A recent article in ProPublica identified that millions of medical records are not securely stored. According to the article, “Hundreds of computer servers worldwide that store patient X-rays and MRIs are so insecure that anyone with a web browser and a few lines of computer code can view patient records.”
Are your medical records secure?
It turns out that many individual providers and several image storage services do little if anything to protect the Private Health Information (PHI) of their patients. They fail to ensure that internet connections are secure using VPNs or other proprietary connections. Some are not even password protected.
When you are considering your PACS or storage vendor, be sure to inquire about the security of your storage. No PACS containing PHI that is connected to the internet, whether it be cloud or simply your on-premises PACS with an internet connection, should be open (unencrypted) to the public internet. All internet connections should be secure and storage systems should always be password protected.
Doing anything less puts your patient health records at risk and may subject you to a large fine or worse.
By the way, if you are a healthcare organization and use a third-party service or vendor to house your PHI, be sure you have a valid and up-to-date Business Associates Agreement (BAA) in place with that vendor as well. A BAA ensures that your vendor is responsible for securing their end of the information technology systems that house your patient information.
If you’d like to know more about how Purview secures medical records in its confidential cloud-based storage or would like a copy of our standard BAA, contact us at: firstname.lastname@example.org