Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Security and Privacy Are Pushing Archiving of Legacy EHR Systems

Posted on September 21, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In a recent McAfee Labs Threats Report, they said that “On average, a company detects 17 data loss incidents per day.” That stat is almost too hard to comprehend. No doubt it makes HIPAA compliance officers’ heads spin.

What’s even more disturbing from a healthcare perspective is that the report identifies hospitals as the easy targets for ransomware and that the attacks are relatively unsophisticated. Plus, one of the biggest healthcare security vulnerabilities is legacy systems. This is no surprise to me since I know so many healthcare organizations that set aside, forget about, or de-prioritize security when it comes to legacy systems. Legacy system security is the ticking time bomb of HIPAA compliance for most healthcare organizations.

In a recent EHR archiving infographic and archival whitepaper, Galen Healthcare Solutions highlighted that “50% of health systems are projected to be on second-generation technology by 2020.” From a technology perspective, we’re all saying that it’s about time we shift to next generation technology in healthcare. However, from a security and privacy perspective, this move is really scary. This means that 50% of health systems are going to have to secure legacy healthcare technology. If you take into account smaller IT systems, 100% of health systems have to manage (and secure) legacy technology.

Unlike other industries where you can decommission legacy systems, the same is not true in healthcare where Federal and State laws require retention of health data for lengthy periods of time. Galen Healthcare Solutions’ infographic offered this great chart to illustrate the legacy healthcare system retention requirements across the country:
healthcare-legacy-system-retention-requirements

Every healthcare CIO better have a solid strategy for how they’re going to deal with legacy EHR and other health IT systems. This includes ensuring easy access to legacy data along with ensuring that the legacy system is secure.

While many health systems use to leave their legacy systems running off in the corner of their data center or a random desk in their hospital, I’m seeing more and more healthcare organizations consolidating their EHR and health IT systems into some sort of healthcare data archive. Galen Healthcare Solution has put together this really impressive whitepaper that dives into all the details associated with healthcare data archives.

There are a lot of advantages to healthcare data archives. It retains the data to meet record retention laws, provides easy access to the data by end users, and simplifies the security process since you then only have to secure one health data archive instead of multiple legacy systems. While some think that EHR data archiving is expensive, it turns out that the ROI is much better than you’d expect when you factor in the maintenance costs associated with legacy systems together with the security risks associated with these outdated systems and other compliance and access issues that come with legacy systems.

I have no doubt that as EHR vendors and health IT systems continue consolidating, we’re going to have an explosion of legacy EHR systems that need to be managed and dealt with by every healthcare organization. Those organizations that treat this lightly will likely pay the price when their legacy systems are breached and their organization is stuck in the news for all the wrong reasons.

Galen Healthcare Solutions is a sponsor of the Tackling EHR & EMR Transition Series of blog posts on Hospital EMR and EHR.

EHR Data Extraction and Clinical Conversion

Posted on July 5, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I think it’s quite easy to predict that 3-5 years from now, one of the top topics on this blog and in the EHR world as a whole is going to be around EHR data extraction or if you prefer EMR data conversion. I’ve previously predicted that by the end of the EHR stimulus money we’re be lucky to achieve 50% EHR adoption. So, you’d think that in 3-5 years we’d still be talking about EHR selection and implementation. Certainly, that will still be a topic of discussion. Not to mention, which EHR vendor they should go to for their second EHR. However, I am certain that 3-5 years from now we’re going to see a mass of doctors switching EHR vendors.

As part of my EHR blog week challenge (if you’re a blogger, you should participate too), today I’m going to highlight one of the foremost EHR professional and technical services company’s blog, Galen Healthcare Solutions which focuses on EHR data conversion.

I know I’ve written about EMR data conversion a number of times before. Although, I haven’t written about it much for quite a while. I guess meaningful use and the EHR incentive money has kind of dominated the conversation. However, there’s much that can and should be said about EHR data conversion.

The first thing anyone should know about EHR data conversion is that it’s not easy. In fact, it’s quite frankly an incredibly painful experience in almost every regard. Just take a look at this blog post summary of the EHR Clinical data conversion process by Justin Campbell of Galen Healthcare Solutions. He summarizes the steps as follows:
* Data Extraction
* Data Analysis: Cross-Referencing
* Design: Data Filtering, Matching (Provider, Patient Item), and Exceptions/Errors
* Testing
* Go-Live

I believe the most challenging item on this list is likely the Data Extraction. Sure, the data analysis and design are a pain to do and do well. However, the data extraction is often the most difficult part of an EHR data conversion, because you’re often working with an unfriendly EHR vendor that has lost you as a customer. Unfortunately, many EHR vendors haven’t heeded my call for EHR data independence, and so it can be a miserable experience trying to get the information and access you need to do an EHR data conversion. In some cases the EHR vendors will try and hold that data hostage.

The key for those selecting an EHR software is to be sure that the process for exporting your data from the EHR is part of your EHR contract. If it’s not, then add it to your contract. If they won’t add it to your contract, there are 300+ EHR vendors to choose from. Certainly it’s a part of the EHR contract that you hope to never have to use. Don’t take that risk.

Justin Campbell has also posted a few different data conversion success stories on the Galen Healthcare Solutions blog. Obviously, Galen has a lot of experience with the Allscripts Professional EHR software and so you’ll note this bias throughout the blog. However, the experience of the conversion is very interesting.

Here’s a paragraph from one of their data conversion success stories: Azalea Orthopedics.

To facilitate this conversion, flat-file extracts were obtained from MedManager for dictionaries, demographics and appointments. However, instead of using these extracts to import into Allscripts PM, an alternative approach was taken in which real-time appointment and demographic interfaces were deployed from the client’s existing Allscripts Enterprise EHR to the new Allscripts PM environment. This offered the flexibility of having the PM data populate real-time. Interfaces were also required from Allscripts PM to Allscripts Enterprise EHR. Thus as part of the go-live, existing reg/sched interfaces from MedManager to Allscripts Enterprise EHR needed to be deployed.

I have to admit that this kind of complexity in healthcare is what drives so many doctors nuts. I’m sure there were some functional reasons that they had to do all these interfaces between the systems. What I don’t understand is why the interfaces need to stay in place after the conversion is complete (at least if I understand it correctly). Did Galen really have to implement an interface between Allscripts PM and Allscripts Enterprise EHR? I’m sure there’s some long history for why this has to happen, but it’s such a terrible design. Certainly this isn’t Galen’s fault, but Allscripts. Interfaces are really great….when they work. When they don’t work, they drive a clinic, the IT person and even the EHR vendor absolutely nuts. I’ll be interested to learn more from Galen about why they did what they did.

I did find their report on the number of transactions processed fascinating:
Demographics: 156,900 processed in 491 minutes (8.18 hours)
Appointments; 313,280 processed in 1570 minutes (26.17 hours)

That’s a lot of data being processed. Can you imagine having to run the 26 hour data conversion twice if you messed it up the first time? Yep, data conversion is a tricky thing and can be very time consuming if you’re not really thorough in the process.

Imagine how much data will be collected 5 years from now with all these EHR implementations happening. Plus, the above data was only appointments and demographics. It doesn’t even include the physicians charting and other clinical data.