Full checklist › Attachment / scanned-document loss

Attachment / scanned-document loss Medium-risk silent loss

Document metadata migrates but the binary doesn't: broken or relative `attachment.url` pointers are the classic silent loss. For C-CDA, teams keep the human-readable narrative but lose the coded entries.

Anchored to:

• FHIR DocumentReference (R4) — HL7 International

• C-CDA (Consolidated CDA) — HL7 International (Document-exchange realization; R2.1 common portability baseline.)

General IT / operational guidance — not medical, legal, or compliance advice. This is a data-integrity validation checklist for EHR migration. Standards and versions revise; verify every citation and version against the live owner page and confirm requirements with your EHR vendor and your organization's compliance/HIM team before acting.

What to validate

Determine whether the source uses DocumentReference `content.attachment.url` (external pointer) vs inline `content.attachment.data` (base64) — broken/relative `url` pointers are the classic silent loss.
Confirm `contentType` (MIME) and `docStatus` survive, and that Binary targets actually transfer and re-resolve in the target.
For C-CDA: validate that STRUCTURED/CODED entries are parsed, not just the human-readable narrative (many migrations keep the text but lose the coded entries).
Check C-CDA template conformance to the named version and that nullFlavors aren't converted into real values.
Spot-open migrated scans/faxes/PDFs in the target to confirm they render, not just that the metadata row exists.

Get the runnable validation toolkit →All 7 failure modes

Not medical advice. IT/operational guidance for EHR data-migration validation, anchored to official HL7/FHIR, ONC/ASTP, HIPAA (eCFR), and code-system sources. Last verified 2026-06-22. Verify versions and requirements with your vendor and compliance team. Some outbound links may be referral links.