GP PMS vendors fast approaching a point of security discontinuity

9 minute read


Government requirements for significantly enhanced security and data-sharing capability are driving business challenges for our major GP vendors which will likely flush out as challenges for practices as well.


Best Practice Software, widely believed to have 65-70% share of the GP practice management software market in Australia, has announced that it wants to pursue a more “ambitious” cloud strategy.

The new strategy, to be called Journey to the Cloud, will focus on improving BP’s flagship Best Practice Premier with cloud-based features, enhanced data security, remote access capabilities and “cutting edge innovation”

It’s a sign that all the major GP PMS vendors are fast approaching some major points of business challenge around government’s intent that they should get GPs to the cloud sooner rather than later, for lots of reasons, but first and foremost, for security.

The company says the strategy is based on responses to practice feedback specifically around their needs around cloud functionality and that the changes are “100% driven” by that feedback.

It lists key features of the strategy as:

  • Enabling a remote workforce via the introduction of Best Practice Mobile which is due for launch in July this year;
  • Introducing secure and centralised data hosting in a “unified cloud environment, compliant with new regulatory standards”;
  • Innovating and expanding on the existing platform with enhanced cloud-based features and modules targeted at improving practice performance.

Until now Best Practice Premier had a cloud strategy that largely involved leaving the original “on premise” core code base in place and creating dynamic cloud links into that core module via an FHIR-based interoperability layer.

That layer uses cloud middleware group Halo Connect to make the connection to other cloud applications wanting to talk to BP Premier on premise in real-time via the cloud.

Such a set-up enables real-time data integration without the need for a full data migration of all the data on an on-premise instance of the software.

But government plans around data security in healthcare have very clearly indicated that healthcare data sitting on isolated “on-premise” GP practice servers around the country will not be compliant with far tighter cloud-based security protocols at some point in the not-too-distant future.

Although there are lots of other advantages of becoming far more cloud functional, security is the most likely thing driving the country’s biggest PMS vendor to move faster on the ability to host data for its customers far more securely on centralised cloud-based servers.

The crunch point for the crossover for GP practice managers is so far not known, but senior government sources have told TMR that they’d like to be well on the way to making sure data is far more secure via the cloud within two years.

Best Practice chief product and technology officer Danielle Bancroft said the new cloud features for its clients will initially be opt-in “to allow practices time to transition when it suits their business and needs”.

One of those needs might be forced on practice owners by the government within that two-year timeframe: cloud level security to a new set of government mandated standards.

BP Software says that roughly half of their current customer base use a cloud “hosted” version of the application which they describe as a “hybrid” version of the application.

It’s unclear whether the data in all these instances is centralised to one large secure cloud hosting environment of the sort the government is likely to mandate or distributed among corporate customers to local hosting providers each with individual instances of the practice databases.

Regardless, with at least half their clients with all their data still formally “on premise” and the other half in a “hybrid” set up spread around the country, as a part of its Journey to the Cloud plan BP Software will likely need to introduce the ability of a all of its practices (“on premise” and “hybrid”) to host most or all of its data off site on a recognised major centralised cloud server set-up.

Although BP’s major competitor MedicalDirector (MD) has a fully cloud-enabled version of its software called Helix with centralised secure cloud hosting, not many practices have adopted Helix.

The effort to transition a large proportion of its clients from its old premise version to Helix is likely to be as big or bigger than BP having to transition their clients to a secure centralised cloud set up.

This means both major vendors are facing potentially business discontinuity challenges all of which could flush out to their client base, depending on how they manage the migrations on upgrading their clients to what the government is likely to require, which might end up with most practice owners being affected through the process in some way.

Notably so far the federal government has not indicated it will help each vendor fund what looks like some quite expensive development, which sometimes they do, and which would flow through as a benefit to the GP sector if they did.

ZedMed — a daylight to third GP PMS vendor – claims to have a cloud version of its software but it is unknown how many of its clients are on the cloud truly or using the old “on-premise” version.

The only other key vendor in market for GPs is MediRecords, which is a ground-up fully functional GP cloud application.

Anyone using MediRecords has already passed any security and cloud hosting benchmark the government will be able to come up with – one of its biggest clients is defence, so security and cloud are central to its story.

But MediRecords has another problem altogether in market.

While its system underpins many emerging virtual care providers, who have acquired the platform mainly for the ability to be highly flexible and mobile, and a newly developed virtual and on-premise healthcare system for the entire defence force (JP2060), it has only a very small share of the bricks-and-mortar GP market.

A part of why this has come to pass is that GPs have been very reluctant to change their software over the years to use a cloud architected PMS.

There have been a few reasons for this:

  • GPs have been reluctant to change from using the familiar user interface of MD and BP;
  • BP and MD spent years developing a significant number of useful integrations to their core billing and prescribing systems for their on-premise platforms which MediRecords has not been able to match. This has made MediRecords in some respects not as functional for the average GP, at least in the past;
  • GP owners don’t like the expense and hassle of changing their PMS overall but with most using on premise systems the decision only comes around for them every 3-5 years (cloud of course never requires hardware upgrade and upgrades in real time, that being one of its advantages).

BP Software remains the significant market leader in providing GPs with a PMS solution, and likely, it will continue to do so given its share and GP functionality focus, but especially if it can crack the problem of data security for its “on-premise” customer base in a manner that is reasonably trouble free and not too expensive.

But it is going to need to do that before the government starts coming down hard on the need for cloud-level data security across the sector.

Already BP Software has done a lot of work with Halo Connect to enable its application to connect in real time to most of its current integrations over the cloud, which means its software should be much more able to share data in real time, and be more interoperable overall.

It might also mean easier migration of on-site data at some point to a cloud server.

But you can probably expect MediRecords, as an existing platform that is already fully centralised on the cloud and which now suits the modern security and architecture being considered by government as required, to be asking some GP practices to reconsider its platform, and MedicalDirector to be rolling out a way that its customers might be able to smoothly transition to its cloud version Helix.

Practice managers around the country will need to be asking a lot of questions of all the above vendors over the next few months, especially if their PMS system is getting old and tired and they still manage their own hardware:

  • What are the likely requirements that the federal government will eventually impose on us in terms of data security?
  • What is your solution for us in this respect?
  • How long do we have?
  • How long before you are ready with a solution and how much is that going to cost?

The initial phase of the BP Journey to the Cloud rollout will begin with the launch of Best Practice Mobile in July 2025. BP says that that this initiative will allow practitioners to access the software back at their practice from anywhere.

BP Mobile, says the company, gives GPs secure remote access to core practice data in real-time; like their appointment book, patient records, prescribing, consult, diagnosis and the ability to upload clinical images on the go.

“It’s designed for flexibility and speed, particularly when clinicians are off-site or need quick access between consults,” said a company spokesperson.

“Additional features that will be included are referrals, scribe, telehealth, billing, imaging and pathology, care plans, immunisation and digital payments.

BP Mobile basic is available for free to all BP’s GP customers while standard and premium options will be an additional charge. BP Mobile leverages secure standards based FHIR integration to existing BP Premier instances.

Best Practice will not be forcing a centralised model overnight, said the spokesperson.

“Practices opt in when it suits them.

“That said, over the next two to three years, we anticipate a growing majority of practices will move toward secure cloud hosting through our managed environment; mainly for the benefits in performance, compliance, and remote access.

“But there’s no hard cutover date. We’re deliberately taking a gradual, low-disruption approach. During this time the front end of BP Premier will incrementally change in place to become Omni, making the change much more tailored and considered by prioritising our customers’ needs.”

Jeremy Knibbs is a non executive director of MediRecords.

End of content

No more pages to load

Log In Register ×