Five Unhealthy Mistakes to Avoid When Archiving Patient Records
Accumulating and continuing to run multiple legacy EHRs is an expensive and dangerous strategy.
But archiving legacy patient data is a complex process that can be fraught with costly mistakes.
Watch this webinar to learn how to avoid those mistakes and successfully execute a Legacy Data Archive (LDA) program.
Featured Speakers:
Lauri Shannon
Engineering Project Coordinator
Major Health Partners
Drew Drbal
Vice President, HealthcareVisualVault
Jim Leonard
Healthcare Practice Lead and Former Healthcare CIOVisualVault
Ready to Learn More About LDA?
Show / hide transcript
Drew Drbal
Welcome everybody to Five Unhealthy Mistakes to Avoid When Archiving Patient Records. My name is Drew Drbal. I'm the VP of Healthcare Sales here at VisualVault, calling in remotely from a beautiful fall day here in Atlanta, Georgia. I'm joined by our two wonderful panelists, Jim Leonard and Lauri Shannon. I'll hand things to Jim to introduce himself and then Lauri, if you wouldn't mind introducing yourself.
Jim Leonard
Hi folks. I head up the healthcare practice here at VisualVault and I'm a former hospital CIO at a number of different organizations. Lauri, off to you.
Lauri Shannon
Hi, good afternoon. I'm Lauri Shannon. I've been with Major Health Partners Major Hospital here in Shelbyville, Indiana for about 23 years. After 39 years of managing health information, I transitioned to a new role this past summer as Engineering Project Coordinator. It's my pleasure to be with you this afternoon.
Drew Drbal
Thank you, Lauri, and congrats on the new role. I know there's a lot to manage there, so congratulations. Before we get started in talking about the five mistakes to avoid as well as LDA just more broadly in general, I think it's important for us to take a step back and see how did we get here in the first place? So for most of you on the webinar today, probably remember way back in 2009, which feels like yesterday, the High Tech Act and the Meaningful Use dollars that really drove the EHR boom back in the late aughts. By about 2014, 2013, there were over 1,000 unique EHR platforms out there, again, as a result of the government, through Meaningful Use, throwing fistfuls of dollars for EHR adoption. So everyone was rolling out their own version of EHRs. Now, 10 years on, it pains me to say that, but here in 2025, we're probably looking at roughly a dozen or so major players.
Obviously the big names that we all know, the Epics, the Cerners, the Meditechs, the Athenas, but of course obviously some more specialized EHRs that focus on specific specialties. And with that comes some benefits. That consolidation drove a lot of innovation. There's improvements in interoperability, better provider and patient-facing tools, operational workflow improvements, and, of course, the move to the cloud and everyone's favorite buzzword nowadays, the integration of artificial intelligence. But moving to these new systems, if you're going to adopt one, they have a lot of advantages, of course, but they also create their own unique challenges.
So whether you've recently gone through an EHR transition to improve performance or efficiencies, whether you are taking on additional EHRs through merger or acquisition or acquiring a provider and a provider's records, it does open up the question for how do you retain these records and make sure that, through this transition, you're maintaining clinical effectiveness and patient safety? How do you juggle the reporting and compliance obligations that you have across multiple systems? And then of course, what are the security risks that are associated with this growing technology, EHR spread and a growing attack surface across these different platforms?
One thing that we always keep in mind here is that even though you've made an EHR decision, don't think that that EHR legacy data and that EHR decision is set in stone. Oftentimes that legacy data can outlast your new move to a new EHR because of all the requirements that we have. So one solution that we're going to talk about more broadly here that organizations are employing in these transitions or to try to shrink the number of legacy systems that they have is a move toward legacy data archive solutions. So what is that? And when we say LDA, what do we mean?
So all of us are familiar with that go-forward EHR. It's what you use on a day-to-day basis. It's what your providers use to deliver care, it's what your patients are using to interact with. But in the background, and I'm going to assume since you're on this webinar, you probably have some version of what's on the screen here. You've got maybe a legacy EHR or two or three lurking in the background, maybe some that you've sunsetted, maybe some that you've acquired through, again, acquisition or merger, and then maybe you have some other system that's looking back there, like an old revenue cycle's management system or an old patient engagement system. And you're juggling how all of these legacy systems interact with your go-forward healthcare IT strategy, with that go-forward EHR.
The legacy data archive process, consolidates all of those legacy systems in a data-agnostic and provider-agnostic way, so that at the end of the day, you've consolidated down from these multiple systems into a two system healthcare IT landscape that reduces complexity, that supports compliance and allows you guys to operate in a much more compliant and easy way. So when we talk about LDA and legacy data archive, that's what we're referring to.
So without further ado, I want to start by looking out at the landscape and saying, if we're going to be tackling legacy data, what are some of the common mistakes that we want to avoid? And mistake number one ... sorry, hold on, is doing nothing or continuing on with a legacy system and having that in the background. By far the most common way that organizations tackle the legacy problem. So Lauri, lucky you, we all drew straws before the webinar kicked off and you drew the short one. So my first question goes to you. If an organization chooses to do nothing or to mothball a legacy or maybe an old existing system, why would they do that? What's the desired outcome? What's their thinking in that process?
Lauri Shannon
Having experienced that on a couple of levels here, we have Meditech. Just I'd say it was in 2019, we migrated from Meditech Magic to Expanse, and we had NextGen ambulatory EHR. And at that time, we decided to move to a fully integrated system with Meditech Expanse, so it was time to do something with our NextGen EHR. At that time, it was 12 years old. We had lots of data in it, and we knew, based on retention guidelines and the need for data after the fact, that we had to do something with it.
So we went through quite a bit of strategic analysis trying to figure out what to do with NextGen at the time Expanse was going live. And what we decided at that time was to leave it live in the background. Was it at the top of our list? No, but it was, I would say, number two or three on my list. First was the conversion, and we'll talk more about that in a little bit. But we had to convert some data from NextGen to Meditech, but we decided to keep NextGen rolling at that time. We had to look at the finances of that, but it seemed to make the most sense at that time.
Drew Drbal
Thank you. And when you were talking about the different options and going through the different considerations, what was front and center in your organization's mind to make that decision? Was it the cost? Was it the complexity of the conversion? Talk to us a little bit more about that if you-
Lauri Shannon
I think really, it was our provider's need for access to their information. We had 12 years of data for our ambulatory health records. So first, our first critical decision was how do we keep a hold of that? How do we keep our hands on it? Maintaining two EHRs is like paying for two different mortgages. So we knew long-term, we could not pay for full on NextGen running side by side. Plus there's not enough bandwidth in my own staff or my staff at that time to [inaudible 00:08:45] two. But we had to keep it going. And the decision at the front end, we did eat some cost. We did have to, for about six months, pay for both systems. And then we were able to reduce our licensing on NextGen. We backed it way down to keep it in a position that we had good return on investment, we felt. But our number one priority was keeping data in the hands of the provider.
Drew Drbal
Absolutely. And with all healthcare organizations, the number one priority is always patient efficacy, patient safety, and the delivery of care. So that plays a role across all of these decisions, even the ones that are monetary or bandwidth-related. Thank you, Lauri. Jim, in that approach, and I know you've got quite a bit of experience, obviously, in your career with this, what are some of the common risks that are associated with this mothball or the do nothing approach? Can you give us any personal anecdotes-
Jim Leonard
Sure.
Drew Drbal
Or some examples from your career?
Jim Leonard
First of all, I'd like to say that when ... a number of years ago, the idea of legacy data archiving wasn't really forefront in the industry. It's becoming much more so now. But back then, you may have invested in millions of dollars in an EMR transition and then find out that, oh, from a regulatory aspect, from a clinician aspect of things, the access still needs to maintained for those older records. Well, the EMR vendors don't take a whole lot of data into their new EMR when they do that implementation. It's basically patient demographics, maybe some allergies, current medications, and a problem list. That's it.
There's a lot more information that needs to be maintained, and no one likes to go back to the well once they've asked the CFO for a couple million dollars for an EMR implementation. So very often the only fallback solution is to just maintain that older platform and let it ride. And Lauri had a perfect example of what that situation looks like, but there are drawbacks to that. Lauri mentioned the second mortgage feel, like we're still paying for something out there. Some vendors are much more amenable to reducing licensing costs than others are.
But then you also have to think about the technology aspects of things. You're having to maintain that platform, which very often ends up on an older version of an operating system, an older version of a database management system that exposes the organization to malfeasant actors. It becomes a security hole on your network. So there's a lot of different reasons why you may choose to maintain that older EMR, but there is some exposure to that. But I can certainly understand why those decisions get made, especially since no one wants to go back to the CFO and say, "Yeah, we just spent a couple million dollars, but now we need maybe $100,000 more to do an archive project that didn't exist before a number of years ago."
Drew Drbal
And Jim, with that concept, the amount of spend, the sunk costs that's gone into these EHR platforms, obviously now most EHR platforms are going to be integrating, are going to be cloud-based, or at least a lot of them. But doing a look back, you were spending a lot of money on physical infrastructure, servers, physical space in a facility. Talk to us a little bit about, when you had these legacy systems that were hosted in a physical manner that you're responsible for, what were some of the considerations, the risks? How do you manage that from a legacy perspective?
Jim Leonard
So those are the kinds of things that kept me up at night. Is this server going to stay alive? Do I need to actually spend money to upgrade a server or replace a server, honestly, to continue to support that and make sure that it's technologically viable? There's a big discussion around that. I know many systems that were not readily active, and many of my folks' experience has been that they ... and this frightens me, they turn the server off until they need to get a record from it.
Well, that would be frightening. Is that server going to turn on again? So there's just so many frustration points around maintaining those older EMRs, and frankly, there's a support aspect from the EMR vendor that falls down a number of levels of importance. When you go to a purely legacy environment with an EMR vendor, they certainly have a vast majority of their clients that need access to those systems because that's their go-forward plan. That's their active EMR. So when you have a problem with a legacy implementation of an EMR, you may find that your low man on the totem pole to get response from support aspects.
Drew Drbal
Absolutely. Thank you, Jim. Let's talk about the second common mistake, and that is going to be merging patient data, your old patient data with your new go-forward system. And to a layperson who maybe hasn't done a bunch of these transitions before, this might seem like the natural response. Well, why don't we just put the data together? Just copy paste. It should work out just fine. A lot of times you see this when you have even an upgrade from a version to another version, even within your own vendor.
As coming from the healthcare EHR sales space for the better part of a decade, that's something to be careful of. The salesperson that you're working with might not necessarily go into great depth into where the problems could be with that strategy, but I can tell you there's definitely a few pitfalls there. So Lauri, again, thanks for drawing the short straw. We'll start with you again. Elaborate, if you would. When we say merging data, what is the desired outcome? What would the hope be that that would look like? What's the intended outcome, and then what would the result be, in your experience?
Lauri Shannon
Well, we did it. We did, to a degree. We converted to Jim's point earlier, our master patient index from NextGen into Meditech Expanse. We also took in all of the allergies, as he said earlier. We had the last three documented vital signs, we brought those in as well so that they would be available at the fingertips. And then we also looked at immunizations, a way to manage immunizations. But beyond that, we didn't do anything else. And number one, it takes a ton of time and a great deal of resources and a lot of money.
The data schema from one system to the other does not match. In your new system, your queries don't necessarily match your responses. So when you bring in things, it's not going to be a one-for-one. So you need to find data that is discrete and that's doable. When we were actually converting our master patient index, we hired our former health information director to clean our master patient index in NextGen before we moved it into Meditech. So she was comparing our full MPI against the Meditech Expanse MPI and cleaning it up, finding the dupes, finding the misspellings, finding all manner of things that you think, even in your, I know you're all doing a good job, but the day-to-day operations people, humans make mistakes.
But when we went through iterations of the testing, and that's another big part of the conversion is testing it. So we had to have a test system that mirrored the new. And so there's just a lot of work. So for every data field you want to convert into your new EHR, consider it a project. It's almost its own project. So from vendor A to vendor B, you have to figure out how it's going to go. There's a lot of stakeholder engagement and governance when you're deciding on what to bring in too. What is going to make a difference in the care of the patient as we go forward?
Data cleaning, like I said, data mapping, what's the legacy data strategy involved? And then when you get ready to go, it's just almost at the time of go-live, you're worrying about this set of data you have to convert while you're prepping for your go-live. So your team of people have been busy building the new system, they've been training all your staff, but you have a set of people that are also trying to figure out how to, well, they've already figured it out and they've tested it, but they're responsible for making sure that conversion happens just in time. So it's a lot of work converting data. It can be done, but you have to plan it very strategically.
Drew Drbal
That sounds like the best job ever, honestly. That sounds like such a fun role. [inaudible 00:19:05].
Lauri Shannon
It's a lot. You have to have people who have OCD doing that job.
Drew Drbal
The definition of needle in a haystack. Jim, if you wouldn't mind, with that strategy, talk to us about some of the challenges that they're going to face at the end of that, corrupted data, transfer fidelity issues, maybe like clinical frustration and potentially lost trust from the providers delivering the care with this data.
Jim Leonard
So the first step is many of the EMR vendors don't want a lot of the background data. The more important clinical information beyond allergies, current medications, problem lists, they don't build that into their project plan to allow the absorption of things like progress notes or nurse's notes and so on and so forth into the adoption of a new EMR. So in many cases, the new vendor puts that hurdle in your place. It's also a unique situation where I'm going to differentiate between an organization like Lauri's that moved from one EMR to another and has complete faith in that data from that former EMR. Consider going into an acquisition mode and acquiring a physician practice or another hospital, that type of thing. You now have to, I always had a bit of suspicion as to the quality of how that data was maintained by that former organization.
There's a reason why facilities want to be acquired. Maybe their operations weren't as tight as they needed to be. They opted to be acquired by another maybe larger organization. Now, my discussion has always been around putting a, call it a Chinese wall between the data that you acquired and the data that you ... managed the collection of and the presentation of that data to your clinicians. So in my experience, I've seen issues with EMRs where a group of physicians documented progress notes in three different locations in their former EMR. Imagine attempting to commingle all of that information into a go-forward platform. That's very difficult to do.
So the idea of using a legacy data archive environment to keep that Chinese wall between your acquired data and your properly comfortably-administrated data, or the fact that your current vendor wouldn't take that additional data and you'd need to house it in a particular place. You need to maintain those records for, what? Seven to 21 years, depending on the age of the patient. You have a regulatory requirement to comply with that. And then there's the issue of, as you mentioned, Drew, that data integrity. Did the fields from the older EMR migrate properly into a new EMR? You remove all of that concern by opting for a legacy data archive environment that the physicians and HIM staff, legal staff still have access to, but it's not attempting to force that into your current EMR platform.
Drew Drbal
Yeah. Well, and Jim, to that point too, I think the statistics are roughly a third of all claims that get denied are denied because of data issues, where there's a mismatch. I mean, it could be the simple stuff like my name's Andrew and I go by Drew. But it also can be as complex as those fields didn't map correctly, and the claims that are being generated are based off of data that is not mapped correctly.
Jim Leonard
Exactly right. So we've actually seen situations where an acquired EMR did not manage a lab interface properly, and we found during that transition that lab results in an acquired EMR were mixed between patients. Imagine that situation. So that's frightening to clinicians trying to care for patients that they have faith in that data. So yeah, there's plenty of horror stories around mismanaged environment in the EHR space, especially when you consider how, and you mentioned Meaningful Use, Drew. So at the beginning of Meaningful Use, there's 1,000 different vendors building their own EHRs. That was the wild west of clinical document collection. Each EMR vendor did things slightly differently, and frankly, between implementations, client choices impacted how that data was collected as well. So those older EHRs, when we were dealing with Meaningful Use was a pretty daunting environment to deal with when you started to compare data between EHR platforms.
Drew Drbal
I remember working with definitely more than one provider in that EHR transition with one of those older systems and said, "Well, I just dump everything, PHI, ROI procedure results, all just into my PE, my physical exam. So can you just separate that out and it'll all go into the right field?" And you're like, "No, there's no way to do that at scale."
Jim Leonard
Right, exactly. Right.
Drew Drbal
Well, it's a really good transition to that third mistake we're going to talk about, is overlooking the compliance and retention complexities that we all have to deal with. Hopefully everybody on this call is familiar with the Joint Commission and their new Accreditation 360, which they recently rolled out, which brought the number of measures that you have to satisfy down from about 1,500 to a very, very manageable 774 measures. So even though we're starting to shrink some of the compliance measures, there's still a vast amount of complexity to this that these EHR transitions' legacy data just complicate. Lauri, I'd love to get your take on the complications, the seriousness of those policies, the retention policies and the things that you guys were keeping in mind when you were making that transition onto the legacy as well as onto your [inaudible 00:26:31].
Lauri Shannon
I am in Indiana and we have, I think it's still at seven and a half years is what we went at for a non-minor, but so it's 18 plus seven and a half for a child or a newborn. And so we had the records, so you're having to keep essentially 25 year retention on a lot of records, depending on the age of the patient. But for the patients who are not minors, all of that data is not worth keeping. However, there is a thing called release of information, and those records have supported the bills, the payment system. So your legacy data has to be able to be retrievable for release of information for a period of time.
I just checked our NextGen system actually, we converted to Expanse in 2019 and we're still pulling ROI out of the legacy system. We're almost eight years later. So keep that in mind. One is to follow the compliance of your state law. Secondly is your release of information needs. And then third is medical legal needs. If you have any legal proceedings, of course, you have to make sure that your data is sequestered. So safely, you have to keep that legacy data stored as well.
Drew Drbal
Absolutely. And Jim, I know this is something that you are passionate about as CIO, but to Lauri's point, you have an obligation to keep these records and this data secure and viable for a certain period of time. But let's talk about the other side of the coin there. What are the pitfalls of maybe keeping too much data onsite, other than the obvious that the more data you store, the more expensive it is, but what other considerations are there?
Jim Leonard
Well, obviously you need to maintain these records for periods of time, but any legal person will tell you that it's as dangerous to keep records longer than they need to exist because they're discoverable than maybe not keeping them long enough. It's a double-edged sword there. So a retention policy and the ability for a legacy data archive platform to recognize and support your retention policies is very important. So there's one thing, I hear people, I talk with people all the time where we're just going to create an S3 bucket on Amazon and throw our records there and we'll grab them when we need them. Well, that's all well and good, but what are the audit capabilities of that bland S3 bucket? Who has access to it? Who's looked at it? What records have been looked at? But also how does that S3 bucket or a box environment, how do they manage your retention policies?
That now becomes entirely manual for you to realize that, hey, I've got records out there for eight years. I need to go find those older records and begin to purge them from my environment, where a higher end legacy data archive environment actually has your retention policies acknowledged in it and will prompt staff to say, "Hey, you've got some records here that have reached their retention date by your own policies, and maybe you need to approve their removal." And that workflow aspect of those higher end legacy data archive platforms provide that workflow capability to manage your records almost at an automatic standpoint.
Lauri mentioned legal hold records. Your legacy data archive platform needs to recognize when you have records on legal hold so that they don't participate in your retention policies. So the whole idea of not just keeping the records but truly managing the records is an important aspect when you're looking at legacy data archiving. I'll also say this, many, many smaller healthcare organizations, physician clinics, larger clinics, smaller hospitals are looking to, like Lauri did with Expanse, to go to a SaaS model, EMR environment and billing product environment. Well, isn't that frustrating to have your go-forward records managed in the cloud, but have your older records, those legacy records, still sitting on your computer room floor? So many smaller clients look to move their legacy records to the cloud the way they've moved their current go-forward records to the cloud.
Drew Drbal
Absolutely. Lauri, you said something I thought very profound when we were meeting to talk about the content for the webinar. You talked a little bit about just the immense responsibility, pressure and the obligation you felt being responsible for 60,000 plus patients records that were really in your stead. I'm wondering if maybe you would talk a little bit about that and share that with us.
Lauri Shannon
Sure. I live in a community, actually, I was born in the hospital that I now work in and my family is in the community. Everybody knows everybody in this community. So you have to first protect the confidentiality of the patient, but the records within the database are my own family's. So I have to do everything I can to make sure that they're secure, they have integrity, and they're ready at the fingertip of the provider when they're needed. It's an immense responsibility on a health information director, manager, or anybody, I think all the way up through the CIO. If you're responsible for the life of a patient, what we do is extremely important and the data within it has to be correct and secure.
Drew Drbal
You said that exactly, and it really stuck with me. And I think it really highlights the fact that regardless of what part of healthcare you're in, if you're moving ones and zeros around or you're a sales guy, a sleazy sales guy like me, we're all in it for some variation of the health of the patient, our own health, our family member's health, and it can be easy to lose sight of that sometimes, when you're dealing with very technical process-driven things, but it boils down to the health and safety of patients and people first.
So thank you for sharing that. I appreciate that. It's a nice segue, I think, into mistake number four, which is often undervaluing that data. I don't think we need to focus too much on the value of the clinical data, but Jim, you mentioned a little bit about the value of the historical financial data too, that a lot of times comes with this. Most of the time that EHR, revenue cycle management PM system, they're married together. You can't separate them out. So when you're making this transition, you got to focus on the financial data too. I wonder if you could talk to us a little bit about that.
Jim Leonard
Sure. Without a doubt, how many clinical audits or financial audits require clinical information? So how many clinical audits require how that patient was billed and what payments were made and so on and so forth? So there's no clear delineation between the audit responsibility of patient billing data and patient clinical data. The bill is generated from the clinical treatment of the patient, so you cannot divorce those two sets of records. As a CIO, I was always astounded at how often CMS came back and did an audit against us for records that were two, three, four years old, and it was a bit of a Chinese fire drill to run around and pull those records together, especially if you had moved to a new platform and now you're trying to deal with getting records from multiple different platforms that you have existing, rather than having combined those, pulled those records into a legacy data archive environment and making them a bit more readily accessible.
One of the systems that I maintained as a CIO was Meditech Magic, which the physicians would always dance on my head about as how difficult it was to remember how to navigate through Meditech Magic and all the different green screens to get access to certain information, whether that information was clinical in nature for the providers or financial in nature for the billing office. Imagine having divorced yourself from that unusual interface two, three, four years ago and now having to go back into it and remember how to access those different platforms. So there's great benefit in getting that data out of what, in some cases, becomes a user management vault that people just don't remember how to get into any longer, bring it into a newer platform that makes that data much more readily accessible.
Drew Drbal
And to layer on top of that, Lauri, let's go back to the clinical data for a moment. It's the ease of use and the accessibility for providers to access that historical information. You talked about migrating allergies, problem lists, medications, what other pieces of clinical data where your providers still pulling and accessing a year later, three years later, five years later, just in the day-to-day span of care?
Lauri Shannon
We used our audit utility. In fact, I did. I ran the first six months of 2025 against our legacy EHR, NextGen, to find out what was still being tapped, and I was surprised. We actually touched 633 patients. We pulled data from 633, and the main things that we touched were the master document, the last office visit, master document for that patient. We had OB master documents, orthopedic masters, CPAP documentation was important, medication records with responsibility for patient authorization, what meds have been tried and failed or what meds have tried and succeeded.
Ancillary testing. We had disparate systems that were interfaced into NextGen, and some of the data from those disparate systems have been pulled out. Some imaging, definitely lab, we had Labcorp that was interfaced, in addition to our Meditech lab. Scanned data, interestingly, is being tapped quite a bit. Pathology reports and op notes, because those came from Meditech Expanse. Now our Meditech Expanse system, or Meditech Magic. So Magic became Expanse. So apparently it's easier to get to some of that data through our old NextGen. Immunization records have been, again, I hit on earlier the release of information. We are still pulling, there's quite a bit being pulled out on ROI by the Health Information Department for solving requests.
Drew Drbal
Yeah. It continues to go on. And the more complex the patient, the more complex the problem, the deeper you need to go into the past. Thank you.
Lauri Shannon
That audit trail was 10,498 pages.
Drew Drbal
Wow.
Lauri Shannon
Plan on your legacy data to be tapped.
Drew Drbal
Well, we've got about five minutes left until I need to turn things over to Q&A. I promised Alyssa I would end on time. She might sound nice, but I do not want to break a promise to her. So let's move on to the last mistake, which we've talked about all the complexity, all the different complications here. If you're looking to archive your legacy data, what are we looking for in a partner? Jim, since I've been picking on Lauri going first, I'm going to start with you and then Lauri, you're going to get the last question. We're going to bookend with Lauri here. Let's go worst case scenario, and then Lauri can end with what a good partnership looks like. When you think about worst case scenarios, Jim, choosing the wrong partner, what are some potential scenarios that could arise? What kept you up at night when you were laying your head down on your pillow with this kind of stuff?
Jim Leonard
We talked about getting a legacy data archive vendor that has a cloud presence. That's typically going to give you more ready access to the data that you want. It's generally a platform that is less impacted by downtime than something that may be sitting on your computer room floor or frankly hosted in the vendor's computer room versus in a more cloud-friendly SaaS environment. But what we've seen now is some legacy data archive vendors have become victims of their own success. So maybe when a client initially chose a vendor, their archive projects ran two, three months, perhaps, and then that archive was done, completed and satisfied. But now we're seeing six, seven, eight months for some of these legacy data archive vendors, and we suspect a lot of that is due to staff turnover. In some cases, you have folks that aren't as familiar with the archiving process or aren't familiar with clinical data to begin with, but also just the impact of the volume of archive activity that's happening is beginning to push out the length of these various archive projects, number one.
So you have situations where maybe you chose a vendor and you're finding that that vendor has downtime and doesn't quite meet the uptime guarantees that they had originally proposed, and that may be something to do with the volume of work that they're dealing with. They didn't size servers properly, so on and so forth. The idea of a true cloud-based legacy data archive vendor that has basically the unlimited resources of, say, an Amazon Web Services or a Microsoft Cloud environment or a Google Cloud environment where, as their population of patient records grows, they have the ability to absorb additional resources from their cloud vendor without necessarily a lot of upfront expenditure versus the EMR or the legacy data archive vendor that is still computer room floor-based.
They have their servers on the computer room floor and they've consumed so many records that now they're having to expand their server platforms and so on and so forth. So there's so many situations where you might've chosen a vendor for legacy data archiving two or three years ago and been happy with them, but now you find that they're not quite meeting the requirements that you have, especially if you are in a merger acquisition environment.
Drew Drbal
Thank you, Jim. All right, Lauri, last question. Same one back to you. We've talked a lot about technical requirements, being based in the cloud, your security accreditation, SOC 2, HIPAA, HITRUST, all of that. If you wouldn't mind, maybe talk a little bit about just the relationship that you're looking for, follow through trust in the vendor.
Lauri Shannon
Trust is number one. Maybe number two is that that vendor understands the magnitude and complexity of the data you're going to give them and they understand the value of how it has to be maintained. The relationship that I formed, and I don't know if I'm supposed to drop the name or not, but I'm going to, his name's Bob Hudson with GRM, has been outstanding. Why? Because he did what he said he would do. He did it on time, he did it within budget and he followed through. So having a vendor that understands you, understands the value of the data that they're managing and then does their job is what you're looking for. And I've found that in this particular vendor and I've had a few vendors over my career, [inaudible 00:44:39] say that, that didn't do that.
Drew Drbal
Wonderful. Thank you Lauri. Thank you, Jim. I'm a little bit over time, so I'm going to fly through this. Very much appreciate both of your expertise, your knowledge, your time. So thank you so much. We covered a lot of ground in the last 45 minutes, but really what we're looking for is legacy data. When executed properly and stored properly, we can reduce the risk of failure or security breaches, reduce costs to allow for reinvestment in other projects. We all know that there's probably four or five projects sitting on our desk right now that we'd love to tackle if we had more budget. Getting rid of some of those legacy systems can certainly help. We want to improve the audit response time, improve our effectiveness, maybe reduce the headaches when it comes to those audits and checks, and then eliminate redundant processes and redundant systems to reduce our attack surface and be a much more streamlined, technical organization than we are today.
So with that, I'll just give a little bit of a commentary on who we are, VisualVault. Lauri mentioned GRM, that's our parent company. But our expertise here in the LDA space and in the AR work down and archiving space is quite vast. We support over 1,000 clients today and with those 1,000 clients come over a billion clinical records that we maintain every single day. As Jim was commenting on, uptime, security are paramount. And then what's great about the expertise that we bring is that we are both data and vendor-agnostic. Some of those first 1,000 EHRs from back in 2009 that maybe you have sitting on a server, fear not, we can tackle those, all the way up to our modern-day more complex systems. So if you're interested, please feel free to reach out to us. And I know now Alyssa is going to move us into the Q&A piece of the webinar. I'm a little over Alyssa, I'm so sorry. We got 10 minutes, so thank you for that.
Alyssa
No worries. Thank you Drew. We can now start the Q&A, and if you have any questions, please feel free to drop them in the Q&A pod at the bottom of your screen. And it does look like there was one that came in. Does your LDA platform interface directly with our EHR?
Drew Drbal
Great question. So that is something that we definitely can build into the system. There's a couple different schools of thought on that. One would be that you want all of your providers or users of your go-forward system to have that single sign-on access. So that's certainly something we can implement. The other school of thought would be, as Jim was saying, you want to have a Great Wall of China, potentially, through some of that data. So we can support both models or a combination of the two depending on what your organization requires. But certainly something that we're very comfortable with.
Jim Leonard
Say Drew, can I just add that-
Drew Drbal
Please.
Jim Leonard
We have a very ... powerful open API that we publish within our platform, and many of our clients in the past have worked with their EHR vendor to basically create a button on the EHR page that says, "Let's view the clinical records." And that button just leverages the API that we have open and available to identify those records, as Drew mentioned, log the patient in or log the provider in through SSO and bring those particular records up that are directly associated with the patient's record that was being viewed.
Drew Drbal
And of those 1,000 clients that we serve, some are small ambulatory independent practices that only really have one or two locations. But then we also serve several multi-state, multi-location entities that have legacy data through M&A and you need to silo off that data to maybe only be accessible for a specific location or a specific state. And of course you have all the compliance that's built in for those. So as far as limiting the access to the customization and requirements for each one of these different databases or instances, very, very robust. Lots of API integrations and capabilities there. One thing I like about VisualVault and the reason I came to this organization is the bespoke nature of it. No two entities are alike, so we treat each implementation as such.
Alyssa
Awesome, thank you. And another one came in. Do you have pre-user licensing fees?
Drew Drbal
We do have an initial professional services up front charge to convert data. And then we do have a licensing subscription model that moves through the life of the relationship, whether you're archiving data for seven years, 10 years on past that. So we do have an initial up front to convert the data, to transfer it, clean it, we go through a quality assurance process. And then once we go-live, then the subscription kicks in.
Alyssa
Thank you, Drew. Another one from the attendees is, have you archived data from Intergy EHR? Greenway owns Intergy and VisualVault. If yes, can you briefly, if there were any issues, challenges, and what were those resolutions? Thank you.
Drew Drbal
Yep. Very familiar with Greenway. Intergy ran into them quite a bit, both at VisualVault and outside. Short answer is yes, absolutely. We've done multiple successful implementations and conversion of Greenway Intergy. Jim, I know you've been involved, probably, in some of the, you've been down in the dirt with them, so I'll let you talk about any challenges that we had there.
Jim Leonard
Not to cast dispersions, but I would say from Greenway, our biggest issue with Greenway is getting them to participate in the project effectively. And that's not unusual for vendors. They want to keep their licensing live as long as possible. So very often, you find vendors that do their best to drag their feet on a legacy data archiving project because they know at the end of the project, that monthly fee is gone. But that's probably our biggest issue with Greenway has been to get them to participate effectively in the project, get the client the data that they need, so on and so forth.
Alyssa
Great answer. Thank you. We have time for a little more. Is your management of records retention and records destruction part of the LDA solution? I.e. are records auto-deleted or presented for a review when they hit retention requirements?
Drew Drbal
Jim, I see you nodding [inaudible 00:52:15].
Jim Leonard
I'll answer that, if you don't mind. So we have, and as Drew mentioned, we have some clients that are very small, some clients that are absolutely massive. So what we've done is we've created our record retention management tool, our policy management tool to be a bolt-on to many of our different products. So yes, we can do record retention management on LDA records. And as I mentioned before, it's a bit of a workflow environment. So we identify the records that have reached, by the client's policy, their retention dates. We then communicate to that records manager, someone at the facility needs to own those records, and we say, "Hey, here's 50 records that are meeting their retention policy date." Well, they then get the opportunity to mark those records and say, "Yep, these can all be deleted, and maybe we want to place one on legal hold," or whatever, as we talked about in the past.
Then the platform takes those records and will remove those records, based on that individual's approval activity. But we keep a small header record, so to speak. So for instance, the system would still know that, at one point in time, we had Jim Leonard's record of this particular date of birth using this account number or this medical record number, but it meant that record met its retention policy on this particular date. It was approved by this particular individual on this particular date and it was electronically destroyed on this particular date. So we do have the ability to destroy those records electronically, but we always keep that basically a record in the retention manager to say, "Hey, these are the records that met their retention date. Here's who approved their removal and here's when they were actually destroyed." So you never completely lose that visibility into your retention policies.
Drew Drbal
And adjacent to that too, for the records that are being accessed, you've got the ability to mark those up. There's always, of course, a full audit trail that is available to you to see who accessed what records at what time, what did they do to those, how did those individuals interact with those records. So in addition to the destruction and the management there, there's a [inaudible 00:54:59] full audit capabilities.
Alyssa
Awesome. Thank you. And I want to take the time to thank Lauri, Drew and Jim for being part of this afternoon. And I also want to thank our participants who joined us today. We hope this webinar has been helpful for you and your organization. If you have any further questions or would like to request more information, please feel free to contact us via the information on the slide.