What’s Your Exit Strategy?


Ryan Ricks, DataSourceMD
Follow him on Twitter @ryan_ricks

One of the first questions pundits ask any time the U.S. gets embroiled in an international conflict is whether or not the current administration has an exit strategy. It is a valid question. Exit strategies are plans for withdrawing from an engagement without losing or compromising gains the administration has worked hard to achieve.

Medical Providers who are considering retirement also need an exit strategy. Terminating a practice is not as simple as just closing the doors. Medical record retention laws require providers to keep copies of their data for up to ten years after the last encounter. OB-GYN and pediatric practices may have to keep records for 18 years, or until the patient reaches the age of majority.

Providers can still be liable for CMS audits and malpractice law suits during the record retention period. Providers who received Meaningful Use money may also be subject to audits. Therefore, it is imperative to formulate a long-term HIPAA compliant strategy to store clinical data. Selling a practice does not absolve providers from liability.

Providers using Electronic Health Records (EHR) should think about downloading or extracting their data. Paying EHR support, maintenance, or cloud subscription fees during the retention period is very expensive. Providers with paper charts need to consider a bulk scanning solution. Paper charts are easily damaged by fire, flood, or mildew. They also take up space in a provider’s basement or off-site storage facility. Electronic data is much more secure; it can be backed up multiple times. Redundant copies can easily be loaded onto an external USB hard drive and stored in a safe deposit box.

Malpractice tail coverage is another necessity. Tail policies cover the provider during the retention period when they are still liable for malpractice suits or audits. Adequate tail policies may cost up to 200% of the principle. Providers must not fail to budget for this expense.

Providers must also contact their state medical boards for any additional requirements. For example, some states require providers to maintain CME records for a specified period of time. States may also regulate the disposal or transfer of medication samples or other controlled substances. Notification of patients by mail and announcing retirement through a local newspaper advertisement is required in some jurisdictions. Providers should have a complete understanding of all state and federal requirements when building their exit strategy.

Ryan Ricks works for DataSourceMD and is responsible for sales, HIPAA compliance, and EHR implementation. Ryan is a CISSP-certified security professional and has eight years experience in Health IT. DataSourceMD is a consultant firm with expertise in solutions on exit strategies, data extraction, conversion, and retention, as well as Meaningful Use and HIPAA compliance.