Recent
Archive
- May 2022
- January 2022
- December 2021
- October 2021
- May 2021
- April 2021
- January 2021
- September 2020
- July 2020
- May 2020
- February 2020
- November 2018
- September 2018
- August 2018
- July 2018
- April 2018
- March 2018
- February 2018
- December 2017
- November 2017
- September 2017
- August 2017
- July 2017
- May 2017
- April 2017
- March 2017
- February 2017
- December 2016
- September 2016
- July 2016
- April 2016
- February 2016
- December 2015
- October 2015
- September 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
Should I backup my EMR Data?
How does an EMR Back up your Data?
The backbone of HIPAA is data backup, recovery, and retention. The advent of cloud-based EMRs has made that process vastly more efficient. Cloud-based EMRs (e.g CarePaths’ eRecord, Valant, etc) that are ONC certified, automatically encrypt and back data up, usually on a continuous or near continuous basis, e.g. every 5-15 minutes. Data is then stored offline in a different physical location and the data is archived. Server farms that meet HIPAA requirements have further security in place.
_Will downloading my data and maintaining it on my local machine, provide me with more protection? _ NO. You cannot make your data more secure by downloading it and archiving it, whether to your local machine or, for that matter, a safety deposit box. There are risks to maintaining your data on your local machine: you could lose your data if your laptop is lost or stolen. In addition, your local machine could be hacked.
Nor are paper files perfectly secure. If you had a patient who was being targeted by the NSA or a hacker, the interested party would theoretically be able to access all phone calls between you and your patient, and, in all likelihood, be able to determine when you saw the patient via the GPS device on the patient’s cell phone. Credit card payments, claims submissions, emails and texts could also be monitored. Bottom line there is no such thing as perfect data security. Even a paper file is not perfectly secure as Daniel Ellsberg would readily attest.
Will downloading my data assure me of greater access to my data?
Yes. The main reason for downloading data is not security; it is having access to it. Maintaining data on your local machine would be helpful if there is a world wide internet meltdown or a local internet outage. While the the data that is archived by your EMR company will almost certainly be recoverable, the issue is immediacy of access. So, for instance, you get sick on the same day your local Internet provider goes down: having access to your patient’s phone numbers would be convenient. So you might want to download your patient’s demographics on some kind of regular basis. Physicians would also likely need access to prescribing information. Most eprescribers (including Carepaths) have a downloadable report of all patients with current medications.
What if I change EMR companies?
Most EMRs enable downloads of demographics via a standard format such as a CSV. Also, current medications can be accessed when changing EMRs via Surescripts. Like a number of other systems, the CarePaths system allows download of financial data. The big problem for most EMRs currently is that there is no easy and standard way to download clinical notes and import them into another system. Most systems require that you print off the clinical notes as PDFs and then upload them to the new system. This is time consuming and is a barrier to users switching systems. CarePaths will be developing a utility in the next year to solve this problem. Suffice it to say, users of EMRs should not be stuck with a system they don’t want because of technological limitations.
What if I close my practice because I retire or win the lottery or become a reality TV star?
In the case of retirement, many clinicians continue to have their data hosted by the EMR company for a nominal fee inasmuch as data storage is relatively cheap. Otherwise, they download their data. Since they need only clinical data, the ONC mandated CCD (continuing care document which includes demographics, diagnosis and medications) is sufficient for that purpose.
What should you do?
Your call. The vast majority of clinicians do not back up their data because that’s a service they pay for! EMR companies are paid to actively manage the archiving of data; that means monitoring back ups, and backups of backups, and monitoring for stability. Moreover, internet access issues are not the risk they once were: the chances of internet outages lasting more than a few minutes or even an hour have decreased in the last several years as ISPs have moved to multiple, redundant fiber optic backbones for their systems. Those who practice in areas where there are serious weather hazards—i.e. Hurricane zones—may opt to download select data (med history, patient phone numbers and emails, etc), if not regularly, then perhaps at certain times of the year.
