This section provides resources to assist you in assessing the current state of your records (custodian assessment), considerations for disposing of hardware and information, and shares information on how data transfer into your new EMR might occur.
This section provides resources to assist you with the key aspects of data management when changing or implementing an EMR.
Please contact your new EMR vendor for detailed guidance on the process.
When a clinic implements an electronic medical record (EMR), regardless of whether it has a paper-based clinic or is using an EMR, the clinic will need to perform data management activities. Data management is the approach to transferring (data migration) and/or retaining (records retention) patient demographic and clinical data. The data management process includes extraction, loading and retention of patient-related data.
This document (complete handbook available as PDF, above) provides the information needed to choose the appropriate data management solution. The handbook covers:
- Data Assessment – Custodian Assessment
- Custodial Responsibilities
- Options for Populating the EMR with Patient Data
- How Does the Data Migration Process Work?
- Records Retention
- Data Validation
Data management as it relates to electronic medical record (EMR) systems includes the extraction, loading and retention of patient-related data and select administrative data. Data management activities are required to support clinic operations, the continuity of patient care and the safeguard of patient records.
Data management can be complex as it is dependent on your outgoing and incoming EMR systems, the capabilities of your vendors, the quality of your data and your plans for use of that data.
There are generally two types of contracts that define the content of data that is to be managed and the services required to extract data from one system, load it to another and retain data for custodial purposes:
- Your EMR vendor contract(s) which include your current vendor (outgoing) contract and your future (incoming) vendor contract.
- A data management contract which you may need when you move from one EMR system to another to address items not covered in either your outgoing or incoming EMR vendor contract. This contract might be with a third party or it might be with your current or future EMR vendor.
The following information may assist you and your vendor(s) in developing a contract. While each clinic’s contract will be specific to its individual needs, the following suggestions are meant to support you through the contracting process. While this checklist provides things to consider, it does not replace legal advice.
|
Compliance with privacy acts and regulations |
The EMR vendor and third party vendor must remain compliant with all Alberta privacy acts and regulations including but not limited to the Health Information Act (HIA) of Alberta. |
|
Service expectations |
Discuss all aspects of your service expectations with vendors. Consider terms that:
|
|
Costs of services |
Understand the process and costs involved with all aspects of your data management project. Understand the basis of payments—fixed, time and materials, and number of records. |
|
Exit clauses |
Discuss with your vendors how fees are impacted if either party terminates work or the contract. |
|
Export services used to extract data from the current EMR |
All EMR vendor contracts should include export strategies such as:
|
|
Import services used to load a new EMR system with patient data extracts during implementation |
Before you go live on your EMR system, your new EMR vendor will need to import the data extracts produced by your outgoing EMR vendor. Discuss these aspects:
|
|
Data retention |
Alberta’s Health Information Act and the College of Physicians & Surgeons of Alberta Custodian Policy outline basic requirements for records retention related to medical records. It is expected that all custodians comply with these records retention standards. Propose that your outgoing EMR vendor provide a full data export per patient including audit logs to printable PDF format using a file naming convention referencing the patient and data type or the EMR system database for records retention purposes. |
|
Data conversion |
You may be transitioning to an EMR system that requires that your data be converted and your incoming EMR vendor may not have the capability to manage this conversion. A third party would be contracted to conduct the conversion. |
|
Billing and transition support |
The billing information that resides in your existing EMR system cannot be migrated into a new EMR system. To support billing reconciliation of your old EMR, propose that your outgoing EMR vendor provide:
|
|
Additional considerations |
Non-standard data such as demographics, referrals and schedules are not normally migrated between systems but are worth discussing with your vendors. |
The objective of the Custodian Assessment Report is to summarize information on the entire data management process, custodial responsibilities, privacy requirements and the specific data migration and retention options available to a clinic. This report is designed to assist the clinic in making informed decisions and to identify deployment risks and mitigation strategies surrounding data management. The Custodian Assessment also includes a review of the current physician office processes to assist the clinic and vendor with the transition. The following report summarizes the findings of the assessment.
Custodian Assessment Meeting Participants
|
Participant |
Role |
| ____________________________________ | ____________________________________ |
| ____________________________________ | ____________________________________ |
| ____________________________________ | ____________________________________ |
Custodianship Strategy
Every physician (custodian) and clinic require a custodianship strategy when transitioning from paper medical records to an EMR solution in order to meet the legal obligations as a custodian under the Health Information Act, and to maintain adequate records according to guidelines established by the College of Physicians & Surgeons of Alberta (CPSA). It is the sole responsibility of the physician to make decisions related to the identification of pertinent and relevant patient data to be scanned or keyed into the electronic medical record and long-term paper record retention options.
Custodians who currently are not using an EMR and plan to implement one of the EMR solutions often have data saved in electronic billing and scheduling systems in addition to the data in paper records. Custodians may want to consider moving some of the data from the outgoing billing and/or scheduling systems to the new EMR solution. The custodian also needs to have a plan in place for the retention/archiving of existing electronic and paper records. Professional requirements around the protection of patient privacy and medico-legal liability aspects need to be considered when undertaking a project of this nature.
Clinic Current State and Clinical Practices Overview
The purpose of this section is to assess and document the custodian’s current state to assist the clinic to identify critical data management considerations and the associated risks.
Review of Current Physician Office Systems
The purpose of the review of the current physician office systems is to gather information regarding the current usage of any electronic systems requiring data migration.
Data Transfer Options
The purpose of this section is to outline the options for transferring data and to capture selected options. Some of the elements in the table below will be addressed by a partial migration of existing data. Other elements will need to be captured by creating a transition plan involving abstraction of data or other strategies allowing the physicians and clinic to have the maximum data available at go-live and in the months following.
Unique Usage Considerations
The following table outlines the unique elements of the practice and elements not addressed by the transfer of patient data (ToPD) to be discussed with the vendor during the deployment stage.
| Consideration | Unique usage and decisions |
|
Does the clinic use prenatal charts or growth charts? Are the prenatal charts open and archived? Are they paper or electronic? |
|
|
Are there unique scheduling issues? |
Specialist with 2 years fully booked schedule. |
|
How are deceased patients indicated? |
Made inactive in EMR? Change in Status? Date in death field? Will not migrate. Clinic must be prepared. How are charts marked deceased? Address as part of retention strategy. |
|
Does the clinic rely on referring physician Practitioner Ids in EMR? |
Specialists Will not migrate. Determine strategy for rekeying or use of download from Alberta Health. Request (a quote) this field be included in migration. |
|
Do the clinic use messaging and tasking, especially future tasking in the EMR? |
Future tasks do not appear on task lists, they are held in memory and appear just prior to recall time. |
|
What fields does the clinic use to indicate booking comments? Also, what other demographic elements are unique to this clinic, such as email addresses, alternate contacts, warnings or alerts? |
Often end up in vague fields like “other, misc”. |
|
Were there problems with previous migrations (e.g., ghost notes or lost data)? |
Indicate from what system and describe issues felt from previous migrations. |
|
Is the clinic using the EMR for any research, studies or clinical trials? |
|
|
Are there any custom fields created by outgoing vendor? |
May likely be demographic customizations. |
|
Are there any fields used for something other than their intended use? |
|
|
Has the clinic modified their physician database? |
Most do, with extensive notes including wait lists, fax first/ phone first, and subspecialties. |
|
Does the clinic have an extensive third party billing database? |
|
|
Are there paper charts with multiple chapters requiring abstraction into the vendor software? |
|
|
Does the clinic maintain any manual lists, e.g., wait list or booked MRI visits that must be kept or keyed into the vendor software? |
|
|
Are there any manual processes that would likely be incorporated into vendor software? |
Identify any business processes that may change once vendor software is implemented. |
Disclaimer
It is the responsibility of the physician(s) to make decisions related to the implementation of an EMR. Physicians are expected to perform their due diligence in the selection of an EMR that best meets their needs.
Document History
|
Version |
Author(s) | Date | Changes |
| __________ | ______________________ | ________ | ____________________ |
| __________ | ______________________ | ________ | ____________________ |
| __________ | ______________________ | ________ | ____________________ |
The Custodian Assessment report summarizes information about a clinic’s entire data management process, custodial responsibilities, privacy requirements and the specific data migration and retention options available. It provides the information required to make appropriate data management decisions, and to identify deployment risks and mitigation strategies surrounding data management. The Custodian Assessment also includes a review of the current electronic medical record (EMR) usage to assist the clinic and EMR vendor with the transition. The following report summarizes the findings of the assessment.
Custodian assessment meeting participants
|
Participant |
Role |
| ____________________________________ | ____________________________________ |
| ____________________________________ | ____________________________________ |
| ____________________________________ | ____________________________________ |
Custodianship Strategy
Every physician (custodian) and clinic require a custodianship strategy when transitioning to an EMR system or moving from one EMR to another. Custodians must meet legal obligations under the Health Information Act and maintain adequate records according to guidelines established by the College of Physicians & Surgeons of Alberta (CPSA). It is the sole responsibility of the physician to make decisions related to data management, including data extraction, conversion, loading and records retention.
Clinic Current State and Clinical Practices Overview
The purpose of this section is to assess and document the custodian’s current state to help the clinic identify critical data management considerations and the associated risks.
Data Transfer Options
The data transfer options section outlines the options available for transferring data and lists the options selected for the clinic. Some of the elements in the data transfer table can be addressed by a complete migration of existing data. Other elements will need to be captured by creating a transition plan that involves the abstraction of data or other strategies that allow the physician(s) and clinic to have the maximum data available at go-live and in the following months.
Unique Usage Considerations
The unique usage considerations outline the unique elements of the practice and elements not addressed by the transfer of patient data (ToPD). These elements should be discussed by the physician (custodian) and the EMR vendor.
| Consideration | Unique usage and decisions |
|
Does the clinic use Prenatal Charts of Growth charts? |
|
|
Are there unique Scheduling Issues? |
|
|
How are deceased patients indicated? |
|
|
Does the clinic rely on referring physician Practitioner IDs? |
|
|
Do the clinic use messaging and tasking, especially future tasking? |
|
|
What fields does the clinic use to indicate booking comments? Also, what other demographic |
|
|
Were there problems with previous migrations (e.g., ghost notes)? |
|
|
Is the clinic doing any research, studies or clinical trials? |
|
|
Are there any custom fields created by outgoing vendor? |
|
|
Are there any fields used for something other than their intended use? |
|
|
Has the clinic modified their physician database? |
|
|
Does the clinic have an extensive third party billing database? |
|
|
Are there any custom databases the clinic relies upon? |
|
|
Does the clinic collect yearly prescription renewal fees for patients |
|
|
Are there paper charts with multiple chapters requiring abstraction into the vendor software? |
Disclaimer
While this custodial assessment provides data management assistance to physicians, it remains the responsibility of the physician(s) to make decisions related to the implementation of an EMR. Physicians are expected to perform their due diligence in the selection of an EMR that best meets their needs.
Document history
When moving from an existing electronic medical record (EMR) to a new EMR, physicians and custodians of patient records must ensure that hardware replaced in the migration is securely destroyed or has health information permanently deleted. These are physician and custodian data responsibilities under the Health Information Act that must be met, so that the privacy of patient data is secure. The following information may assist physicians and custodians in this process.
Developing an Information Disposal Strategy
It is the physician’s responsibility to make decisions related to data management and to meet the medical legal and continuity of care requirements for patient records. Patient information must be retained for a specific period of time according to the Health Information Act and the College of Physicians & Surgeons of Alberta Custodian Policy.
As custodians of patient health information, clinics are legally obligated to safeguard that information. Secure destruction techniques are an essential step in the life cycle of patient records and clinics must plan records management processes and activities that take place on a scheduled basis. It is the custodian’s responsibility to securely dispose of patient records after the necessary retention period.
First Steps
- List all hardware that contains personal health information.
- Review the list of options and organizations that provide destruction services on the National Association for Information Destruction (NAID) Canada website. www.naidonline.org/ncan/en/consumer/members.html
- Schedule the destruction and reconcile the destruction certificates against your hardware list. Keep this information on file.
- Moving forward, develop a strategy for destroying records on a regular schedule based upon legal requirements.
Secure Data Destruction
It is important to be aware that physically destroying hardware and patient information records can be difficult. Secure destruction of electronic records requires professional expertise.
According to the NAID Canada, there are four main options available for secure data destruction. Some options are more secure than others.
- Wiping Hard DrivesData-wiping software is available to wipe hard drives previously used in your practice or clinic.
- Degaussing Hard Drives
Degaussing uses a reverse magnetic field to scramble electronic data in a hard drive and make stored information unreadable. - Secure Erase
Secure erase permanently removes information from a hard drive by prompting a pre-existing protocol coded into the hard drive by the manufacturer. - Physical Destruction
Physical destruction of a hard drive means to physically destroy in an irreversible manner so that the record(s) cannot be reconstructed in any way.
Destroying, Disposing of and Recycling Hardware
Once the data is no longer accessible, the next important consideration is disposing of the electronic waste. Most clinics and practices are likely to replace monitors and keyboards as well as computer devices over time.
- There is usually no cost – some sites may charge a tipping fee – to take your end-of-life electronics to one of over 250 collection sites across the province so they can be recycled in an effective, secure and environmentally safe manner.
- For details on the locations of the collection sites refer to www.albertarecycling.ca.
- Recycling collection sites accept televisions, computer monitors, CPUs, keyboards, cables, mice, speakers, laptops, notebook computers, printers and other electronics.
Resources
National Association of Information Destruction
NAID Canada is the national association representing companies that specialize in secure information and document destruction. NAID also has a Certification Program and recommends working with NAID certified providers. When NAID certified providers are used, an official certificate of destruction is provided.
For more information about NAID, see the NAID Canada website www.naidonline.org/ncan/en/. It is recommended that only certified NAID service providers be used in the destruction of EMR hardware.
Review a listing of NAID service providers www.naidonline.org/ncan/en/consumer/members.html. Select Canada-Alberta from the drop-down menu and check Yes to the NAID Certified option.
The Office of Information and Privacy Commissioner of Alberta
The Office of Information and Privacy Commissioner (OIPC) is the regulatory body for the Freedom of Information and Protection of Privacy Act, the Health Information Act and the Personal Information Protection Act (Private Sector Privacy).
The OIPC recommends the following for hardware disposal:
"…computer data storage components or portable media containing health information that requires exchange or disposal should be destroyed, or the health information should be permanently deleted through use of a commercial disk wiping utility."
For more information: https://oipc.ab.ca/h2003-ir-02/
The Government of Alberta Health Information Act
Health Information Act: www.qp.alberta.ca/574.cfmpage=H05.cfm&leg_type=Acts&isbncln=9780779724758
Health Information Act Guidelines and Practices Manual: www.health.alberta.ca/documents/HIA-Guidelines-Practices-Manual.pdf