From time to time, we ask our clients (and potential clients too) what they would require out of their legacy data security archiving system. Here is a compiled list of some most common requests, as told by each user.
Legacy Data Security and Storage Requirements for the Legacy Data Archiving Platform
- I want how to know how the storage works (Cloud based or local servers) so that we know how much storage there is and how would the information get there
- The GL SAAS provider to hold an industry standard security certification/accreditation such as HITRUST, SOC, or FISMA so that I can reduce the security risk to the https://www.healthcareitnews.com/blog/benefits-hitrust-certification , https://www.imperva.com/learn/data-security/soc-2-compliance/
- Sample BAA documentation to be provided so that We know our PHI/PII is managed in a prudent manner
- The system to integrate with our Azure AD single sign on using the SAML protocol so that our users can sign in using their Office 365 credentials and Azure AD single sign on platform and the user of our multi factor authentication can be utilized https://auth0.com/blog/how-saml-authentication-works/
- The latest technical risk assessment results to be provided so that we can understand the technical risks associated with the system
- An overview of technical controls in place on the system and infrastructure so that an understanding of protection mechanisms is known
- To know if your company has had any security breaches in the past so that we understand the history of your security standards
- To know if your company has a dedicated security team so that We can understand the security resources available that protect the platform
Other General Requirements for the Legacy Data Security Archiving Platform
- I want to be sure that I am able to see detailed Charges (including CPT, Diag, modifier, provider, location) so that we are able to review/obtain all information if there is a question and a claim needs to be recreated
- I want to be sure I am able to see details on payments that were previously posted (pd amount per line, adjustment amount per line, check number, payer clm number) so that we are able to review if there is a question on payments, takebacks
- I want to be sure I am able to see details on previous notations from the prior system (Encounter notes, patient chart notes, Guar Account Notes) so that we are able to review if there is a question
- for reporting purposes I want to retain EOB data so A/R can be worked efficiently. For example can OCR be used when archiving scanned EOB pdf files? Scanned
- As a scheduler I want to see old appointment history to schedule patients appropriately, i.e.: new vs established patients
- I would like a system that automatically destroy records once the required retention period is expired so that staff time is not spent managing this work
- and current Patient Relations employee we need to be able to view all previous working notes entered by financial counselors, schedulers, and patient accounts representatives so I can effectively respond to and manage patient feedback/complaints.
- and current Patient Relations employee we need to be able to sort (by encounter type, body part, date range) and print itemized HCFA billing statements for purposes of records release and legal issues.
- I want to be able to see patient demographics (example, home address, phone number, insurances, employer, responsible party)
- I want to be able to able to search by patient name or account number
- I want to be able to post new transactions (payments, adjustments and transfers to historical data.
- I want to be able to link the payments and adjustments to the original CPT/charge line.
- I want an archive solution that will interface data coming from Athena, GPMS, NextGen and Allscripts, so that all the AR data can be centralized
- I want an archive solution that can us an EMPI number so that the same patient stored on multiple systems can be linked
- I want to have a solution that is a cloud solution
- I want a solution that is able to split data from the Legacy Ortho Central ASC from the CMO ASC LLC if necessary.
Other Clinical Requirements for Legacy Data Security
- to easily read old records that have been imported into the system so that I can provide on going care efficiently
- to quickly look up records in the archive so that I can room a patient quickly and efficiently
- to easily move records from the archive to the production platform so that I can prep a patient’s chart easily
- to easily access records from the archive so that I can fax/send to other providers offices when requested
- to easily look up a patient in the archive so that I know when I am on the phone with someone if they have been seen in the practice previously
- to be able to see who has accessed a records that I can report that out to management who may request it
- to select which records are moved from legacy data security archive to active chart versus a large data dump so that I can be sure what is needed is in the chart
- to have access to past procedures and diagnostic testing so that to move forward with ordering follow up testing and comparing studies.
- to have access to all previous EMR messages and internal communications so that we can provide clarity in doing a risk chart review
- to have ability to retain HIPAA audit trail from native EMR
- to be prompted if a document has already been archived to avoid duplication in the new EMR
- to be able to maintain native naming convention in the archive so that I have ease of navigation and to make the process as speedy as possible
- to have any SRS messages attached to a document, stay with the document in the archive so that we are ensured that no pertinent clinical findings or addenda are separated and/or overlooked
- to be able to search by partial name, name, DOB or legacy account number so that I can easily find a patient
- to be able to search by note type (office notes, op notes) so that I can easily find the documents I am looking for
- a system that will automatically destroy records that have passed the required retention period so that staff time is not spent monitoring/managing this process
- a report or means to see who has accessed archived records and what action was taken privacy regulations are followed
- the archive solution to retain alerts in a way that presents that data when accessing a patient’s file so that it is obvious if there are special considerations that need to be followed
- want the legacy data security archive solution to retain release of information logs so they can be reviewed and printed to meet operational and regulatory requirements
- to be able to batch print or batch fax documents in a record So that I do not have to print individual documents one at a time or batch documents to a fax job with a third party application like adobe acrobat.
- to be sure we can pull complete notes with any addendums and full provider signatures easily, including all office notes, procedural notes, x-ray reports, post-op notes, Ortho Access notes so that we can attach to any requests from payers for audits and/or for payment considerations.
- to be sure we can pull any orders ( Ortho South on the superbills) that support any of the services we have billed for, such as x-rays, MRI’s etc. so that we can attach to any requests from payers for audits and/or for payment considerations.
- a single sign on solution in my legacy data security system so that I don’t have to remember another login and password/take time to log in separately
- to know resource requirements to implement so that I can plan and estimate efforts to implement from the SHCP side
- to know how much configuration is needed to implement the archive so that I can plan and estimate efforts to implement from the SHCP side
- have schedule data in the same general location as clinical data so that a user does not have to log into a separate database to reconcile patient visits with patient records.
- to be able to launch the archive solution from within the Nextgen EHR or PM and have the application pull data on the patient active in Nextgen so that we can avoid having to manually launch a separate system and search for the patient in the archive application.
- to be able to export a CCDA data file from the legacy data security archive system so that we can meet interoperability requirements and/or patient needs when transferring care to another healthcare provider.
- have the option to search across all 4 locations/EHRs at the same time so that available data is presented in one search
Partner Up
As more features and requirements are collected, we will post them here as well. If you have any immediate questions, shoot me a message, I can steer you in the right direction.
-Dan Holleran | 314-471-3409 | dan@pdehealth.com | www.pdehealth.com