EHR Migration Integrity Checklist Full checklistStandardsValidation toolkit

Home › NextGen migration

NextGen migration data-loss checklist

Migrating to or from NextGen? The data-integrity failure modes are largely EHR-agnostic — but here's what to weight. Verify code-system mapping and C-CDA coded-entry survival.

General IT / operational guidance — not medical, legal, or compliance advice. This is a data-integrity validation checklist for EHR migration. Standards and versions revise; verify every citation and version against the live owner page and confirm requirements with your EHR vendor and your organization's compliance/HIM team before acting.
Lead with this: Losing the code-system `system` URI is silent semantic loss even when the value looks intact — reconcile coded elements WITH their terminology binding, not just the visible code/display text.

The seven things that silently break

Structured → unstructured loss High-risk silent loss

Discrete, coded fields (labs, meds, problems) get migrated as scanned PDFs or free text — the values look present but become unqueryable and uncomputable. This can also implicate information-blocking …

Code-system mapping gaps High-risk silent loss

Crosswalking SNOMED CT, ICD-10-CM, RxNorm, LOINC, and CVX between EHRs is where meaning silently shifts: version drift, one-to-many ambiguity, RXCUI≠NDC, retired concepts, and codes landing in the wro…

Allergy & problem-list granularity loss High-risk silent loss

Status and granularity fields default-flatten during migration. A refuted or entered-in-error allergy arriving as 'active', or a resolved problem reappearing as active, is a patient-safety event — not…

Dropped HL7 v2 / FHIR interface feeds High-risk silent loss

Lab (ORU), registration (ADT), radiology, and pharmacy interfaces silently aren't reconnected after cutover — the classic migration failure where the data stops flowing and nobody notices for days.…

Attachment / scanned-document loss Medium-risk silent loss

Document metadata migrates but the binary doesn't: broken or relative `attachment.url` pointers are the classic silent loss. For C-CDA, teams keep the human-readable narrative but lose the coded entri…

Audit-trail / access-log loss Medium-risk silent loss

Legacy access histories and audit logs are dropped at cutover — but the HIPAA 6-year retention obligation follows the DATA, not the system. You must still be able to produce historical access logs for…

USCDI / C-CDA portability completeness High-risk silent loss

Use the cert-named US Core / USCDI version as the minimum completeness checklist. Anything in USCDI that doesn't round-trip is, by definition, silent loss of portable data.…

Read the full NextGen checklist →Validation toolkit

Not medical advice. IT/operational guidance for EHR data-migration validation, anchored to official HL7/FHIR, ONC/ASTP, HIPAA (eCFR), and code-system sources. Last verified 2026-06-22. Verify versions and requirements with your vendor and compliance team. Some outbound links may be referral links.