The honest EHR-migration data-loss checklist
The pre-migration checklist most vendors hand you is templated and reassuring. This one is about what actually goes wrong: the discrete data that quietly becomes a scanned PDF, the allergy whose "refuted" status flips to active, the lab feed that silently never reconnects. Every failure mode is anchored to the real HL7/FHIR, ONC, HIPAA, and code-system standard that governs it.
Read the full checklist (free) →Get the validation toolkit
The seven silent-data-loss failure modes
Structured → unstructured loss
Discrete, coded fields (labs, meds, problems) get migrated as scanned PDFs or free text — the values look present but become unqueryable and uncomputable. This …
Code-system mapping gaps
Crosswalking SNOMED CT, ICD-10-CM, RxNorm, LOINC, and CVX between EHRs is where meaning silently shifts: version drift, one-to-many ambiguity, RXCUI≠NDC, retire…
Allergy & problem-list granularity loss
Status and granularity fields default-flatten during migration. A refuted or entered-in-error allergy arriving as 'active', or a resolved problem reappearing as…
Dropped HL7 v2 / FHIR interface feeds
Lab (ORU), registration (ADT), radiology, and pharmacy interfaces silently aren't reconnected after cutover — the classic migration failure where the data stops…
Attachment / scanned-document loss
Document metadata migrates but the binary doesn't: broken or relative `attachment.url` pointers are the classic silent loss. For C-CDA, teams keep the human-rea…
Audit-trail / access-log loss
Legacy access histories and audit logs are dropped at cutover — but the HIPAA 6-year retention obligation follows the DATA, not the system. You must still be ab…
USCDI / C-CDA portability completeness
Use the cert-named US Core / USCDI version as the minimum completeness checklist. Anything in USCDI that doesn't round-trip is, by definition, silent loss of po…
By EHR
Epic Cerner / Oracle Health athenahealth Allscripts / Veradigm eClinicalWorks NextGen Practice Fusion