Securing Chain of Custody and Data Lineage for Electronic Medical Records

Computer Security

In an earlier blog we shared some tips on how to secure the Chain of Custody in your medical records.  Today, we’ll take a look at additional safeguards to ensure that protected health information and images are safeguarded for the life cycle of the data.

As a reminder, the term “chain of custody” typically refers to when a person has physical possession of a document or has visual sight of the document. Similarly, Chain of Custody refers to how a company must keep track of a document’s location and who has accessed it.  This includes anytime a person touches, looks at or stores a document.  For our purposes, a document can also mean data that is stored as a part of an electronic medical record.

The term “data lineage” refers to the life cycle that includes the data’s origin and where it moves over time. This term can also describe what happens to data as it goes through diverse processes. Data lineage can help with efforts to analyze how information is used and to track key bits of information that serve a particular purpose.

As it pertains to medical record storage, HIPAA regulations are specific, and, there are hefty fines if the protocols for Chain of Custody are not followed. One of the main problems we see with healthcare organizations is that storing legacy data in multiple places causes more problems than it solves. As a healthcare organization strives for one common go-forward electronic health record (EHR) or enterprise resource planning (ERP) system, it should also strive for one common archive.  A robust archive provides a secure, long-term home for EHRs, ERPs and data from other important systems.  An archive also provides for HIPAA compliant Chain of Custody protocols for decades to come.

There are many considerations in EHR data management that carry through to the archival of protected health information.  At Harmony Healthcare IT, the makers of HealthData Archiver®, we pay particularly close attention to the following:

Safety and Security in the ETL Process – As a leading archive vendor in the healthcare market, we own the ETL (extract, transform, load) process to ensure whenever we migrate data from originating source(s) to HealthData Archiver®, we do it with the most secure methodology. We track and protect data lineage during the archiving process.

Addressing Business Requirements and Uncovering EHR Issues – Throughout the archiving process, we adhere to our clients’ business requirements and data governance rules.  For instance, if a client doesn’t want the records of patients who have been marked as deceased for greater than one year archived, we note the requirements and run all data against the business rules. Sometimes the archiving process also uncovers damaged or corrupted source data and we are able to alert our clients to unknown issues within their source systems. These issues sometimes exist when software support has lapsed and there can be remedies with back up files if the issues are found soon enough.

User-based Audit Logs – Chain of Custody within an archiving solution like HealthData Archiver® should be documented and be readily reportable via audit log reports. This is standard for HealthData Archiver® and helpful for healthcare organizations as it puts them in excellent position in terms of meeting HIPAA and e-Discovery requirements.  Additionally, this is important when a hospital needs to produce documentation during litigation or when it’s time to purge records.

Error Correction FeatureHealthData Archiver® includes both strike thru, notes and addenda features.  These features show how data was displayed in the source system and, subsequently, when it was changed or corrected in the archive. This could be helpful when, say, there is an allergic reaction to a medication after the original record already exists in the archive, if a result was erroneously recorded in the source system, or a document wasn’t scanned and should be part of the original legal record.

Privacy MonitoringHealthData Archiver® integrates well with third-party privacy monitoring software like FairWarning®. This is helpful as some organizations review a security/compliance dashboard which receives audit log feeds from various software versus requiring multiple logs/reports to be reviewed.  HealthData Archiver® offers this capability so that privacy and security may be monitored in the greater context of the enterprise and its various systems.

Health data is growing exponentially. As many healthcare organizations strive for one common go-forward EHR or ERP system, they should also strive for one common archive.

Contact Harmony Healthcare IT, the makers of HealthData Archiver®, today to ensure the chain of custody and data lineage around your protected health information is secure.

FairWarning® is a registered trademark of FairWarning, Inc.

Editor’s Note: This blog contains content from an earlier blog post from November 29th, 2016.

Jun 24 2018

Ready to learn more?

Contact us today to learn more about our healthcare data management solutions.

First Name *
Last Name *
Email *

Healthcare IT tips, guides, news & more delivered to your inbox

Sign me up