The InterScripts knowledge hub

EHR data archival — the definitive guide for healthcare CIOs in 2026

EHR data archival explained: when to archive vs. migrate, defensible disposition, vendor evaluation criteria, HITRUST and HIPAA controls, and federal deployment patterns.

Supporting articles

• How long must hospitals retain medical records?

  How long must hospitals retain medical records in each U.S. state? Federal Medicare baseline (5 years clinical, 7 years billing) plus state-specific adult and pediatric retention rules.

• Defensible disposition for healthcare data

  Defensible disposition for healthcare data: retention schedule, immutable archive, tamper-evident audit log. The three-part test that holds up in OIG, OCR, and litigation review.

• Behavioral health archival — Netsmart, Credible, Anasazi, Dayforce

  Behavioral-health archival from Netsmart myEvolv, Credible, Anasazi, and Dayforce — with 42 CFR Part 2 substance-use-disorder handling and state-specific retention rules.

Healthcare data migration — Epic, Cerner, Meditech, Allscripts

Healthcare data migration playbook for Epic, Oracle Health (Cerner), Meditech Expanse, and Allscripts. Three workstreams, defensible archival, and 300+ HIS migration learnings.

Supporting articles

• Cerner-to-Epic data migration — step-by-step

  How to migrate from Oracle Health (Cerner) Millennium to Epic — three workstreams, clinical-data mapping patterns, defensible archival, and the credentialed go-live bench.

• Meditech Magic to Expanse migration playbook

  Migrate from Meditech Magic to Meditech Expanse — community-hospital playbook covering Magic data extraction, Expanse onboarding, defensible archival, and go-live support.

• FHIR R4 explained for healthcare CIOs

  FHIR R4 explained for healthcare CIOs — what FHIR is, why R4 is the deployed version in 2026, how it relates to USCDI v3 and the 21st Century Cures Act, and where R5 fits.

• TEFCA and the QHIN designation explained

  TEFCA and the QHIN designation explained — what TEFCA is, who runs it, the named QHINs as of 2026, and how QHIN exchange affects health-system interoperability strategy.

• 21st Century Cures Act — information blocking explained

  The 21st Century Cures Act information-blocking rule — what it requires, who it applies to, what counts as information blocking, and what the penalties are.

Legacy EHR decommissioning — a 12-step playbook

Legacy EHR decommissioning playbook — 12 steps from inventory to defensible disposition. Meditech Magic, Allscripts, AHLTA, CHCS, VistA retirement patterns.

Supporting articles

• HITRUST CSF v11 readiness checklist

  HITRUST CSF v11 readiness — the controls, evidence, and timeline to achieve r2 certification. Practical checklist from a HITRUST r2 certified organization.

Federal healthcare IT modernization — DHA, VA, federal civilian

Federal healthcare IT modernization across the Defense Health Agency, Department of Veterans Affairs, and federal civilian agencies — VAULTIS, MHS GENESIS, VA EHRM, GSA MAS contracting.

Supporting articles

• VA EHRM program — vendors, timeline, opportunities

  VA EHR Modernization (EHRM) program — replacing VistA with Oracle Health (Cerner) Millennium across VHA. Vendor partners, timeline, sites, opportunities for small business contractors.

Healthcare AI governance — CHAI, responsible AI, and the hospital playbook

Healthcare AI governance for hospital CIOs — CHAI principles, responsible AI policy, clinical safety guardrails, and the operational playbook for deploying AI in clinical workflows.

Supporting articles

• More articles publishing this quarter.