Chromebook in a solo medical practice

Turns out that the Google Chromebook is fantastic for a small medical practice. Here’s why:

1) Chromebook hard drives are encrypted by default. This may limit your HIPAA liability in the event of a Chromebook with PHI on it being lost/stolen. (Here’s an explanation why.)

2) It’s really hard to do anything locally on the computer, since you can’t actually run any software locally. Therefore, you’re pretty unlikely to save an Excel file containing millions of rows of customer data on a Chromebook. Instead, everything is typically saved in the “Cloud”.

3) The “Cloud” can be HIPAA compliant! Specifically, Google Apps for Business is HIPAA compliant if you sign a BAA with them. Details are here. So, you can save your PHI in Google Drive — which is exactly how the Chromebook is intended to function (everything in the cloud).

4) Chromebooks protect against Malware and fraudulent operating system changes far better than either Windows or Mac OS. Not to trust Google blindly, but here is a description of what they do automatically.

5) You can buy a ton of them very cheaply to put them all over your outpatient clinic (in every patient room, for the receptionist, etc…). A Chromebook is around $200, as opposed to the ~$600-1000 you’d expect to pay for a thick laptop. Since they automatically-update to the latest OS patch, you don’t need to worry about paying an IT person frequently to keep everything kosher.

Notes:

1) Remember to turn on “Require password from sleep” for safety.

2) Only use trusted wifi networks with strong passwords, etc. Try to use a trusted VPN if possible. One hospital reported only allowing folks to use cellular 3G data in order to avoid needing to audit all the wireless (wifi) networks they had running…

5 Comments

  • Chester
    February 19, 2014 - 4:34 pm | Permalink

    Good points! Question though, which chrome apps do you recommend for solo medical practice management? Patient records, appointments, billing, etc.

  • Chris
    February 19, 2014 - 7:13 pm | Permalink

    Well, I’m not the best situated to advise on this — the practice I’m helping is primarily inpatient and using hospital-provided systems. So the Chromebooks and solo practice tools we are using aren’t industrial strength.

    For example: scheduling = Google Calendar (which is HIPAA compliant if you use Google Apps for Business and sign a BAA). Patient records = Practice Fusion (free, but ad supported — fine for a small volume of patients).

    Billing we have contracted out to a local third party vendor that charges a <10% fee of billings.

    Since Google Calendar and Practice Fusion are websites, you can just use regular old Chrome to access them… The only system which is challenging is using the Chromebook to access the hospital EHRs — it's not yet compatible for the particular flavor of VMWare and Citrix that the hospital supports right now. Once the hospital upgrades, the Chromebook should magically start working to remote desktop in. Hope that helped.

  • Chester
    February 26, 2014 - 6:50 pm | Permalink

    Thanks for your tips! I investigated the matter some more and you’re right about all of that. There’s not much in terms of chrome apps for EMR but plenty of web based EMR and billing. I queried a few of the companies about their compatibility with Chromebook / ChromeOS and they are very confident about the compatibility. The advantages in security, cost and management of a chromebook are quite appealing.

  • October 21, 2014 - 6:37 pm | Permalink

    But what about printing? My impression is that ChromeBooks require the use of Google Cloud Print, even for local printers, and Google Cloud Print is not one of the Google services covered by their HIPAA BAA. So I don’t see how to comply with HIPAA and print anything, whether from Google Drive or any of the cloud-based EHR/PMS systems. Am I missing something?

  • Gray
    November 29, 2014 - 12:09 am | Permalink

    I’d like to know about the Google Cloud Print and HIPAA as well. I bought a Chromebook to use in the reception area (for self-service checkin) – and hoped I could use it with the web-based EMR, etc. But I could not find any evidence that Google Cloud print was HIPAA compliant. Is it?

  • Leave a Reply

    Your email address will not be published. Required fields are marked *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>