Outdated IT systems are a leading cause of electronic health record (EHR) security breaches, reported the FBI at a recent HIMSS Connected Health Conference (source: FierceHealthIT). While the agency works with the Department of Health and Human Services on hacks and breaches, the bottom line remains … “no matter how hard the FBI works, the damage is done.”
Security breaches are expensive. The two largest recent security breaches with Community Health System and Anthem cost upwards of $100 million. Legally, breached entities face potential class-action lawsuits and multiyear compliance plans. Additionally, consumer trust, the bedrock for provider and payer relationships with patients, evaporates (source: FierceHealthIT)
A proactive plan is the name of the game today to thwart potential IT threats on legacy systems. What can your IT team do to protect out-of-production EHRs or other systems storing protected health information?
- Audit your complete inventory of EHR systems – Enterprise-wide at a health system, there can be upwards of 30-40 disparate systems with varying degrees of IT integrity within the organization. First, you need to know what you have, so you can protect it.
- Conduct a deeper discovery and build a plan – Once you know exactly the legacy systems and types of files you have, determine the scope of work that makes the most sense for your organization to consolidate and secure the data and decommission the application. Consult with trusted industry-specific data migration and storage experts if you don’t have resources at-hand to comprehensively inventory your IT portfolio and create a go-forward plan with timing and budget based off that inventory.
- Migrate and archive – If you plan to replace an EHR, your action plan will likely include migrating some data into your go-forward system. However, it is usually feasible to only migrate the last two years of key clinical information into a new EHR. The remaining data can have a safe and secure legacy EMR storage home in a HIPAA-compliant archive. A scalable archive will then allow for other disparate data sources to be added.
Beyond IT security and reputation management, there can be significant cost benefits to migrating and archiving legacy data. When you look at the real cost of maintaining multiple out-of-production systems, including licensing, vendor support and internal labor support, stringing along several outdated systems becomes difficult to justify. Plus, the risk exists that the old systems may become obsolete and non-supported. Keeping the organization’s long term vision in mind, there can be business value and strategic benefits to adopting an archive to keep legacy data intact in a searchable and manageable format. You can usually count on complete ROI within 18-24 months of implementing an archive.
Don’t wait for a legacy EHR security breach to force your hand to take action on your legacy EHRs, home health systems, lab systems – the list goes on. Migrating and archiving data protected health information into a secure archive is a cost-effective, smart move that will give you peace of mind. Better yet, you’ll avoid those dreaded midnight calls that nobody in our world likes to receive.
Contact Harmony Healthcare IT if you need a legacy EHR archiving partner to secure your patient data.