The fact is, as technology continues to grow and change rapidly, so do rules and regulations that are intended to save us from ourselves.
We’ve heard about the Health Insurance Portability & Accountability Act (HIPAA), the government act put in place to essentially, keep your private information private. HIPAA was put in place in 1996…a long time ago (in technology years), so in 2009 the government had to step up security of Protected Health Information (PHI) under the American Recovery and Reinvestment Act with regulations contained in what is called the Health Information Technology for Economic and Clinical Health (HITECH). I believe they came up with the acronym first because it’s just too perfect.
HITECH essentially means, if you’re using any form of shared technology related to the healthcare industry, you need to comply to strict regulations of security.
Understanding The Web (of involvement)
If you look at the number of hands that touch private medical records, you’ll find it goes way beyond the doctor, the nurse and the receptionist. Almost half of the HIPAA data security breaches in one year trace back to a business associate. That could be 7-10 layers from the actual patient. For instance, the lab tech’s data entry associate’s resident intern. Guess what happens when there’s a breach that’s not even close to the original doctor or medical expert, they, or the lab, are the ones who will be fined tens of thousands to hundreds of thousands of dollars.
Don’t take any chances. If it affects the healthcare industry monetarily, it may trickle down to the patient bills and co-pays to absorb those costs.
If you’re in the healthcare field, or your business has any association to the healthcare industry, then the first order of business is to educate your entire team. If anyone is in and around the healthcare field they should sign off, acknowledge and understand how to keep medical records from being compromised.
Encryption, Encryption, Encryption
One more time…Encryption. You can be saved by encryption. If you have encrypted PHI that’s within the requirements of the HITECH Act, then you’re not liable. That’s because encrypted information is currently the most secure way of handling sensitive, private information.
Since the Bring Your Own Device (BYOD) element is added to the mix it’s even more imperative that everything meets HIPAA compliance standards. An encrypted secure messaging system will be the closest thing you can get to guaranteeing that all PHI is secure and confidential.
Look To The Cloud
Cloud storage for high-resolution medical imaging not only provides a great storage option that’s less time consuming than other means of backups, but it can also be a tremendous money-saver. When looking for a cloud service provider for your storage, there are a few things to consider.
- Does the provider offer the right back-up system and infrastructure for your needs?
- Is the provider HIPAA compliant beyond just saying they are?
- Does the provider offer the security needed for medical imaging storage with protection put in place that deters hackers or leaks in security?
- Does the provider offer an SLA that still ensures data ownership to the client?
These are tough questions to ask of any cloud service provider, so don’t expect the perfect answer, but DO expect the provider to be willing to share all their information that will make you feel comfortable about putting sensitive medical records in the cloud.
Don’t Put All Your Medical Data in One Basket
Besides cloud storage you need to consider your backup plans and data recovery. The biggest identifier should be, are the backups secure and safe from malware.
There is so much to cover to be HIPAA compliant. But instituting the above practices and making yourself knowledgeable about keeping PHI secure is the greatest thing you can do to protect your company and our information.