Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Health Information Governance of 3rd Party Vendors

Posted on August 26, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.


I love when my eyes are opened to an issue that I haven’t heard people talking about. That’s what happened when I heard Deborah Green from AHIMA say that health information governance includes your third party vendors. I’m not sure how many organizations realize this and treat it appropriately.

What’s ironic is that we definitely do this with HIPAA. This is particularly true in the HIPAA omnibus world. Healthcare organizations have a certain expectation around security and privacy when it comes to their third party vendors. It’s a major part of every RFP I’ve ever seen in healthcare.

Why then don’t we treat information governance with third parties the same as we do with HIPAA?

My guess is that some organizations do, but they haven’t really thought about it in this way. It’s an informal part of how they deal with third party vendors. For example, how are third party vendors storing your organization’s health data? Do they dispose of it properly? etc etc etc. These are all great health information governance questions that we’re asking ourselves, but are we asking our third party vendors these questions as well? Should we be asking them?

One challenge I think we face is that we assume that if we’re paying a vendor to do something, that the vendor is going to do it the right way. We assume that a paid service is going to be done in the best way possible. I’m sure your experience like mine is that just isn’t the case. Was it Reagan that said, Trust but verify? That seems appropriate in this instance.

What’s clear to me is that health data is going to become more and more valuable to healthcare organizations. Making sure you have a handle on that data is going to be an important part of ensuring your financial future. That includes making sure that your third party vendors use good health information governance principles as well.

Transferring Custody of a Chart to the Patient – Could That Drive Patient Engagement?

Posted on August 11, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I recently wrote about the concept of health information disposal and how we’re going to have to reevaluate how we approach disposing of patients charts in this new digital world. Plus, EHR vendors are going to have to build the functionality to make it a reality. However, some replied to that article that in this new world we shouldn’t ever dispose of charts.

We’ll leave that argument for that article (or in the comments) and instead discuss another concept that Deborah Green from AHIMA told me about. Deborah suggested that one possible solution for digital chart disposal would be to transfer custody of the chart to the patient. I think that terminology might not sit right with some people since the patient should have access to the chart regardless. However I think the word custody has a slightly different meaning.

When a healthcare organization is ready to dispose of an electronic chart based on their record retention laws (which usually vary by state), then it’s the perfect time to give patients the opportunity to download and retain a copy of their paper chart before it’s destroyed. In that way, the healthcare organization could worry less about deleting the electronic chart since they’ve transferred “custody” of the chart to the patient.

This removes the responsibility of storing the patient chart from the healthcare organization and puts it on the patients that want to have their entire medical chart. The perfect custodian of the patient chart is the patient. At least it should be.

I wonder if a healthcare organization informing patients that their old charts will be deleted would be enough to actually drive patient engagement and download of their electronic record. While meaningful use has required the view, download and transmit of records by patients, most people have been gaming that requirement without patients really getting the benefit. I have a feeling that patients hearing the words “deleted chart” would wake a lot of them up from their slumber. They wouldn’t know why they’d want the paper chart, but I imagine many would take action and preserve their medical record. Once they download the chart, it would be the first step towards actually engaging with their health data.

What do you think? Is transferring custody of the electronic record the right approach to health information disposal? Would this drive a new form of patient engagement? Would it wake up the sleeping giant which is involved patients?