The main arguments of companies offering software for dentistry in the cloud are that they relieve dental practice owners of the obligation to take care of data security, guarantee savings resulting from the lack of need to maintain IT infrastructure and provide access to data anywhere and anytime.

Meanwhile:

1. Cloud solutions are a common target for hacker attacks, and the number of these attacks is constantly growing. In the case of medical records management solutions, storing data in the cloud is even more dangerous because an attack may leak not only sensitive patient data, but also access certificates to the public health systems and passwords for them, if they are stored there. The value of this type of data on the black market is difficult to overestimate, and the potential damage to the office, patients and doctors is huge.
   On the other hand, desktop solutions (e.g. SmartDental) allow for safe, GDPR-compliant storage of sensitive data in your own office - without the need to entrust this data to third parties and without making it available on the Internet, and thus exposing oneself to attacks such as Credential Stuffing, SQL Injection, Cross-Site Scripting (XSS) or Distributed Denial of Service (DDoS).
   
   
2. A dental clinic, sooner or later, will have an IT infrastructure (local server) to handle large files that also comprise medical documentation (CBCT, radiovisiography, DICOM images). The cost of a server is usually equal to just a few monthly subscription fees of a cloud-based dental practice management solution. The local server also allows you to collect and safely store data from the practice management software and other medical data that, due to the size of it, cannot be handled by cloud solutions.
   
   
3. In case of cloud solutions, the cessation of services by the supplier (e.g. as a result of company liquidation or hacker attack) may paralyze the operation of the clinic from one day to the next due to the lack of access to patient medical records and appointments schedule, and may also lead to a complete loss of history of patient treatment. However, in case of on-premise solutions, even in the event of liquidation of the company that built the software, you have the option of continuing to use the software, which gives you time to migrate to a new solution, and you also have a locally stored, complete database.
   
   
4. Some desktop solutions, such as SmartDental, provide dental clinic employees with a safe, encrypted (VPN, SSL) access to the appointments schedule in real time, from anywhere in the world, from iPhone and Android phones, iPad and Android tablets and via a web browser. This solution allows you to remotely manage appointments while maintaining a high level of security by eliminating the need to entrust data to third parties.
   
   
5. Cloud solutions do not free doctors from the obligation to know the principles of safe storage and processing of sensitive data. The application itself is one thing, but proper protection of the computer, unauthorized access and the need to collect data from radiovisiography, CBCT, etc. in the office, or physical security of the office itself is another.
   
   
6. Dental offices, due to the high value of medical devices, are or should be well protected against burglary, fire, etc. Dental offices should also have a room inaccessible to patients, where paper documentation (archive) is still kept. Therefore, there will be a safe place for the server in the office.
   
   
7. Storing data in the office does not significantly increase the demand for electricity or generate a large amount of heat. The cost of a computer that can act as a server is approximately 500$. If such a computer works 24 hours a day, 365 days a year and consumes approximately 30 W of energy, the monthly cost of electricity consumed does not exceed 5$.
   
   
8. In the case of cloud solutions, interruptions in Internet access (router failures, problems with the Internet provider, etc.) may significantly hinder or even prevent the operation of the office, generating high financial and image costs.
   
   
9. Cloud solutions do not always enable integration with peripheral devices, such as a fiscal printer, radiovisiography program, autoclave, label printer or digital signature tablet.
   
   
10. It is also often unclear what happens to patient data when the office resigns from the cloud solution - first of all, all data collected in the cloud remains in the possession of the company implementing a cloud solution, and secondly, there is often no guarantee that this data will be made available for download to the existing customer and simultaneously deleted from the servers.
    
    

The entry of GDPR changed the approach to security. Currently, data security in the office is to be adequate to the threats and, above all, periodically supervised. Data controllers and data processors (employees) must be more aware of what they do with sensitive data of various types. Having software in the cloud does not relieve you from this obligation.

Since some of the data must be collected in the office anyway, a better solution is a stationary program, with possible permanent or periodic care of an IT specialist over the entire infrastructure of the office, or knowledge and compliance with the GDPR rules by Data administrator – appropriate to the size of the office and the scale of threats.