Sept. 18, 2017 – There has been a lot of confusion about your rights as a provider to have your EHR data exported from your current system if you want to transition to another vendor. According to the HIPAA Security Rule, EHR vendors (Business Associates) are required to:
-
maintain the accessibility and usability upon demand by the covered entity
-
return PHI to the covered entity in a format that enables accessibility and usability
-
ensure PHI is accessible in the event of a contract or billing dispute – in other words, the vendor can’t implement a “kill switch”
-
comply with the above requirements free of charge, or at a minimal and reasonable charge
Simply stated, EHR vendors can’t hold your PHI for ransom, but if they refuse to comply:
-
Check your vendor contract to determine if there are any stipulations for data extraction upon contract termination
-
Engage with legal counsel if necessary
-
Log a complaint on the ONC website
The OIG has recently warned EHR vendors it will crack down on false claims tied to meaningful use. OIG senior counsel John O'Brien issued the statement in a YouTube video, citing the $155 million fine eClinicalWorks recently agreed to pay for not meeting criteria required for EHR certification. One criterion in the ruling was portability of PHI.
"We will vigilantly, along with law enforcement partners, investigate any conduct that places patient safety at risk and that causes losses to the federal healthcare programs," O'Brien said. "We take the certification process for EHR software very seriously. There is no room for manipulating this process and making false statements during certification."
To learn about how Collain Healthcare ensures true interoperability, click HERE.
