him to make any changes or refinements promptly.
3) The Business Analyst acted as a primary contact person for the client, having regular Skype meetings, systematizing all the requirements correctly and showing demos (sprint releases). The BA was also responsible for the conformity of the final product to the documented requirements.
4) Communication by email was used when our Client needed time to make important strategic decisions.

Software architecture selection. While developing this healthcare software, project development team was using the modern microservices architecture approach keeping in mind that it might be required to develop frontend apps for Web, Mobile, and Desktop. 

The HIPAA compliant server architecture was proposed by Belitsoft to the Client to make sure that the medical application meets the HIPAA's technical requirements.

The architecture of the system contains the following parts:
1) Backend: Database Layer (MySQL) and API layer (API for the web admin panel and API for the frontend apps);
2) Frontend: tablet-friendly mobile application. Tablets are very convenient tools that are widely used in the leading hospitals and healthcare systems.
3) Frontend: web admin panel based on Angular framework for form templates and users management. Angular, maintained by Google, was chosen because it’s very reliable compared to other JavaScript frameworks.

MVP-First Approach. “SaaS product development” term implies the development of specific features, an access control system to those features and a subscription billing system that charges users for access. At the first development stage in order to reduce the cost of the MVP version development of the SaaS EHR, we developed only the most important functions that our Client’s customers were ready to pay for, along with the access control system. At first, it allowed our Client to add his customers to the system manually. At the second stage of the development, it became possible to automate the billing process and integrate the SaaS with online payment systems like PayPal.

To prevent the loss of patients’ information, we have developed a synchronization module. If a doctor’s tablet goes offline while they’re entering clinical data, this module will save the notes and upload them to the cloud when the Internet connection is restored.

Setting up the right testing process. The high quality of a custom healthcare software can be guaranteed only when a proper testing process is established. An experienced project manager Dmitry Garbar applied best practices to boost the productivity of the software development and testing team on the project.

ehr example Example of Custom EHR
ehr example Example of Custom EHR
ehr example Example of Custom EHR
ehr example Example of Custom EHR
ehr example Example of Custom EHR

Case#2. Voice Recognition for an EHR system

Belitsoft was approached by the owner of a private medical center chain from the USA. Doctors and nurses working in his company were spending too much time on EHR-related tasks. This meant they either had less time for patients or more overtime work. Implementing speech recognition could be a solution to the problem - by talking to the machine the medical professionals could enter information quicker and even do it while examining the patient.

The client chose Belitsoft for the following reasons:

  • Proven experience in working with both speech recognition technology and Healthcare domain;
  • Competitive pricing;
  • Good reviews and references.

The scope of the project was extensive and subject to change. So the client and us agreed on Agile development methodology along with the time and material cooperation model.

The client’s representatives visited Belitsoft’s office before the kickoff to get acquainted with the team and the company leadership. Over the course of the project several key staff members went to the client’s office to learn more about the end users and their work environment.

The development process was split into a number of 3-week sprints. Each sprint ended with a demo session where we showed the result of our work to the customer. These meetings were useful as a source of feedback for us and as a proof of money well-spent to the client.

The client has also put together a focus group from medical professionals working for him. These people proved invaluable in understanding the end users’ needs and testing of the features.

ehr example EHR Voice Recognition
ehr example EHR Voice Recognition
ehr example EHR Voice Recognition

The speech recognition system integrated with our client’s EHR was built as an on-premise solution due to security concerns.

Its most notable features included:

  • Voice input of text and numbers;
  • Voice commands for navigation inside the system;
  • Automatic expansion of medical acronyms and abbreviations;
  • An option of adding more dictionaries for medical specializations;
  • An option to adapt to the voice of a specific medical professional.

The first release included three core dictionaries: general medicine, pathology, CT/MRT.

Each contained the data the system needs to recognize and process the words relevant to the appropriate niche. The “general medicine” dictionary was useful for all fields within medicine, while “pathology” and “CT/MRT” had relatively few words and were cost-effective to implement. The system also included the option to expand the dictionary list, as mentioned above.

As one of the customer’s requirements we have also created an open API for the system to make it easy to integrate with other medical solutions.

We have also been tasked with finding the most suitable headset for doctors and nurses. It had to be convenient enough to be worn 8 hours a day and provide high signal quality.

The resulted system has successfully solved the customer’s problems.

Time spent on clerical tasks has decreased by 23%. The results were even better with older doctors, who were experts in medicine, but not experts in computers. Moreover, the focus group has reported higher satisfaction with their work environment.

EHR Charting

Medical providers are required to keep detailed charting documentation, which could affect claims reimbursement in the case of an audit. With custom charting module the provider can spend less time typing, and focus on the patients and their health.

The most common features for the charting module are:

  • Customizable/Specialty-specific Charting Templates.
  • Medical History.
  • Medical Encounters.
  • Orders and Prescriptions.
  • Progress Notes.
  • Test Results.
  • Information exchange.
  • PHI Copying.
  • Guidelines.

Customizable/Specialty-specific Charting Templates. A dentist and a psychiatrist can include different things in the patient charts. So it would be preferable if the system adapted to accommodate their needs. This could be either done by making the charts highly customizable or including specialty-specific templates in the charting module.

Medical History. This element logs the patient’s conditions throughout their life. It can include the growth chart, medication and immunization history, allergies, family and social data, habits (e.g. smoking and alcohol use), surgeries, obstetric information and more. Having it on hand allows doctors to gain insights as to the causes of the patient’s current condition.

Medical Encounters. When someone visits a physician, this is where the doctor puts the gathered information on the patient’s current condition. Encounter data includes the chief complaint, history of present illness, physical examination results, vital signs, assessment, and treatment plan. 

Orders and Prescriptions. This feature creates and stores the medication orders and prescriptions. These can be printed or sent electronically to the pharmacy straight from the point of care. 

Progress Notes. Regular, chronological updates on the patient’s condition. These are used mostly for hospitalized patients and can be entered by all clinical professionals participating in the care: doctors, nurses, pharmacists, dentists, etc.

Test Results. Blood tests, biopsies, X-rays and other similar examinations are stored and managed by this module. Images (e.g. MRIs) can be either stored as-is using formats like DICOM or handled elsewhere, in which case the chart will likely contain the reports as text. 

Information exchange. To increase their efficiency, the charts should exchange data with other modules in your EHR/EMR. Demographic information and vital signs (heart rate, blood pressure, temperature, etc.) should automatically be taken from other modules and entered in the forms so that the clinicians don’t have to do it several times. And integration with the billing module can help with assigning codes and decrease the number of errors.

PHI Copying. According to HIPAA, patients can ask for and receive a copy of their personal health information (with certain caveats). This means that the charts should be either printable or convertible to a popular electronic format, e.g. PDF. 

Guidelines. Including information like normative lab values, weight parameters, dosage guidelines, screening recommendations, etc. gives the physicians a benchmark to quickly measure patient stats against. A reference point like this helps doctors provide better care.  These values can also be accessible to the patients via the portal, thus improving their knowledge about their own health.

EHR Software Integrated with a Medical Billing System

Are you looking for a personalized EMR system that will connect to your Billing system? EHR needs to have a robust module to handle payments and reimbursements.

The most common features for the billing module are:

  • Claims submission;
  • Copayment/Coinsurance/Deductible processing;
  • Reporting;
  • Claims rejection analysis;
  • Automated coding;
  • Automated eligibility verification;
  • Payment tracking.

Claim Submission

This feature allows the practice to create superbills and electronically submit claims to a clearinghouse or directly to the insurance company. It must also be able to generate bills and patient statements for the patients who need to pay for the visit. 

The claims are usually submitted in groups to save staff time. However, if even one of the claims is found to be non-compliant with HIPAA, the whole batch will be sent back for corrections, which cost time and, therefore, money. That is why EHR providers integrate “claim scrubbing” - automatic checking for errors before the claim is submitted. 

It is estimated that 90% of claim denials are preventable by using better procedures, making a well-designed submission module a valuable tool for improving a practice’s bottom line. 

Copayment/Coinsurance/Deductible Processing

Your EHR should notify the reception staff if a patient needs to pay for the visit out of their pocket. This would help your practice increase the collection rate. Given the abysmal overall payment rates among patients (e.g. the average payment rate for people with high-deductible plans receiving outpatient care is only 18.2%), any improvement in this area is bound to be meaningful.


You can’t manage what you can’t measure, which is why EHR needs flexible billing reports. They will demonstrate the rates of reimbursement and patient collections, recent and historical trends, and more. 

Many off-the-shelf EHRs have the option to create custom reports or tailor the existing ones to better fit the needs of the practice. In turnkey systems, the nature and flexibility of the reports are discussed in advance and then created according to the customer’s requirements.

Claim Rejection Analysis

This module processes the rejected claims and highlights the errors that need to be corrected. The reasons could include incomplete or incorrect information, non-covered services, missing codes, etc. When the mistakes are fixed, the claims can be resubmitted. 

Automated Coding

ICD-10 has almost 70.000 diagnosis codes. Together with a multitude of CPT codes, this creates a problem for the billing staff, as coding mistakes can lead to claim rejections or denials. An automated system will help the clinicians with assigning the correct values to the diagnosis and treatment, and will also transfer these values to the claim form, reducing human involvement and risk of error.

A specialty-specific EHR, e.g. for Orthopedics or Behavioral Health, might have a module that suggests the codes most relevant for that specialty. This makes the work of clinicians and coders easier and once again decreases errors. 

Automated Eligibility Verification

The EHR can be integrated with the insurance companies’ databases. As a result, the administrative staff can see the patient’s insurance details (if the patient is covered), and the clinic can avoid rejections. 

Moreover, this data can also be transferred directly to the claim form to save time and decrease risk.

Payment Tracking

This module helps manage financial resources by following each bill through every stage of its processing, from submission to payment. With this information, the administrative staff can estimate the reimbursement timeline


There is a number of billing features that aren’t as widespread as the ones above but can bring value to the practice nonetheless. 

Integrated Clearinghouse

A clearinghouse is a system that processes the documents sent from medical practice to the insurance company and vice versa (claims, 835 forms, etc.). Its purpose is to convert the data to the format that the receiving company’s software would accept. 

It is often a third-party solution. However, there are EHRs that have a built-in clearinghouse, thus eliminating the need for intermediaries and saving the practice money on using external services.


An inbuilt messaging system will allow quick and secure communication between clinicians and administrative staff, which would be useful in claims preparation and rejection analysis. The same feature could be reused in a patient portal or for coordinated patient care if your EHR is connected to those of your partners - labs, specialized medical centers, etc.

Referral Management

In certain cases, if the incoming patient doesn’t have a referral the insurance might not pay for their treatment. Having an integrated referral management system will help your billing team and reception employees be aware of the situation. Moreover, it will automatically inform the referring practice about the visit, closing the loop and freeing your employees from the need to follow-up via phone or fax.

Accounts Receivable Management

If a claim has been denied it doesn’t mean that your practice will never see that money. More than three-quarters of them are eventually paid. But your employees need to work to make it happen. That’s where an A/R management system will come in handy. It tracks the outstanding payments, helps correct the forms and resubmits the claims.

EHR and EMR Integrated Patient Portal

A patient portal is an extension of EHR. Data from it is published by a healthcare organization to the application with 24/7 online access. The patient provided with a secure login & password can view their lab results, diagnosis, radiology images or other clinical information. So portals are not records as such, but a convenient way for viewing, presenting and sharing information from EHR.

Besides, authorized patients can interact with healthcare providers by submitting messages, scheduling appointments, or requesting prescription renewals through the portal. Among other system’s features there is the ability to get reminders and notifications for lab results, upcoming visits and diagnostic investigations.

How to create a patient portal? A robust patient portal should include the following features:

  • Accessing personal health information;
  • Updating contact and demographic information;
  • Scheduling appointments online;
  • Messaging with a healthcare team;
  • Receiving notifications;
  • Integrating with third-party apps and systems;
  • Making payments;
  • Downloading and completing registration forms;
  • Accessing educational materials and communities.

“Many patients want to go online and manage their visits, bills and medical records retrieval personally: They no longer want to use their lunch hour to make phone calls, and it's exciting that we can make this happen for them. ”
- Dr. Daniel Shurman, co-founder at Pennsylvania Dermatology Partners

Accessing personal health information

According to the officials, a key priority of such a patient portal is to provide patients with convenient round-the-clock access to personal health information (PHI) via the Internet.

Having entered a unique username and password, patients can browse (and print if necessary) health information including recent doctor visits; case reports; medication lists; immunizations; allergies; lab & test results.

Patients want to see more than after-visit summaries and lab results. That’s why more and more health systems seek to support OpenNotes international movement for allowing patients to receive all of their clinical notes.

patient dashboard Source:

Updating contact and demographic information

Get patients to complete their registration and update their information online. Health professionals, for their part, have to check the accuracy and quality of registering data before it is accepted into their EHR.

Scheduling appointments online

Patients can get the appointment booked via the portal without going through the hospital telephone system and auto attendants. They receive an alert as the doctor confirms or reschedules the appointment.

booking appointment

Janna Mullaney, COO at Katzen Eye Group & Aesthetic by Katzen in Baltimore, shares their experience. When they first implemented an online appointment system, their patients were able to send a request, then doctors either booked the requested appointment time or offered an alternate option if they were unavailable.

They later modified the feature, making patients able to request a viable appointment. Thus, they can browse the hours for each location, every doctor who works there and their timetable, as well as check-up types they accept.

mobile booking Source:

Patient portals can help practitioners with cutting down on phone calls and decreasing non-appearance. SSM Health CIO Philip Loftus recorded a drop in no-show rates due to online scheduling. According to Loftus, patients who book online are more likely to come.

Messaging with a healthcare team

When a patient portal is integrated with an EHR system, secure encrypted messaging is the simplest and most efficient way to exchange information and test results both for patients and medical professionals.

“One available component of the portal that practices might not always appreciate is the secure messaging feature, which enables a practice to communicate with patients in a HIPAA-compliant manner [...] Activating this module of your patient portal can reduce the time that your patients are placed on hold and helps your practice to overcome the frequent challenges of reaching a patient.”
- Dr. Joy Woodke

Receiving notifications

If a patient books an appointment with a health professional, the system can reply with an e-mail, a text message (SMS) or a push notification to a mobile device. Plus, users can be reminded to take prescription medication or check a glucose level if the patient has diabetes.

Integrating with third-party apps and systems

More and more people use monitoring devices. Whether it be a fitness tracker, a medication reminder or a glucose monitor, these systems store patient vitals and can be useful for diagnosis and treatment.

To reduce the amount of data entry required, patients can upload information directly from medical devices, fitness trackers or smartphones.

Our development teams are able to integrate any third-party solution as a microservice. We can easily connect a custom patient portal solution with an open API of Apple’s apps, for example. Thus, patients would be able to share their details and download their records onto their iPhones via the Health app.

Making payments

Patient portals enhance customer experience in many ways, especially when providing the ability to make payments. This option makes it easier for patients to understand and handle their financial responsibility.

So, what payment features should be supported?

  • Insurance information: Login to the portal and view/update insurance data.
  • Billing query: Submit billing-related questions via the patient portal.
  • e-Payment: Make online payments via multiple modes.
  • History storage: View records of medical payment amounts and dates in one place.
  • Saved payment method: Securely hold a credit card or bank information for repeat payments.
healthcare payments

Downloading and completing registration forms

Whether patients complete registration forms online or when they are in the office, it usually takes 10 to 15 minutes to do all the paperwork. For those who complete pre-visit forms online, the system has to notify them of how long it takes to register.

Accessing educational materials and communities

Just as patients want to see their health history, they also want to figure out these records. However, diagnoses and treatment plans are usually difficult for users to understand. With a portal, they are able to access supplemental information online.

For users with lower health literacy, some health IT providers integrate natural language processing to translate certain clinical terms, thus making patient portal records more accessible.

The most effective way to improve customer health literacy lies in offering patient education where applicable. More and more health IT vendors have signed licensing agreements with educational platforms, allowing them to integrate patient education materials into their systems.

“We integrated this content with our EHR system so when a patient receives their clinical summary, they also receive educational information based on their diagnosis. We can also add information such as supplemental brochures, customize information, or include links that redirect patients to the AAO website or our contact lens distributor for more information,” - Dr. Mullaney

Patients often seek out people with similar health states for advice and support. Thus, for example, our client asked us to create a website for a community of people challenged with different diseases. Having logged in, they can access blog posts, chat with other community members and express their emotions with special icons.

patient portal

What are the regulations to keep up with

As a part of the 2009 HITECH Act, the Centers for Medicare & Medicaid Services (CMS) introduced the Meaningful Use (MU) program. The procedure was initiated to promote the use of EHRs in hospitals and medical offices. If measured by the number of active users, the program has been successful; the percentage of physicians preferring an EHR has increased from 48% in 2009 to 72% in 2012. As of 2017, nearly 86% of office-based physicians had adopted EHR.

‘It's what's right for the patient, and our goal as a country to get to better health, better healthcare and lower costs.’
Farzad Mostashari, MD, the former National Coordinator for Health IT

The American Recovery and Reinvestment Act of 2009 (ARRA) established the EHR incentive programs for both Medicare and Medicaid. According to the programs, the US Department of Health and Human Services (HHS) financially supports healthcare providers that adopt and demonstrate “meaningful use” of certified EHR technology. Additionally, EHR software companies must prove that their program complies with applicable HHS-adopted criteria and pass testing by an accredited independent certifying entity approved by HHS.

Since 2011, EHR software vendors have been held to the requirements of becoming “certified EHR technology” (CEHRT) to enable healthcare providers to attest to various federal payment programs. CEHRT means the software meets the HHS Secretary’s minimum standards for security and functionality. This certification process started with Meaningful Use.

Meaningful use: stages and requirements

Meaningful Use was implemented in a phased approach over a series of 3 stages.

Stage 1 aimed at establishing requirements for the electronic capture of clinical data. It also included providing patients with electronic copies of health data. Thus, all parties must have implemented an EHR that complies with the listed criteria in order to be eligible for government incentives.

Stage 2 expanded upon the Stage 1 criteria with a focus on emphasizing care coordination and patient data-sharing. Moreover, the CMS rulemakers considered ensuring that the MU of EHRs supported the aims and priorities of the National Quality Strategy. Finalized in late 2012, Stage 2 introduced more clinical decision support, care-coordination requirements, and basic patient engagement rules.

Practice showed that the choice a healthcare provider makes regarding their EHR platform has a notable impact on Meaningful Use performance. According to the study published in the Journal of the American Medical Informatics Association (JAMIA), EHR vendor choice accounts for 7%-34% of hospital performance variation in six Stage 2 core competencies.

number of mu criteria Source:

Stage 3 is expected to bring about advancements in care delivery by requiring enhanced EHR functionality and standards for structuring data. Besides, it is intended to improve coordinated care and patient engagement.

Thus, all CEHRT must be able to meet the following objectives for attestation to Stage 3:

  1. Protect electronic patient health information (ePHI): Eligible providers must attest to conducting a security risk analysis to assess vulnerabilities to ePHI that could cause data leaks. Identified security weaknesses must be rectified as part of the provider’s risk management process.
  2. Utilize electronic prescribing: more than 60 percent of prescriptions must be transmitted electronically using CEHRT.
  3. Implement clinical decision support (CDS).
  4. Use computerized provider order entry (CPOE)for more than 60 percent of medication, laboratory, and diagnostic imaging orders.
  5. Provide more than 80 percent of all unique patients with timely electronic access to health information, with the option to download the records. Use clinically relevant data from CEHRT to identify patient-specific educational resources and allow accessing those materials to more than 35 percent of unique patients.
  6. Use CEHRT to engage with unique patients or their authorized representatives for improved coordination of care. The measures cover three different aspects. First of all, they require physicians to have more than 25 percent of patients join their EHR. Secondly, care providers should ensure more than 35 percent of patients with a secure digital communication. And thirdly, more than 15 percent of patients have to generate data from fitness trackers or wearable devices.
  7. Improve health information exchange (HIE). The first measure requires more than 50 percent of care transition and referrals include the exchange of health records electronically. The second measure requires physicians to incorporate into the patient’s EHR an electronic summary of care document for more than 40 percent of transitions received and new patients. The third measure calls for using e-prescribing services to reconcile medication lists from online sources with their own for more than 80 percent of new patients.
  8. Coordinate with a Public Health Agency or Clinical Data Registry to submit ePHI, including immunization registry, syndromic surveillance, cases, clinical data registry, and public health registry.

EHR vendors offer different design choices, but some do a better job meeting MU criteria. However, provider choice alone won’t translate to compliance. System implementation, staff training, and EHR optimization also have a significant impact on meeting federal certification requirements.

MACRA: purposes, structures, conditions

In 2016 Medicare Access and CHIP (Children’s Health Insurance Program) Reauthorization Act replaced Meaningful Use, however, most MU requirements still apply. MACRA determines ways to pay physicians for caring for Medicare beneficiaries and establishes funding for technical assistance for providers.

There are two ways to take part in the MACRA program: Merit-based Incentive Payment System (MIPS) and Advanced Alternative Payment Models (APMs). Both require physicians to use certified EHR technology as well as EHR vendors to supply with standardized software.

mips vs apms Source:

Thus, an eligible clinician is required to use a certified EHR if they are seeking to obtain the bonus. Providers may submit their MIPS data using their EHR either directly or through a third party, such as EHR vendor.

2019 marks the third year of the Merit-Based Incentive Payment System, and the requirements are definitely ramping up and posing more of a challenge. However, MIPS is nothing to be too scared of - as long as the practice has the right technology to streamline MIPS data collection and submission.

2018 mips Source:

ONC certification program: key principles

The Office of the National Coordinator for Health IT (ONC) has established a voluntary program for the certification of health IT standards. The program also regulates implementation specifications and certification criteria adopted by the HHS Secretary.

The ONC Certification Program is based on the principles of the International Standards Organization (ISO) and International Electrotechnical Commission (IEC) framework.

ONC certification program Source:

In order to capture and share patient data efficiently, providers need an EHR that stores information in a structured format. Well-designed data allows patient files to be easily retrieved and transferred, as well as enables providers to use the system in ways that can aid patient care.

An EHR vendor who maintained ONC certification process and required EHR-based data submission has to meet the submission requirements. They are established by CMS for all MIPS categories in order to support eligible clinicians participating in MIPS. Healthcare providers, in turn, may feel overwhelmed as they choose not only which MIPS measures to report on, but how to report them. While MIPS attestation flexibilities create challenges for EHR vendors, providers should still turn to their systems for advice on which MIPS quality measures to select.

‘Providers are going to facing challenges because they are putting so many options in front of them. It seems very nice, but it’s going to be more difficult for them to understand which option is the best option for them.’

Selecting measures already supported by an EHR system or dashboard will help eligible clinicians to predict their payment adjustments based on their performance as well as refocus their attention on patient care, rather than quality reporting.

‘Now some of the EHRs and the dashboards show which measures the providers are doing better on. We do recommend them to stay with that selection. Select the top six that they’re doing much better and don’t forget about outcome measures and high-priority ones.’

Moreover, EHR providers may find it harder to act as a partner for their customers as they strive for quality improvement.

In this regard, the final rules seek to introduce a more flexible certification program that supports developer innovations, opens new market opportunities, and supplies healthcare providers with a broader range of electronic HIE options. However, EHR vendors are concerned that there are many requirements that are yet to be fully vetted by the industry.

‘We will certainly meet all the demands for industry regulation and do what is necessary. But, the certification process will pose a challenge to smaller vendors because what they put in the certification rule is very large and the technology demands are immense.’
Joe Wall, Manager Interoperability Strategy, Certification and Health IT Policy at MEDITECH

What are the health IT certification criteria

Certification of an EHR system ensures it offers the necessary technological capability and functionality to help users meet the MU objectives. Healthcare providers and patients must also be confident that the product they use is secure, respects the confidentiality of any info received and can share data with other systems.

The 2015 Edition Health IT Certification Criteria addresses past rulemakings and extends into 2018 and following years. The 2015 Edition final rule supports patient care, their participation in care delivery, and electronic exchange of interoperable health information.

health IT certification criteria

EHRs have a ton of data that has to be recorded and stored in accordance with the law. Information is said to be structured when it’s easy to view online, edit, and import into other software. This is also known as “interoperability”. Thus, CEHRTs are obliged to store records that patients can browse, download, modify, and share with other healthcare professionals.

CMS refers to EHR-stored info as Common Clinical Data Set (CCD). According to the ONC Health IT, all providers using a 2015 ONC edition CEHRT should be able to send the following CCD about a patient:

ccd about a patient Source:

CMS notes that EHR technology must be able to electronically receive and transmit transitions of care summaries according to the Applicability Statement for Secure Health Transport. EHR technology developers are also able to seek certification to two optional transport standards:

transport standards Source:

What are the interoperability standarts

As defined by HIMSS, healthcare interoperability describes the extent to which systems and devices can exchange data, and interpret that shared files.

‘If a project requires two different systems to talk to each other, they're may not interoperable. Eventually having a standard isn’t the issue. The issue is the lack of control organizations have over what goes into the transport mechanism.’
Brian Lancaster, Nebraska Medicine Vice President of IT

Created by the HL7 organization, Fast Healthcare Interoperability Resource (FHIR) is a draft standard defining data formats and APIs for exchanging EHRs. FHIR uses modern web-based technologies, like a HTTP-based RESTful protocol, HTML, and Cascading Style Sheets (for user interface integration), JSON/XML (for data representation), and Atom (for results). This standard was supported at an American Medical Informatics Association meeting by industry-successful companies like Cerner.

‘FHIR uses the exact same technology as does Google. When you ask for the five best restaurants in Baltimore, there's not a database of restaurants in Baltimore. Google goes out and looks for that query on the web, albeit with a rather exotic algorithm to find those things, and assembles that information for you.’
Charles Jaffe, MD, PhD, HL7 CEO

Digital Imaging and Communications in Medicine (DICOM) is most commonly used for storing and transmitting medical pictures. The standard enables integrating healthcare imaging devices like scanners, workstations, and picture archiving communication systems (PACS) from multiple vendors. However, DICOM files can be exchanged between parties that are capable of receiving data in DICOM format.

The ONC for Health IT included Consolidated Clinical Document Architecture (C-CDA) in its 2014 and 2015 Edition certification criteria. C-CDA is an XML-based markup standard that encodes and structure clinical documents for exchange. Additionally, it allows for a non-XML body (e.g. pdf, Word, jpg) for simple implementation.  This standard can contain any type of clinical content that would be included in a patient’s medical record.

interoperability roadmap Source:

What are the consequences of ignoring EHR certification requirements

Over the past year, the US administration has become increasingly concerned with the risk of improper incentive payments under the programs. In June 2017, the HHS Office of Inspector General (OIG) reported that $729.4 million were tied up with EHR incentive payments. However, it was found that the software did not comply with federal requirements. The OIG’s review covered EHR incentive payments amounting over $6.094 billion that Medicare provided to 250.470 eligible professionals from 2001 to 2014.

Following the report, the OIG decided to initiate a nationwide review of Medicare EHR incentive payments. In the same year, they announced the first False Claims Act settlement with EHR vendor for misrepresenting their ability to meet certification standards, however, have received incentive payments.

‘Every day, millions of Americans rely on the accuracy of their electronic health records to record and transmit their vital health information. This resolution is a testament to our deep commitment to public health and our determination to hold accountable those whose conduct results in improper payments by the federal government.’
Chad A. Readler, Acting Assistant Attorney General of the Justice Department’s Civil Division

The first case was the one where eClinicalWorks paid $155 million to settle charges of not meeting all the government requirements. The company was alleged to inappropriately test their software and to ignore data portability as well as reliable record laboratory and diagnostic imaging orders.

On 12 December 2017, 21st Century Oncology was forced to pay $26 million. The vendor resolved allegations that they made false certifications regarding the capabilities of their EHR software.

‘This settlement represents our office’s continued commitment to ensuring compliance with important federal health care laws. We appreciate that 21st Century Oncology self-reported a major fraud affecting Medicare, and we are also pleased that the company has agreed to accept financial responsibility for past compliance failures.’
Stephen Muldrow, Acting U.S. Attorney of the Middle District of Florida

The aforementioned cases reflect the US government's aggressive efforts to uncover and prosecute unfair practices related to the ever expanding use/development of EHR technology.

What are the security measures EHR developers must take

Due to the sensitive nature of the information included in a patient’s EHR, several security safeguards have been introduced through the HIPAA and the HITECH Act. The HIPAA privacy and security rules apply to any organization that has access to PHI. They also include business associates, such as banks, billing firms, and software companies.

The HIPAA Security Rule requires maintaining reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.

We are experienced in HIPAA-compliant app development and ready to serve you. Contact us for a free quote.

privacy and security Source:

Features like secure messaging, end-user device encryption, and automatically logging users out after a period of inactivity help create a more secure EHR.

What does GDPR have to do with EHR

The General Data Protection Regulation (GDPR) is an extensive new law coordinating the collection and use of personal data in the EU, which came into effect on May 25, 2018.

GDPR is concerned with all kinds of personal info relating to an identifiable individual. This could include names, addresses, contact details or demographic info. The Regulation applies to any organization/person with a European presence, or which deals with the individuals’ data within the EU.

The Regulation concerns the private and public healthcare sectors. Healthcare providers must ensure they comply with the requirements and demonstrate that they are protecting their patients’ data adequately. Any healthcare organization has to verify patients’ identities and create a system to erase or rectify their information.

Do you need to be GDPR compliant? Read the following articles to stay on top!

Where to host your EHR/EMR software?

As a healthcare provider, whether you decided to buy new off-the-shelf (“out-of-the-box”) EHR/EMR or to build out your own EHR/EMR system, you probably understand that this type of software cannot be used without hardware to storage your medical data. Organizations need to ensure their data is stored securely and is accessible to protect patient data. Clinicians must have access to data where and when they need it for a successful data storage option. There are three healthcare data storage options: on-premise, cloud and hybrid data storage. discussed the benefits and drawbacks of different storage options.

On-premise storage:

  • Healthcare organizations are more likely to lean toward on-premise storage than other industries because the control they have over an environment kept in-house. Hospitals tend to want to build their own datacenters. Uptime is super important in healthcare; you can’t afford to have these systems go down.
  • On-premise storage does not require a wireless internet connection to retrieve clinical data, making it considerable less risky. Due to the nature of healthcare data, organizations want to deploy the storage solution they feel is the most secure, which is often the solution they have the most control over.
  • Servers hosted on-premise are costly because of the resources they require to maintain. Healthcare organizations have to find the physical space within the organization to host the servers. Cooling costs are also a big expense required to ensure the servers do not malfunction. Besides, Rack servers don’t take up as much space or require the same cooling energy costs, which makes them ideal for smaller organizations that want to host their datacenter on premise but don’t have much space or resources.

Cloud storage:

  • Cloud data storage also saves organizations money by allowing them to purchase more storage space as needed, rather than investing in additional on-premise servers.
  • Cloud is becoming the preferred choice for healthcare back-office applications, backup and disaster recovery, revenue cycle management and patient engagement. Advantages of the cloud can also include cost savings, scalability, speed, freed up internal storage, a mobilized workforce, and improved user applications.
  • The most prominent concern organizations have when moving to the cloud is the lack of control over where the data lives. Organizations can choose between public and private hosting services. While private cloud options give entities more control, they still do not offer the same level of control as on-premise servers. Private clouds give IT administrators more control over the storage environment, but deploying a private cloud can be costly because of the expert staff required. While most cloud vendors are upfront about their HIPAA compliance, organizations are still concerned about ensuring patient data is completely protected in the cloud. 
  • Leveraging a public cloud can potentially save organizations a significant amount of money on storage by removing the need to maintain an on-premise environment.  
  • The public cloud is useful for developing new applications because of the flexibility it offers during the building and testing process, he added. Once the application is tested, it can be moved to the on-premises data center or a private cloud hosted on site if the organization does not wish to keep the public cloud.
  • Entities may also use multiple cloud vendors and service models to host different parts of their datacenters or multi-cloud storagemodels to perform different tasks. Multi-cloud data storage also uses different cloud service models or providers for data because different clouds are better suited for different tasks.

“If I'm going to use a public cloud like AWS or Azure software and get those on an expense basis, I must predict what that's going to be every month. That means my operational expenditures are going to go up, and that's not good. The challenges of correctly sizing what we have in our private cloud and then managing what parts to put in public cloud and how much public cloud space we’ll need is an architectural challenge. Anytime anyone needs an environment, resource, or an IT service, it's now automated and it can be deployed. Right now, we're a private cloud, so it's on-premises, but it's deployed using virtualization technology.”
 Brian Lancaster, Nebraska Medicine Vice President of IT

“We had several thousand servers, both physical and virtual. Some of them were running Windows 2000, Windows 2003. They were old and susceptible to threats and unable to be patched. We virtualized all those old physical servers and upgraded them. Now I can recommission those in a very easy way to have a warm standby. It helps with our backup and recovery and our disaster recovery, as well.”
 Tom Hull, CTO, Moffitt Cancer Center

Hybrid data storage:

  • With hybrid data storage model entities don’t need to choose between on-premise or cloud storage deployments. Instead, organizations may choose to store more bandwidth intensive data, such as images, on an on-premise server so they can be accessed quickly.
  • Hybrid solutions are important for data backup and recovery. Many cloud data storage solutions offer backup and recovery services which can also duplicate on-premise data into the cloud so in the event of a disaster where the on-premise server is compromised, the data is not lost.

Frequently Asked Questions

New EHR: a module/plug-in or a self-contained program/app?

Whether my EHR startup would be better suited to be approached as developing it as a "module" or a "plug-in" to be marketed/sold to existing EHRs or continue with the idea of it being a self-contained program/app?

Both of these options make sense and have their advantages. Generally, it depends on your business objective and the amount of investment you can raise for the project development and marketing/sales.

Possible versions: V.1; V.2; V.3; V.4

  • V.1 Web app (Case Form) based on front-end (without back-end and database).
  • V.2 Web app (Case Form) based on back-end/front-end and database, case management.
  • V.3 Web app (Case Form) based on back-end/front-end, case management, patient management.
  • V.4 Web app (Case Form) based on back-end/front-end, case management, patient management, DropLists management, user/doctor management, role/permission management, HIPAA/GDPR compliance.

Module/Plug-in option:

  1. It is cheaper and faster to develop. A minimal prototype is enough to start offering it as a module for other EHR system owners. Choosing this option, you save time because do not need to develop many features that the other EHR has already built-in and can be borrowed later on. V.1 of our plan (or preferably V.2) can be enough for you to start the negotiation with potential buyers.
  2. You can start getting ROI faster with less investment. However, you can earn less by selling it as a module in comparison with a self-contained program.
  3. The prototype will need to be further developed/adjusted to be integrated into other systems. More likely that should be at the expense of the party who buys the module. Belitsoft can help with integration.

Self-contained Program/App:

  1. More time and investments needed before getting ROI:
  • V.2 (minimum) or V.3 (optimal) in case one doctor will use the system.
  • V.4 in case there will be many doctors (e.g. a hospital).
  1. When the project is completed you can benefit from that in the following ways:
  • Make it work as a SaaS and sell licenses.
  • Sell the business to a new owner or another EHR. Nowadays we observe high demand for mental health solutions. In addition to the development you need take into account sales/marketing efforts.

We can help you to start with a small V.1 project which can help you raise funds from investors/partners for next versions.

EHR development team: EHR Business Analyst, UI/UX designer, DevOps, BackEnd developers, FrontEnd developers, Manual Testers, and Project manager/Team Lead.

How to Protect Your Custom EHR

If an outsourcing vendor cannot be trusted to protect trade secrets, then the risks of outsourcing custom EHR development may outweigh its potential benefits. You need to address this concern before bringing your EHR project to life.

 “My idea is brilliant, but what is there to stop them from seeing my concept as a lucrative idea, but saying to me 'hey, sorry, but we're not interested' and moving forward with the idea themselves?!' Meanwhile, they have my product in their hands and can tweak it a bit and 'make it their own'. I'll be left with nothing…”

Belitsoft is a business with 15 years of experience in the global market. Dozens of startups and enterprises come to us with innovative ideas every month. We value our reputation highly and would not sacrifice it for the sake of short-term gain. 

You can see selected testimonials of our big and small clients along with other independent reviews they keep giving us. These include healthcare companies and startups who trusted us to work with their highly secure solutions

We sign an NDA before clients share information with us. You can also check out our  intellectual property protection policy.

Sharing is caring!

Written by
Alex is a Deputy Business Development Director at Belitsoft
I am a customer’s advocate and an expert in Healthcare IT.
13 reviews

Rate this article

Let's Talk Business

Do you have a software development project to implement? We have people to work on it.

We will be glad to answer all your questions as well as estimate any project of yours.

Use the form below to describe the project and we will get in touch with you within 1 business day.

Contact form
* Maximum file size is 20MB
to top