Complying with HIPAA Record Retention Mandates can be a costly and time-consuming endeavor for many medical practices. I recently had the privilege of interviewing Rick Adams, of Health Data Archiver, who has an innovative solution that not only converts patient data to a new system but can also archive patient information while reducing the cost of keeping old data and the risk of losing it. You can listen to the interview I did with Rick on Blog Talk Radio, just click here. The following is a guest blog post that outlines the basics of the Health Data Archiver solution.
System Replacements Are On the Rise
A recent study from Software Advice* indicates that over 30% of electronic health record (EHR) sales in 2013 replaced an existing EHR implementation. While the main driver for EHR replacement is dissatisfaction with a current application, other top reasons include the desire to move to a fully integrated system as well as the need to replace an old or unsupported system.
Data Conversions from Old Systems to New are Costly and Complex
There is a general misperception that a conversion from one system to another brings over all of the historical patient data. Typically, however, only patient demographics and critical clinical data points are converted to a new EHR. In the case of financial system conversions, account balances may convert but line item detail typically does not. For 95% of the time, the complexity of fully and precisely mapping data from one software schema to another is cost prohibitive.
So, What about the REST of the Data?
When a full system-wide conversion is not conducted, there is plenty of protected health information, or PHI, left behind in the old system. A few examples include clinical and collection notes; diagnosis, procedure, financial and appointment history; scanned images and documents – all information that, collectively, makes up the full history of the patient record.
And Then, There Were Two (Systems, That Is)
As a result, many practices leave the old system up and running to access historical records for patient and legal inquiries as well as audits. But, running two systems doubles the maintenance cost, technical risk and labor burden. Considering that HIPAA requires patient data to be retained anywhere from 7-10 years past the date of last procedure (and, in some cases, even longer), keeping that old system up in read-only format becomes costly.
Archiving Legacy Patient Data to Comply with Record Retention Mandates and Reduce Cost/Risk
Archiving an old clinical or financial system is a simple and affordable way for practices to comply with retention mandates while also eliminating the legacy system maintenance burden. The cost of an archive is typically less than what a practice would pay to maintain a legacy system for 18-24 months. The process entails extracting data from the old system and migrating it to an archive that allows for searches on historical patient records by name, date of birth and social security number. This takes the data out of an old production system and into a secure, browser-based viewer that can be easily accessed from the new EHR when needed.
Health Data Archiver as a Solution
Harmony Healthcare IT, a technology firm out of South Bend, IN, offers Health Data Archiver, the leading solution for archiving legacy ambulatory systems. For more information, call them at (800) 781-1044, or, visit their website at www.healthdataarchiver.com.
Today is the beginning of the 90-day attestation period for Meaningful Use in 2013 which can be reported by February of 2014. Are you ready? If you are an eligible medical provider, you could qualify for incentive payments for Meaningful Use but not if you miss the deadline. To get started, I’ve put together a couple of tips that will help you achieve this goal.
Start reviewing your data now.
Make sure you have your MU Core and Menu data collecting correctly by reviewing your dashboards for Numerators and Denominators that meet the criteria for attestation.
Review your dashboards for clinical quality measures for reporting.
Everyone I work with knows that I am continually reminding anyone who has or is attesting to Meaningful Use that you can’t just attest that you’ve met the criteria of each measure – you must actually do what you say you’ve done – and most importantly be able to prove that you have met that criteria. To that end, here are some facts you’ll want to consider. You may have seen these warnings from me before but they are worth repeating.
If you’re attesting to Meaningful Use Core Measure #15 – Conduct a Security Risk Assessment on your EHR system – you must actually complete the Security Risk Assessment. If you haven’t completed it, then DO NOT attest.
It’s not enough to just conduct the Security Risk Assessment; you must also identify potential risks and create a plan for mitigating those risks.
Addressing risks is not a ”one time and you’re done” project. It is an evergreen project. You must continually assess your EHR and systems that use or access ePHI to identify potential future points of risk. Have a plan in place for continuous review, maintenance and corrective action.
Have your Security Risk findings been incorporated into your HIPAA Compliance Manual? If not, then the intent of Core Measure #15 and most importantly the Omnibus Rule, has not been fully completed. Update your policy manual with your Security Risk Assessment findings and corrective actions. Be sure to include in your plan a continuous review timeframe. A fully documented HIPAA Security Compliance Manual is one of your best defenses in the event of an audit. A fully documented compliance manual addresses both HIPAA Privacy and HIPAA Security Policies and Procedures.
Finally, DO NOT attest (Did I say that already?) if you haven’t conducted a thorough and effective Security Risk Assessment and gone the extra steps to incorporate the findings into your policies. Plain and simple. You could be committing fraud and open your practice to potential corrective action costs and/or fines. Click here for Security Checklist.
As always, I am available to help you check this list of Meaningful Use attestation criteria off your list of things to do. Check out the links to helpful resources that I’ve included above and for more personalized help, you can contact me at email@example.com .
Dike Drummond, MD knows a lot about physician burnout. He was at one time a victim of its effects and left his successful medical practice to find the answers to this common malady in the healthcare profession. Listen to this podcast as Dr. Drummond, aka “The Happy MD”, shares his insight and tips into managing the unique stresses built in to practicing medicine in our modern world.
By now, everyone working in the healthcare industry knows that the Affordable Care Act has created a new economy for medical practices – reduced reimbursements which created a need for revenue-generating programs to keep the small, independent practice in business. I’ve covered quite a few ideas on my blog and in my radio show. For your convenience, I’ve listed them at the end of my blog post but before we get to that, I’d like to introduce you to my colleague, Pat Berline, who saw this need for more revenue generating programs in healthcare a few years ago and found […]