Gail D. Sausser

To improve clinical quality, hospitals need to ensure that medical practitioners can remotely access hospital patient records, critical pathways, and clinical outcomes tracking.

Of course, such capabilities also present an enormous challenge for maintaining privacy and security.

The good news? Many hospitals are finding that "thin" web-based solutions, applied through portable devices that are used for access rather than storage, can provide a certain degree of harmony between these frequently conflicting needs.

The term "thin" indicates that these devices do not store large applications of data, unlike a "fat" personal computer (PC). Instead, the devices, which sometimes are handheld, communicate with the data held in the hospital's central hardware applications. The central applications provide security by controlling users access to the data. 


Among the benefits of today's thin web-based solutions are cost, heightened information control, mobile access, regional connectivity, and maintenance of data integrity.

Cost. Running cables and loading and unloading applications from individual PC stations and devices is expensive. Thin wireless systems have become necessary to reduce costs in hardware and software maintenance.

Heightened information control. Organizations retain greater control over their information by bringing users into an area with centrally managed data over the Internet, rather than disseminating the data and making recipients promise not to misuse it.

Mobile access. Although hospitals need to retain control of patient data to ensure privacy and security, they also need to allow access to these data from many locations. A handheld device using wireless technology supports the mobile nature of physician practices without providing memory limitations. Also, the information is secure because web-based systems require users to pass through a security gate before accessing information via the Internet. This security gate can be established with two-factor authentication (token and password), and the transmitted information can be encrypted.

Regional connectivity. Hospitals need to achieve regional connectivity to best serve patients who receive treatment from several providers and physicians who treat patients at several locations. Web-based information systems allow for regional connectivity because information is stored internally, behind the firewall.

Maintenance of data integrity. If a physician misplaces a wireless device, all that is lost is the access mechanism-not control of the data. Should a physician quit, the hospital would not be likly to incur any significant data loss. The hospital need only adjust the access rules for that physician. 

Use of CPOE

One particularly useful application of thin technology is computerized physician order entry (CPOE). CPOE systems connect physicians to vital patient and clinical information and provide a means for information management.

One important reason physicians need access to large volumes of information is to prevent medical errors. In its report To Err Is Human: Building a Safer Health System, the Institute of Medicine suggests that 98,000 deaths annually are caused by hospital errors. Error-based injuries also are common. Each year, 1.3 million injuries occur in hospitals, and between 20 and 70 percent of these injuries are preventable, according to studies in JAMA.

Most of these preventable adverse events occur in the initial physician ordering and the final nurse administration stages of the drug ordering and delivery process (39 percent and 38 percent of preventable adverse events, respectively). Other common causes of medication errors are lack of knowledge about the prescribed drug and lack of information about the patient, such as laboratory results.

A study by Boston-based Brigham and Women's Hospital showed CPOE is able to reduce drug-related preventable adverse events and serious medication errors by 55 percent. These systems enhance clinical quality by: 

  • Giving physicians information about potential doses for each medication
  • Ensuring drug orders are legible
  • Displaying relevant and patient-specific laboratory results
  • Checking for drug-allergy contraindications and drug-drug interactions
  • Providing access to clinical guidelines

CPOE use also can be financially beneficial. Researchers concluded that the CPOE system employed in the Brigham and Women's Hospital study, which included decision support, provided an estimated net savings of $5 million to $10 million per year. This net figure included implementation costs of $1.9 million and yearly maintenance costs of $500,000. 

Why Now?

Interest in thin technologies has grown recently for several reasons.

Information overload. Web-based information systems such as CPOE with clinical guidelines are becoming increasingly necessary as the amount and depth of information needed to respond to patients have increased. Hospitals need to adapt not only to deliver this information to healthcare providers, butalso to help them synthesize this information. As an example, consider the growing number of prescription drugs that have been introduced over the past decade. Modern physicians need to be aware of thousands of potentially adverse interactions that could result from combining these medications-a considerably different responsibility than that faced by physicians in the past. Relying on memory seems reckless in an age when handheld pharmaceutical programs can perform such services for physicians.

Consumer interest in clinical outcomes. Using web-based technology to appropriately track outcome information is becoming increasingly important as well. Consumers are demanding this type of information as they become more involved in selecting their health care. Many U.S. healthcare consumers can obtain voluntarily submitted patient-safety data about the hospitals in their area from the Washington, D.C.-based Leapfrog Group. For hospitals to survive as competitors, they need to be just as capable of tracking and showing positive outcomes as their peers are.

HIPAA. HIPAA's privacy regulations also have provided timely support for the heightened security practices associated with using web-based information systems. Without HIPAA, hospitals would not have had the incentive to give such significant attention to access limitations. Evidence of long-standing practices of dispersing information without regard to security can be seen in the software systems many hospitals currently use. Many current platforms do an insufficient job of providing security, or even providing viable security options. In addition, hospitals traditionally have lacked appropriate staffing to support security measures, such as controlling who can access records, what these access rights should be, and when these access rights should be suspended. HIPAA is the impetus to finally set in place security measures that are necessary to support web-based computer applications.

As these trends continue, the need to convert to a web-based system becomes more pressing. As a practical example, consider patient e-mail. Because there is no industry standard for authenticating users and protecting information as it flows over the Internet, this type of patient communication is highly vulnerable. Most patients use an e-mail system that lacks fundamental security, either based from their homes or from their place of employment (thus, the employer can access the communications). Rather than provide a software system that is secure for every e-mail system potentially used by patients, it is much easier to make the patient go to the hospital's web site and access e-mail through an Internet portal. If sensitive content in the e-mail message lies within the hospital's firewall, the patient's employer or people with access to the patient's personal e-mail cannot access the information. The result is increased security and enhanced customer service. 

Thin Is In

The time for transitioning to thin technologies has arrived. Modern health care demands secure, encrypted wireless access to health information. Systems need to be structured to provide data protection, instant mobile access, and easily accessible clinical information. Physicians as well as patients will insist on these Internet-based environments and the security and clinical quality improvements that result.

Gail D. Sausser, Esq., is a healthcare attorney, in Seattle. Comments or questions about this article can be sent to the author at

Getting the Weight Straight

The following are some general characteristics associated with "thin" and "fat" technology.


  • Data, content, and applications (other than desktop browser) are downloaded from a network.
  • Used at client end of an IT architecture.
  • Access devices tend to be low cost.


  • Processor or "chip" intensive.
  • Used at the client or server end of an IT architecture.
  • High processing power addresses complex, multilayered applications that typically run at the same time.

Publication Date: Tuesday, July 01, 2003

Login Required

If you are an existing member, please log in below. Username and password are required.



Forgot User Name?
Forgot Password?

If you are not an HFMA member and would like to access portions of our content for 30 days, please fill out the following.

First Name:

Last Name:


   Become an HFMA member instead