Managing Legacy Data after Billing System or EMR Replacement
When a medical practice replaces its billing system or electronic medical record (EMR), it is at risk. The risk lies in how legacy patient data from the retired system is handled. While it is common for demographics and other basic key data points to be converted to a new system, complexity and cost often prohibit line item detail from migrating. That leaves protected health information (PHI) in the legacy system, and, therein lies the risk.
PHI, by definition of the United States Department of Health & Human Services, includes “any individually identifiable health information about health status, provision of health care, or payment for health care that can be linked to a specific individual in any form or media.” Practices replacing a billing system often don’t consider fully adjudicated financial history to be a necessary component to keep, however, in the context of the definition above, it is considered a part of the legal medical record and should be secured along with other historical clinical narrative. The question is: where should it be stored for the duration of time required?
Compliance with record retention regulations requires HIPAA-compliant medical data storage ranging anywhere from seven to 25 years based on medical specialty or state mandate. That’s a long time to keep the replaced billing system or EMR running in tandem with the new system – especially if there happens to be more than one legacy system. Servers age. Software applications must be maintained with the latest upgrades. Users who know how to navigate the old system may leave the practice for a new job. For these and other reasons, the legacy system poses technical risk for the practice, not to mention cost and labor burden. Should release of information be required to fulfill a request from a patient, lawyer, employer, payer or auditor; the patient clinical and financial history must be secure, accessible, discoverable and easy to share in a HIPAA-compliant format.
To avoid risk and to be compliant with record retention mandates, legacy system decommissioning and data archival are important components of any system replacement. Affordable yet secure solutions exist for practices of any size to extract data from a retired application and migrate it into an electronic archive. This transition of PHI from a full production system into a more static yet HIPAA-compliant, browser-based relational database allows the practice to
- stop paying software maintenance to the legacy vendor
- remove the aging server from its technical infrastructure
- ensure that historical records are consolidated and accessible in a viewer that is easily accessible over time as employees come and go
- comply with record retention regulations
As the volume of healthcare data continues to grow exponentially for our nation, it may be time for your practice to eliminate its risk of keeping a legacy system up and running in read-only format. Secure, compliant, long-term PHI storage is not only the right solution for your practice – it’s the right solution for your patients as well. Protect their clinical and financial care stories.
# # #
