Pulling the Plug
Mar 30, 2014 11:39AM
● By MED Magazine
By Trish Lugtu, MMIC
Meaningful Use incentives have motivated hundreds of software vendors to rush to market to compete for a piece of the health care pie — ready or not. The influx of electronic health record (EHR) systems with varying levels of maturity and cost has created an overwhelming number of options for a market of inexperienced buyers. Complicating matters, providers often choose to pull practice management along in the conversion wake.
And now, with the federal EHR incentive program in its third year, we are bearing witness to a growing number of EHR replacement sales due to unsatisfied providers and EHR vendors’ inability to meet increased certification criteria. In all cases, a certain amount of data transitions from one system to another. And once converted, the old systems are decommissioned.
Whichever scenario applies, consider the following factors before pulling the plug on any legacy system.
Have you analyzed the impact of your new system on your legal health record, i.e., your organization’s official record of health care services delivered for a patient? The legal health record is defined by organizational policy regarding what information may be released upon authorization. If you unplug your legacy system, will you still be able to follow your retention policies and make records available for authorized requests? If you are not converting all data to your new system, how will you make legacy data accessible as needed for the duration of those retention requirements? Remember to assess your policies against the record retention laws set in your state.
If you are converting data, how will you ensure accuracy of the data through the conversion process? Don’t turn off your legacy system until you’ve thoroughly verified conversion results, and remember to document your process.
Not just for EHRs
The designated record set includes both medical and billing records of patients used for access and amendment under the HIPAA Privacy Rule. Records may include enrollment, payment and claims adjudication. Have you analyzed the impact of decommissioning system data on retention requirements for HIPAA, such as accounting of disclosures? What about Medicare and Medicaid retention requirements? Do you have any information requiring retention in support of Medicare or Medicaid inquiries or investigations? When decommissioning technology, be sure to consider all types of information that must be preserved.
Are you under a litigation hold? If so, your organization could receive sanctions if you destroy data before or during litigation. Remember that your systems hold electronically stored information that may be subject to discovery. Be sure to consult with your attorney before decommissioning systems if any litigation is pending.
Lastly, if you store data from your old system, remember that archived data must also be protected. Assess its administrative, physical and technical safeguards during risk analysis. If you are destroying data, remember to consult your security policies and procedures for data destruction and sanitation.
WHAT’S THE DIFFERENCE?
Designated Record Set
- Medical and billing records — including health plan information — used to make decisions about individuals.
- Used to clarify access and amendment standards in the HIPAA Privacy Rule
- Defined in organizational policy and required by HIPAA Privacy Rule
- Supports HIPAA right of access and amendment
Legal Health Record
- Officially declared record of health care services delivered by a provider
- Maintained for regulatory and disclosure purposes
- Defined in organizational policy
- Provides a record of health status and documentation of care for purposes of reimbursement, quality control, research and public health reporting
- Facilitates the legal needs of the organization
Trish Lugtu, BS, CPHIMS, CHP, CHSS is a Research and Development Manager with MMIC in Minneapolis.