In Pennsylvania, physicians are required to maintain patient records for a total of 7 years after the last date of service. After that time, records can be legally destroyed.
In WinOMS, how do we go about purging our database of patients who have not had any encounter with us in over 10 years? (We offer a 10 year implant warranty)
Hi there, Steve. WinOMS does not have a built-in way to automatically purge older patients. You could conceivably run reports to find older appointments and transactions, then manually delete them from the software. However, patient data takes up so little hard drive space that there's not really a need to remove them from your database.
We are looking to remove old records more as a liability mitigation, rather than a storage size issue. Is the complete removal of a patients records that is older than _____ years something that Carestream would have to do for us?
There might be a way where we can automate that purge in the future, but today, it is something that you would have to do manually or we would have to do as an additional service. No script or toolkit is available for this purpose yet.
I would like to second the request for something like this. Liability is a big issue, but another would be how unruly it gets to search the database. We have well over 100 patients with the last name of "Johnson" alone (and here in MN, another 100 that are "Johnsen"), so trying to find a patient record- especially quickly when you are trying to decide if this is a previous patient where you don't want to create a duplicate account- becomes cumbersome. We're at those numbers only having had WinOMS for about 3.5 years and not even having all of our paper charts converted into digital accounts yet.
Would you tell me more about the liability issue? I just had a conversation yesterday with another customer who mentioned “cyber insurance” and I was curious about others’ perspective on this.
With HIPAA regulations, we have to do a lot to guarantee the safe-guarding of patient health info (as I'm sure you know). The more we have stored on the server, the more there is to steal if we get hacked. We can get fined per patient that's hacked, so the less we keep, the less we pay if someone breaks through the firewalls. I know some businesses keep credit card data on file and if that gets hacked it can be $10k/each. Granted, they should really use an encryption software for it, but that stuff is pricey, and it's easier to just scan that data into the system. And the last thing that I know we run into again sits with the numerous patients with the same name. If you grab the wrong chart and start treating the wrong patient based on different patient health data, that can be a HUGE malpractice suit.