Written by David Navarro, Senior Director of Data Science, Harmony Healthcare IT

In June of 2020, the 21st Century Cures Act (Cures Act) Final Rule became effective. One of the biggest changes, and challenges as a result of the Cures Act is that patients will be entitled to use patient-facing API enabled applications of their choice to download their health data into an application of their choice. An example of an API use is when patients utilize mobile personal health record apps with APIs to gather data from fitness trackers. Now that certified electronic health records (EHRs) are required to provide APIs, patients will be able to connect with these APIs to gather and share health information. For example, they may be able to use an API to electronically share diagnostic information – like blood pressure readings and blood sugar levels – with their doctor in real time.

The ONC outlines the real-world of steps of patients using APIs:

1. The patient downloads a secure healthcare app and logs in with a username and password.
2. The patient uses the application to create a secure link between the application and healthcare provider’s EHR.
3. The application sends a request to the patient’s healthcare provider EHR asking for access to his/her medical records.
4. The healthcare provider’s EHR validates the request coming through its API and sends the patient’s data back to the application.
5. The patient accesses health information from the application and can merge this information with other health information from other sources. For example, the patient can gather information from various EHR portals to aggregate data in one place.

Health IT Considerations for APIs

From a healthcare provider’s standpoint, there are many new technologies that need to integrate to enable the true interoperability of health information to comply with the Cures Act requirements. The Final Rule promotes the implementation of HL7 Fast Healthcare Interoperability Resources Application Programming Interfaces (HL7 FHIR APIs), and specifically targets APIs that have the greatest impact on patient care.

To better understand HL7^® FHIR^® Representational State Transfer (REST) APIs, it is important to define a few key terms:

API – Application Programming Interface: A set of rules that allows programs to talk to each other. The developer creates the API on the server and allows the client to talk to it. APIs are increasingly important in healthcare data exchange for data analytics, medical research or creating ways to access the EHR.

Some APIs are rigidly programmed which makes data exchange challenging. For example, a data field cannot accept both “1” and “one” as entries. The adoption of the API criteria was a move to align with industry efforts to promote interoperability through the implementation of API ‘read‘ services leveraging FHIR 4.1. The implementation of FHIR reduces efforts for data integration and makes the sharing of healthcare data easier through the open standard.

REST – Representational State Transfer: A set of rules, or an information exchange standard, that developers follow when they create the API. REST is a method of exchanging information using the World Wide Web standard transfer protocol HTTP (Hypertext Transfer Protocol).

HL7^®: A framework (and related standards) for the exchange, integration, sharing and retrieval of electronic health information. These standards define how information is packaged and communicated from one party to another. HL7 standards are recognized as some of the most utilized healthcare standards in the world.

HL7 FHIR^®: An interoperability standard intended to facilitate the exchange of healthcare information between organizations. It consists of content models in the form of data packages referred to as ‘resources’  which are deployed via web services and open web technologies.

HL7^® FHIR^® RESTful API: Putting it all together, HL7 FHIR uses REST as the basis for data exchange in its API. Healthcare data types such as medications, observations and patients are represented by their own Resources, which can be requested via a RESTful HTTP command to retrieve precise information. Using the FHIR API, each request would supply the data needed based on the search terms. By using REST architecture, FHIR takes the best of existing health information technology and common internet standards to create a modern method of interoperability.

Where should I begin with HL7 FHIR RESTful API?

First, familiarize yourself with the FHIR specification. FHIR has created the FHIR US Core Implementation Guide which defines a minimum set of constraints on existing FHIR resources. The guide applies to data defined in United States Core Data for Interoperability (USCDI) V1 and provides overall guidance on how to use the defined profiles and transactions. It includes 35 defined resources and numerous examples of implemented transactions in JSON and XML formats.

One important point is to keep all systems current and patched. Security issues, while already top of mind, need even more of a focus as there are more data streams going in and out of the organization. It also is imperative to restrict access from the FHIR gateways by allowing communication to only the minimum necessary ports and protocols to accomplish this task.

What are the relevant timelines for Final Act certification?

• December 15, 2021 – Real world vendor testing plans demonstrating interoperability and functionality were due to the ONC.
• April 1, 2022 – First attestation of conditions of certification required.
• December 31, 2022 – New HL7 FHIR API capability must be made available.

What implementation approach should I use?

All FHIR strategies should be comprised of a gateway to expose FHIR endpoints to external systems. A gateway solution should include support for transaction validation and auditing and include the ability to incorporate authentication and authorization services. For organizations that store data as native FHIR objects, the move to conform to a FHIR data sharing model is most likely part of an existing FHIR gateway solution. Organizations that store data outside of a native FHIR repository have the choice to implement a ‘FHIR as a Façade’ solution or ‘FHIR data aggregation’ model.

In a ‘FHIR as a Façade’ model, a gateway would receive native FHIR API calls and transform the requests into a database call such as SQL. The data returned by the call would be formatted into the FHIR response by the gateway before returning it to the requesting application. This model relies on a suite of tools implemented on the FHIR gateway that enable the mapping of data to and from the FHIR standard.

In a FHIR data aggregation model, programming routines are needed to extract and format data from an existing repository. This data is formatted into FHIR standards and is then pushed to a native FHIR repository where it can be accessed via a FHIR gateway.

All FHIR implementation models require technical planning and an ample amount of time to complete testing. Most organizations will need to invest in upgrading their current platforms or implementing additional modules to implement HL7 FHIR. Organizations should not delay in their design, development and testing in a solution that makes their data interoperable.

Ensure your organization doesn’t end up (unintentionally) blocking information

Media reports say the ONC has received 249 valid information blocking claims submitted through its reporting portal since the regulation took effect in April of 2021. About two-thirds of those issues involve patient complaints of excessive charges or delays in obtaining information. Provider complaints include EHR vendors failing to assist with migrating data to a replacement system. The ONC in a recent blog describes that participants who engage in information blocking practices may face penalties as well as notices of non-conformity which could include certification terminations and bans.

What is Harmony Healthcare IT doing to assist organizations with API data integration?

Legacy data plays an important role in the safety and care of patients. Harmony Healthcare IT is committed to ensuring our legacy data solutions align with interoperability practices defined in the 21^st Century Cures Act. Our goal is to provide legacy data in a consumable format that aligns with CCDA and FHIR standards harmonizing technology with the patient care experience.

As a data management firm that moves and stores patient, employee and business records for healthcare organizations, Harmony Healthcare IT can help your team address its lifecycle data management strategy and implementation plans. Whether you are preparing active or legacy patient records for interoperability, our team of data experts may be called upon to assist with the development of your strategy and contemplation of how legacy data will play a role.

Harmony Healthcare IT has blogged about key impacts of the Cures Act as there are major shifts and considerations for those Information Technology (IT), Health Information Management (HIM), Legal, Revenue Cycle, and other provider teams involved in making sure their organizations are compliant. Those recently published blogs include The 2022 ONC Annual Meeting Recap and Understanding TEFCA and its Role in National Interoperability.

As Senior Director of Data Science at Harmony Healthcare IT, David Navarro drives interoperability initiatives and focuses on the curation and accessibility of data in the healthcare ecosystem.

SOUTH BEND, Indiana (FEB. 25, 2022) Harmony Healthcare IT, a medical data management firm in South Bend, has been named to the “Best Places to Work in Indiana” list for the second year in a row.  The award program, created by the Indiana Chamber of Commerce, recognizes and honors leading employers with outstanding workplace cultures. 

One of only a few 2022 award winners in the South Bend area, Harmony Healthcare IT is part of an elite group of 125 businesses statewide that will be officially celebrated at a ceremony on May 12, featured in the Indiana Chamber’s BizVoice^® magazine, and hosted on the “Inside INdiana Business with Gerry Dick” statewide television program. 

“I am proud of our team and our contribution to healthcare,” said Tom Liddell, CEO of Harmony Healthcare IT. “We demand a lot of ourselves for the benefit of our clients and their patients.  We serve with humility within a culture that fosters innovation, recognizes performance, and rewards hard work.” 

The “Best Places to Work in Indiana” award criteria is weighted with 80 percent focused on comprehensive employee feedback about culture, benefits, perks, flexibility and the overall employee experience and the remaining 20 percent measuring the company’s workplace policies, practices, philosophy, systems and demographics. 

Harmony Healthcare IT moved to a new building in 2021 to accommodate a team that expanded by 30 percent over the past two years.  As steady growth continues, there are open positions which offer a variety of unique benefits ranging from an employee options program to wellness reimbursement to paid time off for volunteering.  

“We have many tremendous employers in the state, so it’s great to see more and more companies take part in this effort to evaluate their workplace cultures and gain the recognition they deserve,” says Indiana Chamber President Kevin Brinegar. “These companies consistently demonstrate to their employees how much they value their contributions.” 

For the complete list of companies named to the 2022 Best Places to Work in Indiana, visit the Workforce Research Group’s website. 

Written by David Navarro, Senior Director of Data Science, Harmony Healthcare IT

Interoperability challenges have troubled the healthcare industry for many years. There have been many efforts and countless standards, specifications, and implementation guides developed by respected organizations such as HL7, IHE International, The Sequoia Project, and The CommonWell Health Alliance. These efforts involved countless implementation attempts by organizations and vendors with varying degrees of success. Today, organizations are successfully exchanging data at the community, state, and regional levels; however, the lack of a single coordinating entity has prevented nationwide healthcare interoperability.

Until now.

TEFCA, A Definition and List of Participating Entities

Expected to coordinate the effort to enable nationwide healthcare interoperability, TEFCA is the Trusted Exchange Framework and Common Agreement released by the Office of the National Coordinator for Health Information Technology (ONC) in January of 2022.  TEFCA represents the fulfillment of the 2016 21st Century Cures Act to develop a trusted exchange framework and a common agreement to facilitate the exchange of health data across a national network.

Here is a breakdown of TEFCA:

The ‘TEF’ of TEFCA stands for Trusted Exchange Framework, which is a broad document describing the high-level foundation for trust policies and practices that should be implemented to facilitate exchange among health information networks (HINs). These are also known as the ‘Principles for Trusted Exchange.’

The ‘CA’ of TEFCA stands for Common Agreement. This is a legal agreement that defines the baseline legal and technical requirements for securely exchanging data on a nationwide scale. This document also describes the different roles of participation in TEFCA. It is expected that most health systems will fall into the ‘Participant’ level category and will not be required to sign this specific agreement. As TEFCA infrastructure progresses, the expectation is that some form of legal agreement will filter down to ‘Participants’. Below is a list of participating entities defined by the Common Agreement:

• Recognized Coordinating Entity (RCE)
  • Responsible for developing, implementing, and maintaining the Common Agreement component of TEFCA.
  • Currently, this role is filled by The Sequoia Project.

• Qualified Health Information Network (QHIN)
  • QHINs are the implementers of the technology backbone for the nationwide network. They will implement technical capabilities to connect Participants on a nationwide scale.
  • QHINs are responsible for implementing and enforcing the technical specification known as the QHIN Technical Framework (QTF).
  • As of January 2022, these roles are pending and are expected to be filled Q2 2022.

• Participant (most organizations will fall into the ‘Participant’ category)
  • A participant is defined as a Covered Entity or a Business Associate that has entered into a Participant-QHIN Agreement. The participant agrees to transmit or receive information via QHIN-to-QHIN exchange. This can be a health system EHR, Health Information Exchange, or anyone else who connects to the QHIN.
  • As of January 2022, these roles are pending the selection of QHINs.

• Sub Participant
  • Can be considered members of the health system EHR or other ancillary systems within the Participant organization. This includes persons or entities that use the services of a Participant to send and receive electronic health information (EHI).
  • As of Jan 2022 – These roles are pending the enrollment of Participants.

TEFCA’s First Iteration and the Role of FHIR

The first iteration of TEFCA focuses on document-based query and message delivery by leveraging the Integration for Healthcare Enterprises (IHE) International Integration Profiles to query and retrieve HL7 CDA documents for patients.

In general, an organization must be able to support the following or partner with a system that stores CCDA documents (including legacy data) accessible via IHE transactions. Requirements include:

• The ability to create HL7 CCDA documents in accordance with the Transitions of Care 2015 Edition Cures Update 08-02-2021 §170.315 (b)(1).
• An IHE Gateway and underlying infrastructure to support the following IHE Gateway profiles (IHE XUA, IHE XCPD, IHE XCA, IHE ATNA) for CCDA documents.

The first iteration of TEFCA focuses on document-based exchange and does not implement Fast Healthcare Interoperability Resources (FHIR) as an interoperability method. FHIR is on the TEFCA roadmap with work beginning in 2022 to integrate FHIR into TEFCA. For more information, see the Roadmap for TEFCA Exchange for planned FHIR Integration.

Organizations should not delay the implementation of FHIR capabilities and keep moving forward to meet the 21^st Century Cures Act requirement for Standardized API for patient and population § 170.315(g)(10). The development of a FHIR infrastructure and strategy will converge and complement the efforts set forth by TEFCA.

The Time for Interoperability Planning is Now

With the final draft of TEFCA complete and the QHIN selection and onboarding forthcoming, the time for interoperability planning and execution is here.

Harmony Healthcare IT, a data management firm that moves and stores patient, employee, and business records for healthcare organizations, can help. Whether you are preparing active or legacy patient records for interoperability, our team of data experts may be called upon to assist with the development of your strategy and contemplation of how legacy data will play a role.

Let’s connect to discuss your health data management planning for TEFCA and beyond.

As Senior Director of Data Science at Harmony Healthcare IT, David Navarro drives interoperability initiatives and focuses on the curation and accessibility of data in the healthcare ecosystem.

Written by David Navarro, Senior Director of Data Science, Harmony Healthcare IT

While the industry goal is that health data should be captured and stored in a standard format with consistent clinical content to reduce any technical barriers preventing exchange, the industry recognizes that this is an enormous challenge.

For this reason, I – along with other healthcare IT developers, providers organizations, and a variety of health care entities — attended two days’ worth of educational sessions at Part One of the Virtual Annual Meeting held by The Office of the National Coordinator for Health Information Technology (ONC). The meeting offered an opportunity to participate in question-and-answer sessions aimed at clarifying regulations.  An emphasis throughout the meeting was on making data (including legacy data) available for exchange across the healthcare landscape.

Interoperability as the Primary Theme

Interoperability was the primary theme.  With compliance deadlines looming in 2022, in-depth reviews of these pending interoperability-related topics were welcomed by attendees:

• The expansion of the United States Core Data for Interoperability (USCDI)
• The 21^st Century Cures Act Information Blocking Regulation
• The Trusted Exchange Framework and Common Agreement (TEFCA)

Going Granular with USCDI to Make Interoperability a Reality

So, how do we get started on making interoperability a reality? By going granular.

The ONC recommends shifting to a methodology where data is created and stored in industry-accepted standards. For both current and legacy data, the ONC recommends starting with a foundational approach on the type of data an organization is documenting on patients, as well as, a consideration for the level of detail associated with each piece of data.

USCDI, a standardized set of health data classes and constituent data elements for interoperable health information exchange, should be used as a minimum guide for provider organizations determining what data classes and elements will be stored and made interoperable. The USCDI standard prescribes specific concepts (LOINC, SNOMED, CPT, ICD10, etc.) that should be utilized to store patient observations.  The ONC has adopted USCDI V1 as the content standard for current regulations but recommends that organizations keep their eye on USCDI V2 and proposed USCDI V3.

Keeping Focused on the Information Blocking Rule and Exceptions 

A key subject in the meetings was the importance of understanding the 21^st Century Cures Act’s Information Blocking Rule and how its exceptions support the information sharing process. The recommended approach for this regulation is also to first address the proper classification of data.  Again, this granular data approach enables the creation of formats such as the Consolidated Clinical Document Architecture (CCDA) required for TEFCA, the Trusted Exchange Framework and Common Agreement.  This approach also enables HL7^® FHIR^® (Fast Healthcare Interoperability Resources) that is required for the ONC Health IT Certification Program, a voluntary certification program established by the ONC to provide for the certification of health IT.

Striving for National Interoperability with TEFCA

TEFCA is a common set of principles, terms, and conditions to support the development of a Common Agreement that would help enable nationwide exchange of electronic health information (EHI) across disparate health information networks (HINs). Expected to coordinate the effort to enable nationwide healthcare interoperability, TEFCA was released by the ONC in January of 2022 and represents the fulfillment of the 2016 21st Century Cures Act.  Get a deeper breakdown of TEFCA.

Getting Help with Getting Started

It is important that organizations understand all the provisions detailed in the 21^st Century Cures Act and apply the broad regulations to their specific interoperability use cases. All data, current and legacy, should be interoperable to ensure quality patient care and to support efficient clinical workflows.

If you’re ready to get started on talking about your health data and the need for interoperability, contact me or my team.  As a data management firm that moves and stores patient, employee, and business records for healthcare organizations, Harmony Healthcare IT is up to date on interoperability strategies, willing to help you develop your plans, and ready to attend Part 2 of the 2022 ONC Annual Meeting on April 13-14.

Contact Us.

Additional Resources

Part 2 of The Annual ONC Meeting Recap

As Senior Director of Data Science at Harmony Healthcare IT, David Navarro drives interoperability initiatives and focuses on the curation and accessibility of data in the healthcare ecosystem.

To gain insights into how active archiving contributes to business value, Harmony Healthcare IT co-commissioned research of IT professionals across numerous industries in the U.S. and Canada. We wanted to take a wide look at the challenges, plans, strategies and trends that are emerging in active data storage.

Our intention was to:

• Assess the general state of data archiving
• Understand how IT organizations in many industries utilize active archiving
• Highlight key trends with a focus on how cloud services impact archiving
• Measure archive data growth and trends

Legacy data access is at the heart of most organizations

With skyrocketing data growth showing no signs of slowing down, businesses across every industry are becoming more data reliant. We weren’t surprised to learn that legacy data is a key ingredient in the data-rich business landscape. Gone are the days of passive legacy data as 44% of those surveyed report their users look at archived data daily and 79% report weekly usage.

While we spend a lot of time reviewing record retention guidelines in healthcare, the research found that most organizations (regardless of industry) retain their archived data for 10 years and the volume of active archive growth is at a 36% annual mean growth rate. But, this isn’t just a store it and forget it type of scenario. Organizations are focused on keeping legacy data accessible and utilizing tools that offer data retrieval within minutes. In fact, 33% of those who expect to invest in active archive spending in the next 24 months, rate improved data retrieval times as key.

Scalability ranked as the number one preferred attribute of active archive solutions

IT professionals surveyed ranked scalability and robust search as distinguishing factors among preferred solutions. The top preferred attributes included:

• 65% – Very high or unlimited storage scalability
• 53% – Contextual search capabilities
• 52% – Provides cost-efficiency
• 49% – Leverages public cloud services
• 47% – Provides a front-end user interface
• 46% – Uses a combination of storage technologies
• 39% – Must be available on-premises
• 35% – Provides a front-end performance layer

Cloud is the most widely used storage platform for archive data – but many organizations have a hybrid

The research found that 93% of organizations store their archive data in the cloud and that nearly nine in ten use these services for their active archive data. From an infrastructure standpoint, our cross-industry research reflected that 61% of active archives are a blend of cloud and on-premises deployments.

Big picture finding: Data (including legacy data) is a business asset that can return value to the organization

Organizations report having realized many key technical and business benefits with an active archive. The top of the list is improved data access with improved data efficiencies following in a close second. This confirms the conclusion that an “active” archive is needed to deliver business value with lifecycle data.

Five top benefits of an active archive:

1. Improved data access
2. Operational efficiency in supporting core business
3. Improved data lifecycle
4. More efficient way to perform certain big data/analytics functions
5. Improved cyber-resilience

To read the ebook with research highlights, click here.

We appreciate the opportunity to learn from other industries. It is why we co-commissioned this study and why we are a member of the Active Archive Alliance, a vendor-neutral trusted source for providing end-users with technical expertise and guidance to design and implement modern active archive strategies that solve data growth challenges through intelligent data management.

We use a variety of sources for information as well as what we know from our own experience of extracting, converting, migrating and retaining records from over 550 clinical, financial and administrative software brands commonly used in healthcare delivery organizations.  Our focus in managing data exclusively for the healthcare industry helps us to pioneer and deliver outstanding HITRUST CSF^®-certified cloud-based storage solutions – HealthData Archiver^®®, HealthData AR Manager^®, and HealthData Locker^™ with options to enable stored data for interoperability with HealthData Integrator^®.

Our broad scope of work is recognized by Black Book^™ Rankings, a division of Black Book^™ Market Research which ranked Harmony Healthcare IT as the top Data Archiving, Data Extraction and Migration company for the third year running (2019-2021).

Are you looking for a strong partner to help your team with a long-term data management strategy in healthcare?

Let’s connect.

Data Source:  ESG Research Report, The Transformational Rise of Active Archives, October 2021

In 2017, it was reported that more than 96 percent of all hospitals had implemented certified EHRs. Since that time, many hospitals have replaced those EHRs as well as their revenue cycle management applications.  While drivers for the replacement vary, key contributors are market consolidation, increased technical and security demands as well as interoperability requirements of the 21^st Century Cures Act.

The goal in healthcare today truly is to better optimize data to support improved patient care. With the 21^st Century Cures Act requirements for interoperability, EHRs need to step up to the evolving demands. Some EHRs aren’t equipped to make the cut and providers are changing systems because they believe other systems on the market today offer a higher degree of value.

As healthcare providers move forward with new EHR and other system implementation strategies to better meet the increased role for health data, it is essential to have an equally solid financial system or EMR replacement plan for managing legacy data that often resides in disparate systems.

Healthcare organizations can get so busy implementing and supporting complex enterprise systems that their legacy applications often remain active.  That adds cost, labor and risk to the IT portfolio.  Harmony Healthcare IT specializes in clinical, patient financial, human resource/payroll and general accounting healthcare data management and EHR replacement. We can help when the strategy is to migrate as much clinical data into the go-forward EHR system as the new vendor will allow.  We also offer a cost-effective solution to migrate disparate legacy data sources into a single, secure health care archive.

Download our paper called “System Replacement Impact on Legacy Data.” This document provides information for healthcare providers engaged in determining and implementing best practices for managing legacy data. It examines:

• Data retention exposures when a system is replaced
• Strategies for managing legacy data when a system is replaced
• The benefits of data archiving to satisfy retention requirements
• How to handle legacy data management after system replacement
• A look ahead at the proliferation of health data volume

There are many reasons to include an active archive in your health data management strategy. A few more the most important are:

Reducing Costs – With an archive, it is possible to remove the cost from legacy vendor software support and maintenance. The ongoing maintenance fees continue to add up over time, even if the system is out of daily production and left in a read-only mode. Further cost reductions can be achieved with removing legacy hardware and servers. Some organizations have 30-40 clinical, financial and administrative data silos in use, and each with a cost meter ticking up. With health data archiving the data is extracted and migrated to the archive with ROI often achieved within 18-24 months.

For more on how to reduce the costs of running legacy health systems, check out these resources:

Webinar Recap: Five Ways to Find Cost Savings with Legacy Data Management

How to Outsmart Six Costs of Running a Legacy Health System for Medical Record Retention

Increased Security – Cybersecurity risks lurk in outdated legacy systems. With healthcare continuing to be the number one cyberattacked industry, again and again, it is important to use best practices for information security. A health team’s best cybersecurity defense is to limit the number of systems it needs to safeguard by consolidating legacy systems into a single, secure archive. As a first step, take an inventory of the legacy systems in your IT portfolio, identifying out-of-production systems at risk.

Looking for a healthcare data management firm with deep experience migrating and archiving patient, employee and business records? Our team of experts has extracted, converted, migrated and retained data from over 550 clinical, financial and administrative software brands.

Our customers’ legacy systems get inventoried and prioritized in an online application rationalization tool called HealthData Planner^™. As decisions are made to decommission a legacy system, structured and unstructured data is either extracted and converted to a go-forward system (i.e., Epic, Cerner, MEDITECH) or migrated and secured onto one of our active archive solutions:

• HealthData Archiver^® stores records of any type that require ready access by unlimited business users leveraging a user interface with intelligent workflows (i.e. release of information for HIM users or single sign-on for clinicians as integrated on Epic’s App Orchard and marketplaces for other leading EHRs)
• HealthData AR Manager^® maintains necessary interfaces to claims scrubbers, clearinghouses, lockboxes, general ledgers, and statement firms, to store and manage legacy financial records that require complete accounts receivable wind down by revenue cycle users

Records are then activated for interoperability with other systems, entities or consumers via HealthData Integrator^®, which provides a set of tools or APIs based on common industry standards such as USCDI, FHIR, HL7, C-CDA, XML, or Direct.

Harmony Healthcare IT is ranked number one as the top Data Archiving, Data Extraction and Migration company according to Black Book^™ Rankings, a division of Black Book^™ Market Research. We’ve earned this ranking for three years in a row. It underscores our commitment and keeps patient, employee, and business records accessible, usable, interoperable, secure, and compliant.

For more information on options for managing legacy patient or employee data after system replacement, contact us.

Editor’s Note: This blog has been updated from an earlier post on August 1, 2018.

SOUTH BEND, Indiana (Jan. 26, 2022) Harmony Healthcare IT today announced the appointment of David Navarro as Senior Director of Data Science to contribute to the continued success of Harmony Healthcare IT as a data lifecycle solutions innovator for healthcare organizations.  In his role, Navarro will refine interoperability offerings, further artificial intelligence and machine learning initiatives, and augment complex Cerner Millennium^® migration and integration projects.

“With the 21st Century Cures Act adding enforceable rules to guide interoperability, integration and true data liquidity is realistically within reach for our industry,” says Jim Hammer, SVP at Harmony Healthcare IT. “Adding David’s industry experience and technical capabilities to our team will accelerate and further strengthen our client’s ability to provide consumers and other care stakeholders with critical access to records.”

For the past 22 years, Navarro has provided vision and leadership for the design, development, and execution of information technology initiatives related to Health Information Exchange (HIE) and Cerner Millennium^® integration.  Prior to serving as Solution Architect Director at Indiana Health Information Network, Navarro held roles of Chief Architect at Michiana Health Information Network and of Integration Support Engineer and Senior Systems Analyst at Cerner Corporation.

“I welcome the opportunity to join a leader in data management and storage that is advocating for universal interoperability,” says Navarro.  “With data discretely archived by Harmony at many of our nation’s largest health systems, its enablement for use cases applying USCDI, FHIR, CCDA, HL7, XML, Direct, or other standards-based protocols will be my focus.”

Navarro will significantly influence data modeling strategies as well as the roadmap for which is the component of Harmony Healthcare IT’s HealthData Platform^™ responsible for activating data for interoperability.  HealthData Integrator^®™ enables data stored within cloud-based active archives such as HealthData Archiver^®® and HealthData AR Manager^®™ to be available for integration with electronic health records, master patient indexes, third-party auditing software,  business intelligence tools, and other outside applications or entities.

Due to worsening data privacy and security issues across the globe over the past years, the National Cybersecurity Alliance (NCA) has aimed to raise awareness for businesses and individuals to respect privacy, safeguard data and enable trust, through efforts such as Data Privacy Week.

In this spirit, Harmony Healthcare IT recommends the four following best practices for healthcare delivery organizations to protect the clinical, financial, and operational data within their care:

1. Insist on HITRUST CSF^® Internally and with Vendors – Utilize the most comprehensive risk management framework optimized for the healthcare industry. This demanding certification reviews 19 different domains, including data protection and privacy and provides the broadest risk management program available for healthcare. By integrating controls from several applicable frameworks and best practice standards, as well as tailored requirements for healthcare, HITRUST speaks to risk which is one of the tenant requirements of HIPAA and one of the most cited issues in audits conducted by the Office for Civil Rights (OCR). It is important to have HITRUST CSF^® in your provider organization as well as with vendor partners. This certification demonstrates that the supplier adheres to the exacting security measures to protect patient data.
2. Create/Revisit Your Legacy Data Management Strategy – Successful legacy data management and accessibility to historical records benefits patients and helps protect the organization from being accused of Information Blocking. Determine options for converting legacy data to new systems or migrating it to an active archive. Both options support Cures Act compliance and avoid Information Blocking.
3. Reduce Your Legacy System Footprint – Many large integrated delivery networks have 30-40 or more legacy clinical, financial, and business systems running in various states of use. Older systems can be ripe for technical failure and security breaches. These systems can also be viewed as open doors and windows to security vulnerabilities that need to be closed. As healthcare continues to be the number one most breached industry, decommissioning vulnerable legacy systems is a strong defense against attacks.
4. Increase Internal Education – Ensure everyone within the organization is aware of their role in maintaining data privacy and security. This includes equipping them with proper training around cybersecurity and privacy best practices as well as any regulations. Regularly audit training programs and be sure to adapt or supplement standard trainings based on what is happening in the industry.

For further information, check out these resources:

HCCA Compliance Today: Legacy data management and compliance: Prepare your business today

eBook: How to Manage Legacy Data in the Age of Information Blocking

Podcast: HealthData Talks: Information Governance

Are you focused on data protection every day of the year?

Us too.

Our team is ranked number one as the top Data Archiving, Data Extraction and Migration company according to Black Book^™ Rankings, a division of Black Book^™ Market Research for the past three years (2019-2021). This recognition underscores our commitment to keep patient, employee and business records accessible, usable, interoperable, secure and compliant.

Ready to talk about securing your legacy data?

Let’s connect.

You have just replaced your legacy hospital, EHR, lab or practice management system with newer technology. One of the decisions you now have to make is how best to retain protected health information (PHI) in accordance with state, federal and agency medical record retention mandates.

As a full system EMR migration or data conversion is often too costly and complex, many healthcare providers convert only demographics and key clinical or financial data elements to the new system. They then leave the legacy system up and running so historical patient data can be accessed as inquiries come in from patients, payers, employers, auditors or lawyers. While this may seem to be the simplest option, it can be laden with cost, especially when you consider the length of time (7-25+ years depending on state, medical specialty and facility type) that medical records must be retained. An alternative option is health data archiving, a long-term medical data storage strategy that reduces or eliminates legacy system management costs.

The six costs of running a legacy health system and how to lower or eliminate them:

1. 1. Software Cost: The most obvious cost comes from legacy vendor software support and maintenance. Even when the software is out of daily production and operating in read-only mode, providers must typically continue to pay maintenance fees.
      
      Outsmart tip #1: With health data archiving, there is an upfront fee, but much less ongoing expense as the original healthcare application is decommissioned after the data is extracted and migrated to the archive. In many cases, ROI with an active archive is achieved within 18-24 months.

1. 1. Hardware Cost: The next medical record storage cost comes with continuing to administrate the hardware and servers required to run the legacy system. Your organization will spend time and money to troubleshoot and maintain outdated technology. Consider how many times you may need to repair or replace equipment during the state-mandated medical retention time period.
      
      Outsmart tip #2: Some large healthcare enterprises may have 30-40 clinical, financial and administrative data silos in varying stages of use, but each with a cost meter ticking up. A cloud-based health data archive consolidates data silos, minimizes hardware costs and requires less infrastructure for historical patient data to be accessed.

1. 1. Training Cost: Over time, users of the legacy health system will come and go.  That means there will be fewer and fewer users who know how to operate the legacy system to access patient history and medical records.  This results in a loss of intellectual capital which creates a dependency on the knowledgeable users who remain or a need to train new users on an outdated piece of technology.  It could also result in high-cost involvement from the legacy system vendor.
      
      Outsmart tip #3: Designed as easy-to-use solutions for accessing historical patient data, intuitive health data archives typically require little to no up-front or ongoing training. That means that non-SME (subject matter expert) staff members could effectively utilize the archive to keep information accessible enterprise wide.

1. 1. Legal Liability Cost: Older systems can break or degrade over time. If you decide to keep a legacy system but do not continue with a maintenance contract, you are putting your organization at legal risk. If you are required by auditors or the courts to present a medical record but cannot access it, you may have to settle at a high cost.
      
      Outsmart tip #4: An archive of health data provides easy access to users in a more streamlined and up-to-date infrastructure. This is vital as the average cost of search ease is $1 million, with 70% of all search costs tied to actual review of documents. With technology solutions continuing to advance, judges know that effective search ease tools exist, and they expect parties to use them. A vendor neutral archive is a smart plan to help your organization save time and money when searching for and utilizing historical health data.

1. 1. Cybersecurity Risk Cost: Cybersecurity risks can be higher with vulnerable legacy systems. With healthcare continuing to be the number-one cyberattacked industry year-over-year, any healthcare provider that doesn’t utilize best practices for information security is at a higher risk for breach. And, those breaches can be expensive, with the average cost of a healthcare breach running $9.2 million.
      
      Outsmart tip #5: A health team’s best cybersecurity defense is to limit the number of systems it needs to safeguard by consolidating legacy systems into a single, secure archive. As a first step, take an inventory of the legacy systems in your IT portfolio, identifying out-of-production systems at risk.

1. Lost Opportunity Cost: Every hour that your IT staff spends dealing with the legacy system(s) is time that they do not have to devote to other projects or integrating newer technologies. Many providers find that, over time, the lost opportunities for increased efficiency and security add up to a significant amount.
   
   Outsmart Tip #6: Consider what technology projects are on your to-do list and how supporting legacy systems may compromise these tasks. Then, consider the landscape of your IT portfolio if one or more disparate legacy systems were merged into a common, easy-to-maintain archive.

Ready to talk about lowering your medical record storage costs? We’re here to help.

This blog has been updated from the original version posted on Sep 11, 2020.

The strain of COVID-19 is one of many reasons why medical departments in hundreds of at-risk hospitals, nationwide, have closed, moved or ended services. There also is a shift away from inpatient hospital stays toward alternative care settings that is contributing to the financial strain for health systems nationwide. As the industry shifts toward care delivery at home, virtually or in other outpatient settings, some providers are changing gears in terms of the services they offer or turning to merger and acquisition to be better equipped to meet the market demands. While the main drivers behind most shifts is finances, saving resources and focusing more on in-demand services is key.

At the time of a medical department or hospital closure or acquisition, one question is how to best retain access to patient, employee, and business records.

What are the record retention rules for protected health information (PHI) during a medical department or hospital closure?

HIPAA covered entities must keep EHR and other medical records that demonstrate compliance for at least six years. However, there may be additional state laws that expand medical retention requirements. During the record retention period, records within these guidelines must be available.

Best practices when a health facility, department or practice is being acquired or closing

AHIMA has detailed guidance to help walk through the general and state/license requirements, Medicare requirements, HITECH Act considerations, and specific facility guidance for a closure or acquisition.  The organization also recommends contacting professional associations including HIM associations, hospital associations, medical societies, and other associations in preparation for closure.

In terms of medical records management, AHIMA has guidance for what to do with medical records for healthcare providers who are working through plans to close or to acquire a new entity. This includes a recommendation that: If records are not transferred to another healthcare provider, records may be archived with a reputable commercial storage firm.

Harmony Healthcare IT provides Records Release services

While each hospital or medical practice closure is unique, our firm offers broad experience with more than 550 clinical and software brands that supports our ability to manage the future release of information of clinical, financial and business records. We work with clients of all sizes to provide data extraction, store historical records in an active archive, and monitor a web landing page where requestors can ask for a copy of their records.  Finally, we securely fulfill records requests for patients, employers and payers through a portal that contains a chain of custody audit trail.

Key considerations for planning for an upcoming closure or acquisition include:

• Records management discussions – Talks should begin immediately upon consideration of closure or acquisition and involve the relevant departments within the organization (i.e., HIM, IT, legal, finance, etc.).
• Long-term plan for medical records – There are many factors here, such as if the facility/department is closing or has been sold to another provider. If the records are not transferred to another healthcare provider, the records should become part of a documented, long-term archival plan. AHIMA provides a sample patient letter that explains where the records will be stored. It is important to follow the HIPAA definition of healthcare operations to ensure the applicable state and other federal laws are being followed and to determine if stricter requirements exist before transferring records.
• Ensure planning for all media types – Planning for archiving and record retention needs to include an inventory and strategy to account for the various types of formats of the incoming information. Electronic information includes structured and unstructured data ranging from PDFs to video to diagnostic images – each requiring specific storage considerations. Plus, there will likely be a variety of EHRs, revenue cycle systems, and maybe even some historical paper records. HIM and IT teams need to collaborate during the acquisition and closure process.

Archiving provides easy access and usability while keeping legacy records secure and compliant

One of the most valuable steps for an organization that is involved in closing departments, facilities or acquiring new segments is to create a legacy data management plan. The data experts at Harmony Healthcare IT have put together a process that has helped hundreds of healthcare delivery organizations evaluate their legacy clinical, financial, HR, EHR and ERP system portfolio to create a Legacy Data Management Strategy that works. The process guides providers through a system inventory, financial forecast and system prioritization for decommissioning legacy systems enterprise-wide.

If you haven’t already invested in transferring legacy medical records into an active archive, now might be the time to investigate options.

Our team is ranked number one as the top Data Archiving, Data Extraction and Migration company according to Black Book^™ Rankings, a division of Black Book^™ Market Research. We’ve earned this ranking for four years in a row. It underscores our commitment and keeps patient, employee, and business records accessible, usable, interoperable, secure, and compliant.

Our team is ready to help secure your legacy data in the event of a medical department or hospital closure

Let’s connect.

Updated from a post that originally was published on Jan 05 2022

Updated from a post that originally was published on Jan 05 2022