Last year, two Arizona-based hospitals filed for bankruptcy and closed, leaving behind a slew of unpaid bills that locked the hospitals' EHR system and left patients like Caitlin Secrist struggling to gain access to medical records needed for a life-saving surgery.
Secrist, who's currently 21, had her first pancreatitis attack in 2017. Recalling the intensity of the pain, Secrist said, "I thought I was going to die."
Her parents took her to the ED at Florence Hospital at Anthem. There, they learned that Secrist's pancreas wasn't working properly. According to the Arizona Republic, the tube that connects Secrist's pancreas to the small intestine was so small that digestive juices were refluxing back into Secrist's pancreas every time she ate.
Doctors ultimately diagnosed her with pancreatitis, a condition that typically doesn't affect people as young as Secrist. Rather, the disease typically affects older people or those who smoke, drink, or misuse drugs. Preliminary testing suggested Secrist's condition stemmed from genetic and congenital defects.
As a result of the condition, Secrist must be fed via a feeding tube that pumps liquid nutrients into her intestines from a backpack she wears all day, every day. She also takes daily medication for digestion, nausea, and pain.
Secrist has gone through multiple surgeries to widen the tube, but to no avail. She's also been hospitalized more than a dozen times and has almost died twice, the Republic reports. "It's just like a ticking time bomb," Secrist said.
A referral for a rare surgery
Without other viable options, Secrist's gastroenterologist suggested she undergo surgery to remove her pancreas, spleen, and appendix, the Republic reports, which would require three months of recovery and could make her diabetic.
Few surgeons in the United States do the procedure. A Mayo Clinic facility in Secrist's home state of Arizona is one of them, but Secrist's insurance wouldn't cover it, so she and her parents flew to Johns Hopkins in Maryland to have the surgery done.
They gathered as many medical records as they could, but were missing Secrist's first scans from Florence Hospital, which had since gone bankrupt. The surgeon at Hopkins informed Secrist that he couldn't perform the surgery until he had all of her medical records, because he wanted to study her initial images to make sure her diagnosis was correct. The surgeon said bowel disorders are often incorrectly diagnosed as pancreatitis.
Suzette Secrist, Caitlin's mother, said "He's not going to just jump in and start pulling out her parts."
Why Secrist couldn't get her medical records
But getting the records is no easy feat.
Florence Hospital and Gilbert Hospital closed after declaring bankruptcy in the summer of 2018, and Resolute Commercial Services was hired to handle their affairs.
The hospitals owed money to a number of companies, including Medhost, which maintained the hospitals' EHRs, and Somerset Capital Group, which provided the computer servers to host those EHRs. The largest debt though totaled $13 million to investment company Indigo-DLI Holdings.
But creditors wanted to get paid, and patients and doctors seeking access to the original medical records were caught in the middle of which company should bear the cost of getting into the records system.
In January, Resolute and Medhost came to an agreement to release the records. Under the agreement, the court would pay Medhost $45,000 to reopen the hospital's EHRs for 90 days and Resolute would pay an additional $47,000 to hire a PR firm to alert patients of the 90 day window to request records.
But Indigo initially opposed that plan, since the $92,000 would dip into the funding Indigo is supposed to recoup from the hospital, so the company sought to block the agreement in court, the Arizona Republic reports.
A break in the impasse
Last week, Maricopa Superior Court Judge Roger Brodman, who has been overseeing the litigation regarding the hospital closures, ruled in favor of the plan to open the EHRs—and finally give Secrist and other patients a chance to access to their medical records.
A lawyer for Indigo said the lender may appeal the decision as it still would cut into the money it would recoup from the hospitals.
But for now, the plan is moving forward, and the records are slated to be open for 90 days, from around March to May of this year. Money will go toward publicizing the reactivation and hiring people to collect the records and respond to requests for records.
Secrist and her parents said the decision was a "big win" for not only her, but for hundreds of patients. "It's a good feeling," she said. "I can finally get those records and get on my way to getting better" (Sanders, Arizona Republic/USA Today, 2/20; AP/Sacramento Bee, 2/24).
Advisory Board's take
Greg Kuhnen, Senior Director, Health Care IT Advisor
While it's rare for an entire health system to shut down outright with no path forward, this episode highlights the importance of planning for all kinds of interruptions to chart access—both as a health system and as individual healthcare consumers.
“EHR contingency plans aren't just a good idea, they're mandated under HIPAA”
EHR contingency plans aren't just a good idea, they're mandated under HIPAA's disaster recovery and business continuity requirements, as well as by many payer and partner contracts. It's difficult to make plans that survive the complete shutdown of a system as happened here, but more common events such as cybersecurity breaches, infrastructure outages, natural disasters, vendor disputes, and human error should be part of every health system's business continuity and disaster recovery (BC/DR) plan.
Vendor contracts are an area that requires special attention, especially as critical applications increasingly move towards services delivered by the cloud. No one plans for a business relationship to sour when entering a new vendor contract, but inevitably some of them do. Contracts should clearly spell out vendor obligations in the event of acquisitions, shutdowns, or breach of contract and include ongoing access to data, migration assistance, and mandatory advance notification of cessation of operations.(To learn more about how to negotiate an IT contract successfully, view our handbook here).
“Contracts should clearly spell out vendor obligations in the event of acquisitions, shutdowns, or breach of contract”
Patients have a role to play in protecting their data as well. Interoperability advances, including continuity of care documents, personal health record apps, and consumer-directed health data repositories (such as Apple's HealthKit) have made it easier for consumers to maintain a personal copy of their health records. Regional health information exchanges can often provide a baseline level of continuity and peer-system access to data even in the face of primary system outages. Finally, the new open access regulations initially described in the 21st Century Cures Act and spelled out in newly proposed regulations earlier this month will expand the range of options for patients who wish to maintain copies of their own critical health data.
The key theme for patients is preparation—if you have a significant illness or health risk, it's best to work out your options to preserve your records in advance and ensure you have an up-to-date copy after any major medical event or diagnostic step. Keeping a copy of your medical records doesn't just protect against the risk your health system fails, it can help speed your access to correct care while traveling or requesting outside opinions.
To learn more about CMS and ONC's new proposed rules on interoperability—and the key implications for providers—read our new research note.
Then, to get easy-to-read summaries on need-to-know health IT subjects, like interoperability, HIPPA, and health information exchanges, view our Health Care Cheat Sheet Series.