Healthcare Compliance Officers have a broad role to maintain regulatory and legal best practices within their organization. In terms of medical record management, Healthcare Compliance Officers are responsible for payer and governmental audits as well as e-discovery and investigation into patient histories for legal matters. The comprehensive and important role of ensuring the integrity, security and availability of health information is at the top of the to-do list for the Chief Compliance Officer (CCO) and their team. Harmony Healthcare IT supports these vital compliance efforts by migrating health and operational data to meet regulatory guidelines and record retention policies. We’ve identified five compliance-oriented challenges that can be mitigated with our cloud-hosted HealthData Archiver® solution: eDiscovery Ease – Providing required health and business records during litigation doesn’t have to be a tall order. Planning ahead with the 10-step Preparing for eDiscovery checklist from AHIMA will help the organization take a multi-disciplinary approach to be ready for eDiscovery. And, including an active archive* in those plans supports efficient and cost-effective health record management. With legacy data stored in a secure and searchable active archive, eDiscovery requests are simplified, and costs are lowered, with access to data search and filtering capabilities. This matters, as there often are 1,000 pages discovered vs. the 1 page actually entered as an actual exhibit in major trials, and eDiscovery costs can range from $5,000 to $30,000 per gigabyte. Record Retention Compliance – There is a lot to track and manage in terms of medical record retention. When determining how to comply with state regulations, compliance teams need to consider their strategy for retention that may include: Maintaining the legacy system (which can be costly and present technology and security risks in the future) EHR data conversion (converting the data into the go-forward system – which can be costly and complex) Printing/scanning the records (which is labor intensive and could be cumbersome for eDiscovery) Migrating and storing discrete data elements in an active archive (provides a long-term return on investment plus an ease of retrieving records) Security – As the #1 most cyberattacked industry, healthcare is getting hit hard and of the 93% who were breached in recent years, more than half were breached again (and even again). Network servers are almost always the target for hacking-related breaches with legacy systems providing easy entry points for attack. In a HIMSS cybersecurity survey, 69% indicated that they had some sort of legacy operating systems in place. An active archive provides a secure path forward and an opportunity to consolidate and decommission legacy servers which decreases risks. As an organization that puts security at the forefront, Harmony Healthcare IT’s data handling processes are HITRUST Certified to ensure our offering reaches HIPAA standards and beyond. Audit Trails – Privacy and security for legacy data is as important as for active EHR records. Within HealthData Archiver®, rights and activities can be restricted and audited by user, role, group, and data domain/source with built-in, role-based security and access controls. User audit logs are HIPAA-compliant and include the unique user ID, data subject ID, function performed, and date/time event was performed. With Third-Party Auditing Integration, unusual user activity may be monitored to prevent internal threats. Break the Glass – Protecting the privacy and security of all medical records, both current and legacy – including those of high-profile patients – is important. HealthData Archiver® has numerous features built-in to manage, audit and protect legacy health records. Break the Glass provides: End user access to privileged patient information only when necessary or in the event of an emergency, requiring that a reason to access the patient record be indicated A Client Administrator option to add a Gatekeeper who is responsible for managing Care Team Member access for Highly Classified patients Additional security measures, including explicit auditing of user authentication, authorization, and data level access These five features and many others within HealthData Archiver® support the vital work of the nation’s healthcare compliance teams. Our team sends its sincere appreciation to Compliance Officers for all that they do every day. Looking for a partner to step up your healthcare compliance efforts? Let’s connect. *The client is responsible for determining what data should be maintained in the HealthData Archiver® for compliance purposes. Note: This blog was updated from a previous version published on Sept. 24, 2020.