Hospital closures are becoming more common as the healthcare industry continues to undergo major changes. Now, many healthcare organizations have more to think about when it comes to health data compliance than ever before. In this blog post, we will discuss several critical considerations for maintaining healthcare data compliance and preparing for hospital closures in 2022.
This discussion includes record retention requirements (both state and federal), accreditation agency record retention requirements, the destruction of PHI, and much more. By preparing for these potential scenarios now, healthcare organizations can avoid a variety of issues, including costly fines and penalties later on.
The Centers for Medicare and Medicaid Services (CMS) has released its annual update to the list of required core measures for the Inpatient Prospective Payment System (IPPS). The new requirements will go into effect on October 01, 2022.
As in past years, the IPPS Final Rule includes a few changes that will have an impact on the way hospitals maintain compliance with health data requirements.
One of the most significant changes for 2022 is the addition of two new required core measures, as outlined in this resource:
To meet these new requirements, hospitals will need to ensure their electronic health record (EHR) systems are able to provide patients with timely access to their health information, even after closing.
Another change for 2022 is the addition of a new optional core measure: Use of Electronic Prescribing for Controlled Substances
Hospitals that choose to report this measure will need to ensure that their EHR systems are able to generate and transmit electronic prescriptions for controlled substances.
In addition to the changes to the core measures, there are also several changes to the Hospital Consumer Assessment of Healthcare Providers and Systems (HCAHPS) survey.
These are just a few of the changes hospitals will need to be aware of as they prepare for 2022. With so many changes on the horizon, it’s more important than ever for hospitals to have a solid compliance plan in place.
Maintaining healthcare data compliance while preparing for hospital closures is largely dependent on record retention. Meeting record retention requirements is always crucial, but preparing for hospital closures brings a few unique challenges to the table.
First among these is maintaining compliance with state and federal regulations. Depending on the state, there may be special record retention requirements for closing hospitals.
Let’s talk more about those state and federal record retention requirements next.
As far as federal retention requirements go for healthcare facilities in the US, the Health Insurance Portability and Accountability Act (HIPAA) is the key legislation to be aware of. Under HIPAA, covered entities must retain PHI for a minimum of six years from the date of its creation or last use.
There are, however, several circumstances that call for a longer retention period. For example, if the information is needed to defend against a legal action brought against the covered entity.
In addition to federal retention requirements, healthcare facilities, closing or not, must also comply with state-specific record retention requirements. These requirements can vary significantly from state to state. As such, it’s important to be familiar with the specific requirements applicable in the state or states where the facility is located.
For example? In California, all records pertaining to patient care must be retained for a minimum of seven years from the date of last use.
See a list of each state’s Minimum Medical Record Retention Periods here.
Along with record retention requirements, there are also accreditation agency record retention requirements that must be followed. These agencies include but aren’t limited to the Joint Commission, Healthcare Facilities Accreditation Program (HFAP), and the Centers for Medicare & Medicaid Services (CMS).
Each of these agencies has different record retention requirements. That’s why it’s important to check with each one to ensure compliance.
Learn more about accreditation agency record retention requirements here.
One of the most critical considerations when preparing for hospital closures is the destruction of PHI (protected health information). In fact, this is one of the most important considerations for maintaining health data compliance for closing hospitals. Federal and state laws have specific requirements relating to the destruction of PHI—they must be followed in order to maintain compliance.
There are two general methods of destroying PHI: physical destruction and shredding. Physical destruction involves completely destroying the physical record. That way, it cannot be reconstructed or read in any way. This can be done by burning, pulverizing, or shredding the records. Shredding is the most common method of destruction for electronic records.
As for destroying electronic PHI, there are a few different methods that can be used. One is to simply delete the files from the system. However, this does not actually destroy the data. Someone with access to the system can still recover it. Another option is using a program to overwrite the data multiple times. This makes it impossible to recover. Last, destruction of the physical memory and hard drives.
To ensure compliance with federal and state laws, it’s important to develop a plan for the destruction of PHI before hospital closure.
This plan should include:
Additionally, the plan should be reviewed and updated regularly. This ensures it remains compliant with ever-changing laws and regulations.
Along with actually destroying PHI, healthcare organizations must also document their destruction. This documentation should include:
Documentation is critical in maintaining health data compliance. If your organization is ever audited, it must be able to show necessary steps were taken to protect patient data – including destroying it properly.
Healthcare organizations are experts at providing healthcare services, delivering care, and managing patients and staff. What often isn’t in an organization’s expertise is maintaining healthcare data compliance in preparation for the facility closing down. But that’s where Two Point comes in. Healthcare data archiving, migration, and compliance are our expertise!
Don’t go into hospital closure without a plan for your healthcare data. Contact Two Point today and let us assist you in developing a compliance strategy that works for your organization.