HIPAA Compliance With Sharing Medical Images

Compliance Concept on Folder Register in Multicolor Card Index. Closeup View. Selective Focus..jpeg

Purview in AAOS

The sharing of medical images is something that has and always will be a critical aspect of patient care. The information that medical imaging can provide is extremely valuable. If it is not provided in time, it can very possible lead to a delay in diagnosis, which in very severe cases can mean life or death. Without getting overly dramatic, we want to press the importance of good sharing methods that won’t get you in trouble. That’s right, if you are still faxing, burning CDs and DVDs, or parceling your images...think again.

Share Smart

It has become increasingly important to enable the transfer, sharing and even collaboration in real time with other health care practitioners in different geographies when treating a patient. This often requires the packaging and transport of medical image files. With today’s increasingly prevalent high bandwidth broadband connections, electronic transmission or better yet access from a centralized cloud repository has become very practical. However, most medical facilities still use the more archaic method of “burning” (copying) medical images onto CDs or DVD.

When PHI is copied onto CDs or DVDs, the health care practitioner must ensure that the right information gets into the right hands. Too often the information contained on the CD is not readable, not correct, or sometimes even the wrong patient, rendering this media useless. Burning and overnighting CDs while relatively simple is expensive and time consuming. Leaving unprotected CDs or DVDs in places that are not secure can itself put the covered entity at risk of non-compliance. Even mailing a CD to the wrong address or having the CD lost or stolen in transit can be a problem.

Electronic access to medical images can be more easily controlled. Cloud based PACS access is a good way to control the access by only authorized personnel without making an electronic copy susceptible to loss or theft.

When considering electronic access, the health care practitioner should avoid using email or file sharing applications like Dropbox or which may inadvertently replicate data on unsecured devices like cell phones, tablets or shared PCs. They could even be intercepted during transit. If despite this warning electronic files are shared via electronic transmission, they each should each be encrypted.

Should I Be Worried About My Vendor?

When working with partners providing software or storage, or perhaps who have access to your PHI, it is a good idea to get a signed Business Associate Agreement (BAA). BAAs are specific legal documents that bind those partners into compliance with similar HIPAA and HITECH compliance requirements. While there is a specific exception for “software entities,” it is important that anyone else who has access to your PHI sign a BAA to avoid inadvertent unprotected disclosure.

Final Thought

Technology has come a long way since the days of walking a physical film to a referring physician. Then came the days of faxing records, followed by burning CDs or DVDs. While the postal service may be more reliable than it was years ago, when it comes to sensitive material, most people feel more comfortable if they have control of the situation. With the aforementioned methods, you allow too much doubt, risk and probability of loss of data. All of which could result in more problems. Share your images with this in mind and ensure that you are utilizing secure means to improve medical outcomes.

Purview in AAOS Now_Oct 2017



Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.