Merging Your Healthcare Practice – PIA Considerations
Mergers and acquisitions and closing and consolidating are activities that healthcare practices undertake at various times in the life cycle of a business.
There are many reasons why a practice may consider buying or acquiring an existing healthcare practice.
You might be expanding your practice to rapidly expand the scope of your services, location, or space. Or you might be downsizing your practice. Or maybe you're merging multiple practices into one streamlined practice so you can better manage your profit margins.
You might be looking to diversify your services or, perhaps, create an area of super-specialty that will provide a competitive advantage for your healthcare practice.
You might be wanting to acquire skilled employees or healthcare providers that you couldn't recruit in your current circumstances.
You might be acquiring or consolidating real estate infrastructure, medical equipment or electronic medical records, computer networking, or perhaps the management team. Or you might be exploring opportunities for economies of scale or cost-cutting.
As a custodian (including physicians, pharmacists, dentists, chiropractors, nurse practitioners, optometrists, and more) you need to ensure that the patient's health information remains private and secure, and that patients have continued access to their health information.
5 Important Steps Before You Merge Or Close Your Healthcare Practice To Ensure Your Continued Privacy Compliance
- Inventory All Your Existing Patient Records
- Patient Records Systems
- Existing Documents
- Privacy Impact Assessment Amendment Plan
Read the full article below!
Inventory All Your Existing Patient Records
When you assume a new practice, you need to know where all the patient records are maintained. If you are closing your practice, you need to ensure the continued security and access of patient records to the patient.
To do this, you need to know which patient records are included in the practice. Create an inventory of the existing patient records.
Remember that you must meet the records retention period (which often is 10 years plus the age of majority) for all the patient records. Make sure that you are meeting the records retention periods and that you have correctly inventoried all of the patient records. This includes all locations and record types including paper, off-site storage, and records that have been backed up to an electronic drive or a separate memory device.
Include all types of patient records – including appointment records, appointment books or electronic scheduling software, billing records, paper records, diagnostic medical devices, electronic medical records and audit logs.
When you assume a new practice, you need to know where all the patient records are maintained.
Patient Records Systems
Make sure that you review all the existing patient record systems – electronic medical record, billing systems, records storage, etc. – and the associated termination clauses with the vendors. If you need to transfer the management of patient records between custodians or to a different system, you need to thoroughly explore the data migration and archiving options and the associated costs.
Remember, you must maintain the complete patient record – including the clinic notes, test results reporting, task management, internal messaging, and audit logs – for the entire retention period. Often, exporting a patient record to a PDF file format does not include the complete patient record. Instead, you may need to maintain a read-only version of the electronic medical record.
Collect all the existing agreements between the custodians and the vendors and stakeholders with whom the custodian has authorized the collection, use, and disclosure of patients’ health information. This may include the EMR vendor, billing agent, custodians, Primary Care Network, and successor custodian agreements.
Request a copy of the existing documents that support the business of managing the patient records, including the health information privacy and security policies and procedures and privacy impact assessments. This will help you to respond to inquiries about previous patient records management practices and assist you in preparing your next privacy impact assessment.
Privacy Impact Assessment Plan
Consider the history of the current practices and plan your new operations plan. Complete a risk assessment to ensure the appropriate reasonable safeguards of previous, current, and future patient health information. Then, complete a Privacy Impact Assessment and update the Health Information Management Privacy and Security Policies and Procedures. In Alberta, the Health Information Act (HIA) requires the custodian(s) to submit the Privacy Impact Assessment to the Office of the Information and Privacy Commissioner (OIPC) for review prior to implementing new practices.
If you want to know more about Privacy Impact Assessments with step by step instruction, training, and mentoring, register for the on-line training, Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments.
Watch these Practice Management Nuggets For Your Healthcare Practice Videos: