Data archiving is not the same as a data backup. Backups are intended to restore an existing system in a disaster recovery or business continuity scenario. Inherently they assume the system in question still exists, but has experienced some kind of fault, failure, or outage, and thus needs to be restored to working order. Archiving, in contrast, assumes that the system in question no longer exists and doesn’t need to. Instead, a healthcare data archive houses the underlying information from the particular system or systems in a unified, centralized, and easy to use archiving application without relying on the original system’s existence.
The healthcare industry is presented with a unique set of challenges when it comes to records management. Not only must an organization adhere to retention regulations regarding internal records, such as employee information and tax statements, but also must manage PHI records, leaving your organization responsible for the security — and compliance — of individuals’ records.
Fines for a single HIPAA violation related to PHI can be up to $50,000 per patient. Advocate Health System in Downers Grove, Ill. paid $5.5 million in fines for a PHI breach. New York Presbyterian Hospital and Columbia University paid $4.8 million for the same PHI violations. As well, Triple-S in San Juan, Puerto Rico, and University of Mississippi Medical Center in Jackson, Mississippi each settled for over $2.75 million for HIPAA violations.
In addition to these federal fines, record retention rates of internal PHI as well as medical records vary from state to state. In Georgia, hospitals are required to retain PHI records for 5 years after discharge, but in Massachusetts, hospitals are liable for PHI records for 30 years after discharge. Read up on your state’s protocols to ensure your hospital is compliant both with federal standards and your state’s standards.
Ensure that PHI is backed up, not only for the well-being of your organization, but in order to meet state standards. Develop a comprehensive disaster plan for data security and data recovery in times of natural disaster, power outages, or other emergency scenarios.
Many patients have been in the healthcare system longer than electronic PHI data has been around. Make sure you invest in a system that can handle the disparity of systems being used across your enterprise. Likewise, invest in a system that can adapt to ever-evolving technology. Electronic records created in 1991 will be formatted very differently than records created in 2021. Find a system that can not only handle software conversion, but can also ensure that data is always accessible and readable, no matter what software update comes along.
The purpose of providing PHI electronically is to make patient information available throughout the organization in order to improve the patient experience and overall outcomes. Many staff members will need access, but not every employee will require the same amount of access — or have the same level of technological skill. Find a system that can be designed for user-level access and user-level competency.
● Is your organization ready to take the next step towards managing PHI?
● Do you have a certified records manager (CRM) on staff? If you have multiple locations, do you have multiple CRM’s?
● How much server space do you have? Do you have cloud storage? Is your data available everywhere, to all staff members who require access?
● Could a third party vendor be your best solution?
Employing a third party vendor alleviates many of the headaches that come along with HIPAA compliance and records management. This allows hospital CIOs and other executive staff members to continue to focus on quality of care and cost savings instead of navigating the complex system of data management. But how do you select a third party vendor who specializes in PHI?
1. Find a vendor who has a good understanding of the healthcare landscape and a proven track record of handling patient records safely and to HIPAA standards.
2. Focus on companies who value learning, both inside their organization and for their clients. Is the company continually training their own staff and ensuring they have the proper certifications across their organization? Will their company train your staff on how to use their software?
3. Find a vendor who understands implementation in terms of workflow. A company who will be there to support for your staff, who will assist with training, and will see you as a partner rather than a transaction.
Two Point Conversions specializes in records management solutions for the healthcare industry. Whether you are updating your system from older software formats, merging different records management systems, or looking to expand and secure your electronic storage, Two Point Conversion is here for you. Security and privacy are a top priority for Two Point Conversions. We live and breathe HIPAA Compliance. Every employee of our company is continually trained in compliance and we are SOC II, Type 2 certified.
We understand workflow and put our customers’ needs first. We are here to support your hospital or practice.