Notifications
Clear all
Topic starter
How far back does everyone save their LLOGIC folders? We migrated to a new server and was wondering if there were suggestions on the number of years in which to move the SAVE folders.
Posted : September 12, 2019 7:42 am
Unless there are errors that need to be researched I only keep about a week on hand. Having said that if your providers do not sign off on their documents in a timely fashion I would keep them for the average amount of time it takes to have providers finish there desktops and add 7 days
Posted : September 13, 2019 2:10 am
Topic starter
Thank you so much for your information! I really appreciate it. We have ours back to 2015 and really didn't want to move all of those to our new server but didn't know if anyone had experienced any reasons why really old files could be needed. Thanks again!
Posted : September 13, 2019 3:43 am
Excellent question!
I would strongly advise that you review and establish a policy with your facilities legal representation.
This is a gray area, in that technically HL7 Messages are external medical documentation and as such, may fall under Medical Documentation Retention Rules. Retention periods and included content vary state to state as well as on the federal level. While the rules have not uniformly been updated with the EMR era, there are many assumptions that can be suggested to avoid liability.
It is important to realize medical data is bound by the rules of medical documentation and that IT support is liable under those rules. As such, it is important that all who work in the Medical Record IT industry become familiar with the rules, regulations and laws that govern medical documentation to minimize malpractice risk profiles.
Hope this helps.
Posted : September 13, 2019 3:44 am
Topic starter
Thank you for the recommendation! I will consult our management with requirements.
Posted : September 13, 2019 4:56 am
I wonder how many people actually have hl7 file deletion policies based on what a lawyer says. Most lawyers I know aren't technical enough to even understand what HL7 is. I bet I could sway an answer one way or another based on how I describe what a HL7 file is or what it does.
I understand that there is patient information in those files but it is just for the transport of the data into a database. We don't save temp files which generated by the SQL server or Jboss server or even the most log files from those servers but wouldn't that be treated the same as HL7 files? SQL logs, for example, are only important long enough to get your DB backed up then they are purged.
That being said I keep mine for a long time just because they are tiny and easily archived. We don't have a policy based on what a lawyer told us but I don't even think we have a lawyer technical enough to understand what I would be talking about. To play it safe they might just say to keep them forever but that really isn't a good answer based on a law.
Does anyone else want to share what they do?
Posted : September 13, 2019 6:04 am
A decent malpractice attorney will understand as will practice administrators. There have been rules/regs/laws for various types of medical documentation handling/retention/destruction since the old paper chart days.
The problem is, as I see it, is that states and federal regs have been slow to update their rules governing electronic media, a gross oversight when the EMR was incentivized.
As a result, this leaves too much room for interpretation and historically, missing 'documentation' ALWAYS is a win for the plaintiff.
Data trails are important. In the case of HL7, it is an external 'document' that proves the sites data integrity is intact. Too often we see questions regarding manipulating data directly in the database on this forum alone, so imagine what could be implied to a jury if a site did not have the originating 'document' to back their defense, should it be needed.
There are tough questions ahead and no real answers, you bring up many good points and with the addition of FHIR, it is only going to get more complicated. About the only thing we can do at this point is to have a policy in writing, signed off by top leadership and legal counsel.
HIMSS should be addressing this on the national level along with the AMA and MGMA to propose a national policy that will establish retention needs in the 'new' digital age. Until that happens, we can only do what our gut tells us and is willing to be defended by legal counsel. 😉
Posted : September 13, 2019 6:51 am
Thank you for the thorough followup.
Funny thing is I thought about log files for MIK, FHIR, and portal logs as I was driving home today. The link logic files are very obviously staged for retention/backup and I remember asking about them when I started working with EMR and GE didn't have an answer. Like NO answer, like "talk to an attorney", so I treated them as I would any other logs but the way I back things up I can go back several years. I honestly have never had a conversation about log files with an attorney in my 20 years of working in healthcare.
Posted : September 13, 2019 1:16 pm
I think log files are still uncharted territory. 20 years ago, we did not have forensic database investigations in the health record, but today, it is a common tool in the malpractice attorneys kit. As technology advances, eventually the law will too, however until then, the degree the 'paper chart' laws apply to the 'digital chart' is largely unknown at this time and probably will vary case to case until it is properly addressed.
One example of how the rules are 'stretched' is when the in-office testing machines first became popular. You know the ones, those machines that printed the results on receipt styled paper (thermal or otherwise). Early on, we did not attach those printouts to the chart, instead we treated it like a 'transport media' and transcribed it into the note then discarded it. After a few legal cases were won based on missing patient documents, the rules were expanded to require retention of those little strips of paper that always seemed to fade and or get torn out of the chart.
The two points I really want to stress here is that , one, chronologically speaking, the EMR is still in its infancy and the laws governing them are not clear on how to handle all aspects of it. If we leave it up to case law, one day we will find ourselves being required to retain everything the EMR produces and need more storage for logs than actual patient data (that would be a nightmare). If we are proactive about it, we might get lucky and have folks that actually understand 'what a log file is' making the rules instead.
The second point is actionable right now and that is until then, to protect the practice and staff, legal and policy determinations should be part of the process review internally. Leadership should make the final decision and that is typically based on what their legal counsel feels can be effectively defend in court.
Medical IT carries additional responsibilities over what other IT industries require and along with it, additional challenges. If that is not enough to convince you, then web search 'EMR Malpractice' to understand what is being called the 'new cash cow for malpractice suits'. Assumptions should not be made based on other industry standards, rather based on what is needed to keep the doors to the practice open and the careers of the staff intact so that patient care can continue to be delivered. Our part of the medical team has a major impact on the entire ecosystem of medicine.
Posted : September 16, 2019 3:24 am
Hello,
Based on my experience, there are many legal retention issues around medical records and what is considered part of the record and what isn't as others have said its up to legal consul to address that issue at the practice level. But here is a practical solution to simplify your life around logs and HL7 retention.
We run all HL7 data exchanges through an interface server (in our case Mirth the free opensource version) and use the interface server and corresponding SQL database to store everything. This creates a clean single place to search, organize and retain all files. This also creates a clean trail to find missing items, as LinkLogic/MIK have in some cases "lost" files. It can also easily resend the HL7 messages if anything goes missing or cannot be found or queue them during maintenance or upgrades. You can even setup channel monitors to alert you if there have been no new messages in "xx" days/hours to proactively notify IT Admins to interface issues before users even notice.
Once the interface(s) are in place the LinkLogic/MIK logs are not important to keep and we delete them after a few days.
Hope this helps.
-Rob
Posted : September 23, 2019 7:55 pm
Topic starter
Thank you Rob! Good strategy!
Posted : September 24, 2019 12:41 am
Nice approach!
I did some digging and found the following to provide a starting point for those interested.
45 C.F.R. § 164 appears to be one of the current governing federal rules for retention. It does not address specific files and leaves a lot of room for interpretation, so it would be best to have legal advice to make determinations.
The regs establish a 6 year minimum retention period for all digital medical documentation. Audit logs and HL7 files are a part of this.
One interesting aspect I learned when digging deeper was that a patient or their representative (read lawyer) can request audit logs and all inbound/outbound data transmissions as part of a records request and the facility is required to comply or risk penalties for not doing so (irregardless of ability or availability (read deleted)). That is a very clear indication as to how these files are viewed, in my opinion.
It appears that even encounter forms and their code/decision support are considered as part of the record, making it imperative that all versions used in production be retained. The EMR does this by default for current form architecture, but HTML forms require external workflows for retention.
Two more interesting topics apply.
45 C.F.R § 164.524(c)(2)(i) & 45 C.F.R § 164.524(c)(2)(i)
A health care facility must provide the individual with access to protected health information in the form or format requested by the individual.
45 C.F.R. §164.312(c)(1)
Providers of care must “implement policies and procedures to protect electronic protected health information from improper alteration or destruction.”
What we are learning is that some 'standard IT industry methods' may not be legally permissible in healthcare IT. As a result, legal consultation should be an integral part of your IT policy and workflow development.
I've suggested a new track for CHUG regarding legal implications of common workflows. I think at the very least, it would be informative to hear a guest speaker at at key note or session who is an expert on the subject. If you too are interested in this for the next CHUG (too late for this one), then you might want to request it from the CHUG Board.
Excellent discussion!
Posted : September 24, 2019 6:00 am
