The holidays are a time for giving, and — again this year — the team at Harmony Healthcare IT gave its time, talent and donations.  We are so pleased and grateful to work with such an exceptional group.

The festivities began with our annual caroling excursion to nursing homes nearby.  Donned in Christmas gear, the team tuned up its voices to harmonize on some Christmas Classics.  We’re always happy to bring joy to the elderly in our community, and, we get joy in return seeing their smiling faces and hearing them sing along.

Growth in our team in 2018 allowed us to expand and adopt an additional family this year from the St. Vincent DePaul Society, a Catholic lay organization that encourages person-to-person service to all in need.  Hours were spent shopping for, wrapping and delivering gifts.

“It feels good to know we’re helping to brighten up the holidays for these families,” says Collin Hickey, one of our business development representatives.  “This is what the Season is all about, and, I’m happy to be a part of a team that makes giving and serving throughout the year a priority.”

We rounded out the holidays by gathering together as a team to celebrate.  Our work family, sharing common core values, is strong.  As we continue to hire and grow, we remain #InHarmony, balancing work and life.  At this year’s party, we enjoyed good company, good food and — of course — another fun white elephant gift exchange.   Special thanks to Ruth and Colleen who coordinated a fantastic and festive evening for all.

We wish our employees, friends, families, clients and prospects a holiday season filled with joy.  We look forward to working hard in 2019 to realize, together, another prosperous year.  And, we fully intend — with grateful hearts — to give back to our community as the year unfolds.

When you’re ready to implement a legacy data archiving solution, you’ll want to find the right vendor with the right product.  Comparing products, apples-to-apples, can be challenging.

Over many years of demoing HealthData Archiver^®, the team at Harmony Healthcare IT has distilled down a list of features and functions that matter most to healthcare provider organizations. From workflow considerations to comprehensive capabilities, here are ten areas to address — along with questions to ask each vendor — so you can compare products effectively.

1. Access to Records: What are the options for how users access the archive of historical records?  Can they use various devices?  Browsers?  Can the solution store a variety of record types (patient, employee and business records) from numerous data sources and data domains?
2. EHR Integration/Single Sign-On: Does the product support Single Sign-On (SSO) from within our existing EHR?  If so, what standards are used?  What logic and/or patient matching is used to keep the patient in-context?  What is the workflow?
3. Privacy and Security: Is the solution HIPAA-compliant? What audit capabilities are built in?  Do you employ a full-time Privacy & Security Officer?  What certifications (i.e., HITRUST) does the vendor organization hold? What training is required of the vendor employees who will handle our data?
4. HIM Workflows: How will the archive address the day-to-day needs of our Health Information Management (HIM) team?  Release of information?  Records management?  Batch printing/exporting of records for audits?
5. Records Purging: Do you offer an option for purging that aligns with my record retention and destruction policies?  How is that functionality administrated?  Controlled?  Tracked?  Audited?  What sort of purge parameters exist?
6. eDiscovery/Search:  How responsive is the archive in delivering search results?  Does the system allow for advanced search and filtering of discrete data elements?  What sort of reporting and querying is available?
7. Data Sources/Views: How is the data presented in the archive?  Is the product intuitive and easy-to-use?  Can you easily access data from multiple sources and/or domains?
8. Transaction Posting: Does the product allow us to post against outstanding accounts receivable?  How does that work?  What is the workflow?
9. Hosting: What are your options for hosting versus an on-premise deployment?  If the product is hosted, where is the data center?  Is the data colocated?  Are there geo-redundancies?  Is there fiber optic connectivity?
10. Comprehensive Capabilities: Some solutions will excel in specific functions but fall short in others. Does this product have a proven track record of archiving in all functional areas, enterprise-wide? Can it scale to accommodate our perceived archiving needs into the future?  Is it backed by a strong and trustworthy management team?

At Harmony Healthcare IT, we’ve worked hard to make sure we can provide everything on this list and more. Ready to evaluate potential legacy data archiving solutions? Make sure HealthData Archiver^® is on your list. Learn more about HealthData Archiver^® here and contact us.

Years ago, EHR adoption was the focus. Now, there are many parallel fast-tracks that your healthcare IT team has to manage – system replacement, record retention requirements, record retrieval, security issues, legal needs and more. Plus, there now is more of an interest to upgrade the quality of content housed within the electronic record and ensuring it is authentic, as the value of legacy data is continuing to be demonstrated.  It’s called record management fitness.

In a report published by The Sedona Journal, the legal-focused author team reports that:

Eventually, record requirements will include both content and authentication specifications. But until then the industry is relying on The Joint Commission’s Hospital Accreditation Standards which includes minimum content requirements and guidelines for accuracy.

The team reviews the shortcomings of the data in some current EHR’s as a lack of making record-management fitness a priority during the adoption phase.

“Advancing EHRs as reliable records will also improve the systems’ abilities to provide the right information (data sets) in the right way (format) at the right time. To achieve this in the absence of national requirements, it is important for producing entities to test their EHR systems and meticulously review (and periodically reassess) outputs to understand what their systems will produce. Determining reasonable expectations of ROI production requests can be challenging, although at least one commentator notes that it is reasonably likely that the producing entity’s efforts will be a ‘failure.’”

http://www.craigball.com/EDD-The%20Practical%20Plaintiffs%20Guide.pdf

Our team is in the field daily with clients that are refining and managing the mountains of information they are required to retain. We see, and are a part of, the critical decisions about how to ensure the information is accurate, available and secure for years to come. It is staggering to think that discovery costs can range from $5,000 to $30,000 per gigabyte. There is a real cost benefit to improving interoperability and securing access to historical records.

Our team at Harmony Healthcare IT and Warner Norcross & Judd co-authored a white paper to showcase best practices for healthcare providers to mitigate legal risks, retain required data – especially in the case of EHR replacement – and build a cross-functional team to define a long-term data management plan that uses technology in a searchable and HIPAA-compliant format. Lowering overall health record retention costs with an eye on information efficiency and compliance are key points covered in the report.

We also recorded a webinar that provides information for healthcare organizations about the legal aspects of an enterprise-wide approach to data retention:

• how to mitigate legal risks by being prepared for litigation and audit eDiscovery
• what data to save and the issues that may arise when replacing systems
• how to govern data with technology as well as a cross-functional team

The session lasts for about 30 minutes with Q&A.

The content is ideal for representatives from legal, auditing, compliance and HIM. Other interested parties may include IT, finance, and clinical operations.

Our mission is to preserve vital information that improves lives.

Let’s talk.

Editor’s Note: The Sedona Journal is a publication of The Sedona Conference (TSC) a nonpartisan, nonprofit 501(c)(3) research and educational institute dedicated to the advanced study of law and policy in the areas of antitrust law, complex litigation, and intellectual property rights. The mission of TSC is to move the law forward in a reasoned and just way through the creation and publication of nonpartisan consensus commentaries and through advanced legal education for the bench and bar. For more info, click here.

Eighty-three percent of Forecast Panelists (FP’s) in a recent study by ASHP Research and Education Foundation predict that by 2020, at least 75% of health systems will require clinicians to document specific healthcare information into discrete data fields to support data queries and analysis.

Further, they report in pursuing this issue, priority should be given to diagnosis, treatment indication, and medication reconciliation information. Information from discrete data fields will give pharmacy departments opportunities to improve operations and patient care.

Source: Kevin Marvin, B.S. Pharmacy, M.S., FASHP, FHIMSS, Informatics Pharmacist Consultant, Swanton, Vermont; (ch: 21) Data and Technology: Supporting Quality Improvement In: Zellmer WA, ed. Pharmacy Forecast 2016-2020: strategic planning advice for pharmacy departments in hospitals and health systems. December 2015. Bethesda, MD: ASHP Research and Education Foundation: www.ashpfoundation.org/pharmacyforecast.

Data is the Future of Pharmacy 

“The key to the future of our profession is data, discrete data. Robustly stored, easily exchanged, [easily] displayed data. We can do so much with data,” said Samm Anderegg, PharmD, MS, BCPS, Pharmacy Manager of Oncology and Ambulatory Care Services at Georgia Regents Medical Center in Augusta, GA., in an article posted on the American Pharmacists Association website.

Anderegg continues: The next step is to share discrete data across the care continuum. Clinical Document Architecture (or C-CDA) provides a common framework for the development of electronic clinical documents to capture, store, and transmit data from one institution to another.

Source: https://www.pharmacist.com/pharmacy-data-exchange-next-technological-leap-health-care

Storing Discrete Data Offers Clinical Possibilities 

There are many benefits to having discrete, sortable electronic health records, including a more complete patient medical history and comprehensive prescription history. EMRs support the future of providing even better health care and having the option to sort and review discrete data sets helps this effort.

For pharmacy systems, a solid legacy data archive can be a smart step forward in securely managing historical patient medication data well into the future. A prescription medicine EMR archive offers compliance with the numerous local, state and national regulations and a single, easy to use solution for historical information. As healthcare systems streamline their go-forward systems to integrated solutions, having a single archive provides an easy, one-stop-shop access to historical pharmacy and other records which supports easy and efficient record retrieval.

Do you have more questions about pharmacy data storage and other health information archiving?

Contact Harmony Healthcare IT.

Our team at Harmony Healthcare IT is committed to supporting transformation in healthcare, especially in the area of securely archiving legacy health data. We look forward to NHIT Week (October 8-12, 2018) ,– a period dedicated to raising national awareness of the benefits information and technology can bring to the U.S. health system — and everything it means to be a part of “Catalyzing Change” in 2018 and beyond.

As stewards of the ever-growing volumes of health data that must be retained for up to 25 years or more, health IT teams are faced with many issues, including the best practices for retaining and protecting legacy data throughout its entire lifecycle.

Privacy and security issues are especially magnified during times of system replacement, or any time, that legacy data is on the move. When migrating personally identifiable information (PII) from one database to another, privacy and security are critical.  Because of the critical role data archiving vendors play to migrate and retain patient or employee data from your inventory of legacy systems into a single storage place, vetting out their commitment to security protocols and standards should be a top priority.

We support healthcare transformation by creating and sharing robust tools and checklists to better equip our industry partners. For this reason, we’ve developed:

10 privacy and security questions to ask your future data archiving partner to make sure your data is safe

1. Do you have a full time Privacy and Security Officer and/or Compliance Officer on staff?
   With so much at stake, it is appropriate to expect and verify that a senior level resource is dedicated to managing security and privacy 100% of the time.
2. Will all of your data (ePHI & PII) be stored within a Tier III or higher data center?
   The classification of the data center is pertinent to data security but also to ensure the product will operate at the up-time levels a healthcare provider requires.
3. Have you committed to security excellence by obtaining a HITRUST or other CSF Certification?
   This sort of credentialing is voluntary and can be indicative of their priorities when it comes to data security. Ask if they’ve taken the time and resources to achieve this level of certification.
4. Have you made a formal commitment to employee security training and awareness?
   Ensuring protection against the latest threats to your healthcare data is a moving target. Ask how their workforce maintains its HIPAA knowledge base and stays ahead of the curve.
5. What is your process to maintain privacy and security policies and procedures?
   Their policies and procedures should be reviewed and updated routinely in order to keep up with the changes in policy and risk management best practices.
6. Will our data be fully secure while in transit and at rest?
   With lots of data to manage, it is critical to protect it at every stage. Ask about their security framework for this process.
7. What are your data validation standards to ensure we meet data retention requirements?
   It is important to ask how your archiving partner will plan and execute the creation of your data archive. Data integrity is in the details.
8. Do you offer features like Single Sign-On or admin control over security of user permissions?
   Features that enable your ability to refine the way you can monitor user access further enhance the overall security of your data archive.
9. Does your archive solution contain robust audit solutions like FairWarning^® to monitor initial and ongoing access?
   Push beyond the general assurances and ask about how data will be tracked at each stage of user access. Can they send their audit logs, automatically, to one integrated audit product?
10. Do you carry adequate Cyber Security Insurance to protect all parties involved?
    As stewards of your data, a good data archiving vendor will be prepared to cover you and themselves in the event of a breach.

As healthcare continues to be one of the most sought after industries for cyber security crimes, we all need to be on guard and doing everything we can to ensure the data is secure and that every link in the chain is solid.  We do this during National Health IT Week each year, and every week in between.

Harmony Healthcare IT is a FairWarning Ready Healthcare Data Archiving Partner.

FairWarning^® is a registered trademark of FairWarning, Inc.

Note: Shannon Larkin, Vice President of Marketing and Business Development, for Harmony Healthcare IT will present “Patient & Employee Record Retention Strategies When Systems Get Replaced” at 11:00 a.m., Tuesday, October 9, 2018, during the Clinical Practice Compliance Conference in San Diego. For more information about the event, click here.

Most healthcare providers today are at risk, keeping out-of-production electronic health records (EHR) and enterprise resource planning (ERP) systems up and running simply to meet record retention requirements. Although each backstory is a little different, most organizations have at least a small collection of legacy systems—each storing personally identifiable information for patients or employees. Some of these systems were inherited during mergers and acquisitions; some were sunset by the respective vendor; others were simply replaced after failing to meet user production or workflow requirements. These outdated systems were likely built on a variety of platforms and developed sometime over the last 10–25 years. They also likely sit alongside newer “go-forward” EHR or ERP systems that actively manage the current workload, yet don’t offer an easy or affordable pathway for consolidating and storing the historical data.

This multi-generational band of legacy EHR and ERP systems collectively is charged with meeting record retention regulations set at agency, state, and national levels as well as HIPAA regulations for privacy and security. Depending on medical specialty or facility type, some records might need to be kept for 25 years or more and, if there is an audit or need to access the data, there often is a tight timetable for producing the information. Efficient e-discovery and release of information can quickly become a tall order, particularly if patient or employee data is stored in multiple systems.

More importantly, out-of-production systems—especially those not being routinely upgraded or patched—create risks for system failure and cybersecurity attacks. It is not surprising that vulnerabilities from aging applications and technologies are the number one concern IT executives cited with respect to cybersecurity in the “2017 Federal CIO Survey” conducted by Grant Thornton and the Professional Services Council.¹ This concern correlates with healthcare ranking number one for cybersecurity attacks for the same year, when it previously hadn’t been in the top six.²

The article continues with insights about optimal record retention strategies with an eye on security and recommendations about what organizations can do to ensure data is intact, searchable and secure for its entire lifecycle. To read the complete article, click here.

We also welcome you to contact us and we can walk through your story. Our team can help you navigate system replacement while keeping your legacy data secure.

Note:
The information above is an excerpt from an article Larkin authored for Compliance Today: “Copyright [2018] Compliance Today, a publication of the Health Care Compliance Association (HCCA).” For more information about the magazine, click here.

References:
¹Grant Thornton: “2017 Federal CIO Survey” September 2017. Available here. ²“McAfee Labs Report Sees Cyberattacks Target Healthcare and Social Media Users” Business Wire; September 26 2017. Available here.

KLAS Research, a healthcare IT data and insights company, posted a blog earlier this year indicating they’ll follow and report back to provider organizations on the archiving market segment.  The article, written by Nathan Evans, includes three cost savings points for provider organizations to consider when implementing an archive from a third-party vendor:

• It could mean $100,000 in savings in a single year
• It will still allow access to historical data
• It will allow for collections on patients whose data is archived

We appreciate the effort KLAS is making to “do some digging to find out which data archiving vendors offer the best, broadest, and highest-value services.”  We are excited for provider feedback on our product and services to be part of KLAS’ research, because we love what we do.

At Harmony Healthcare IT, our mission to “preserve vital information to improve lives.” We do that with our product, HealthData Archiver^®, which delivers on the cost-savings, information access and transaction posting benefits Nathan describes in his blog.  It also fortifies defenses against cyberattack by providing a single and secure storage place for disparate silos of legacy data.

Here’s the thing: health data tells a story. The more data, the richer the content and the deeper the storyline. An archive is integral to providing a complete clinical narrative to clinicians, HIM resources, researchers and legal and compliance officers to ensure better outcomes and allow for more efficient eDiscovery.

We appreciate the attention that KLAS is giving to this important segment within healthcare IT.

Connect with us for a demo and a conversation.

We’re here for you today and always, just like our archive.

Every day we dig deep to provide industry-leading healthcare IT products and services. We also regularly take a step back from our technical work to find meaningful ways to support our community.

Our team is pleased to sponsor a room at Mad Anthonys Children’s Hope House in Fort Wayne. The mission of Mad Anthonys is to offer temporary, minimal-cost lodging to parents and families of children receiving medical care away from home; to provide families with a place of comfort, hope and emotional support; to serve families regardless of race, gender, religious or political affiliation; and never turn away any family due to inability to pay.

We are thankful the Harmony Healthcare IT room has served 65 individuals for a total of 293 overnight stays. Those families were from 19 counties including: Allen, Branch, Calhoun, Defiance, Dekalb, Elkhart, Grant, Hillsborough, Huntington, Jackson, Jay, Kent, Kosciusko, Mercer, Miami, St. Joe, Wabash, Whitley, and Williams.

We are very humbled by the kind words from one of those families:

“I just want to say thank you, from the bottom of my heart. Without this room, we wouldn’t be able to see my daughter in NICU. She was born 3 ½ months early and this place is amazing in helping my husband and I to remain strong and to stick together through these times. It’s hard on a family with people they love in the hospital. Thank you for holding our family together, the impact is larger than you could even imagine!” – Smith Family

We also appreciate this message from Andrew Gritzmaker, Executive Director of Mad Anthonys Children’s Hope House:

“True to their core values, Harmony Healthcare IT continues to help us serve our families in a humble way, always striving to exceed their expectations and never ceasing to improve upon the respite we offer. Their room sponsorship provides a safe haven for families facing the uncertainties of a pediatric and neonatal medical emergencies. Their love and support inspires the work we do each day.”

Each year Mad Anthonys Children’s Hope House serves more than 750 families with more than 3,000 overnight accommodations. The organization is an independent hospital hospitality house and is primarily funded by grants, fundraisers, and corporate generosity.

For more information, visit: http://www.childrenshopefw.org/

Data breaches and insider user threats continue to plague the healthcare industry. Recent stats are a shocking reminder that cybersecurity is digging in as a major obstacle for healthcare IT teams.

A few points that underline the severity include:

• Around 1.13 million patient records were compromised in 110 healthcare data breaches in the first quarter of 2018, according to data released May 3 in the Protenus Breach Barometer.
• The Breach Barometer also found that it takes healthcare organizations an average of 244 days to detect a breach once it has occurred.
• If healthcare employees breach patient privacy once, there is a greater than 20 percent chance that they will breach it again in three months’ time, and there is a greater than 54 percent chance they will do it again in one year, according to Protenus data.

Logicworks, a leading provider of cloud automation and managed services, lists five reasons why health data continues to be a cybersecurity target:

1. Systems are old and complex
2. Health IT is 95% Manual Work
3. Disjointed Monitoring
4. “We’re already HIPAA compliant”
5. Healthcare data is extremely valuable

It’s not a surprise that cybersecurity insurance has become a must-have for every medical practice, hospital, health system and vendor. Cyber insurance covers loss and damages from hacking and ransomware, as well as accidents. While malpractice insurance may cover some issues, there usually are limits and a lot of exceptions with having only this type of coverage. As data continues to move through practices, insurers, hospitals, and labs, there is an increased risk for attack and accidental disclosure. In a recent article in Modern Medicine, HIMSS suggests that keeping the data safe is a shared responsibility.

There are numerous proactive and protective actions you can take to safeguard the valuable health data in your care — especially the legacy data you’re storing long-term to comply with record retention requirements. We’ve developed a resource of the 10 privacy and security questions you should ask your future data archiving partner to ensure your data is safe. This is a great resource if your organization is vetting out system decommissioning partners.  We also have a comprehensive security-focused white paper with numerous suggestions and action steps to consider.

Is your medical practice, hospital or health system working through security issues? (We know, who isn’t, right?) Are you shoring up disparate silos of legacy health records to button up your risk? (Again, a somewhat redundant question, but you get the point.)

Connect with our team. We can help.

Preparing for the Unexpected

When developing a potential exit plan for your healthcare facility, make sure to first research the medical record retention laws in your state.  The American Health Information Management Association (AHIMA) has consolidated a summary of these laws in every state.  Take a close look at what is required and develop a plan that meets these medical information preservation guidelines. In some cases, that may mean working with a state health department or agency. In other cases, it may mean working with other healthcare facilities and providers in the area. In all cases, it is important to have a record custodian plan in place well before a facility closure so that employees and patients are able to gain access to records as required.

Safeguarding Records Before and After Facility Closure or Acquisition

With an emphasis on safeguarding patient data for the full retention period, both state and federal agencies provide a great deal of guidance. Take a look at the National Center for Biotechnology Information (NCBI), which provides guidance for health information management professionals who “are uniquely positioned to assist an organization in closure efforts because of their knowledge of revenue cycle operations, ability to work with the software products used to generate and store patient information, and solid understanding of the process of care and treatment of the patient.”

The team of data management experts at Harmony Healthcare IT has spent decades developing and refining solutions to help hospitals store patient data securely, economically and within the bounds of state and federal guidelines. Our data management solution, HealthData Platform^™(TM) , is a critical piece of the puzzle for hundreds of hospitals around the country preserving protected health information for the long haul.

Considerations for Release of Records

Harmony’s Records Release service expands on legacy data management services to support long-term records request fulfillment. Harmony serves as an outsourced records release provider to the closing facility, serving as an operational records custodian for healthcare delivery organizations of all sizes.  These services include data extraction from a legacy system, record retention in an active archive, monitoring of a web landing page for record requests, and secure record delivery for patients, employers and payers with a detailed audit trail.  This can be an ideal and secure option for healthcare delivery organizations that need it.

Contact us to learn now HealthData Archiver^® can help your facility to plan for the future, no matter what it may hold.

Updated from an earlier blog originally published on Sep 06 2018