If your practice already has an onsite storage system for your medical images, you might be considering deploying a cloud picture archiving and communication system (PACS) or hybrid (a mix of cloud and onsite storage) to increase the accessibility of your studies.
However, you need to be very careful to ensure that your system remains compliant when you move all or part of your imaging studies into the cloud.
Compliance Can Be Complicated
For obvious reasons, it’s imperative for medical clinics to comply with all regulations regarding the storage of medical imaging data. Unfortunately, this can be a difficult task, given that these requirements vary by location. In the United States, while the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) is in place, language that specifies how long medical imaging data needs to be retained is defined at the state level.
In addition to regulatory deviations by jurisdiction, certain types of images need to be stored for a longer period of time than others. For example, an ultrasound of a minor may need to be stored for up to seven years after the child turns 18 years old.
How Much Data Should You Retain?
Rather than sorting through imaging studies to determine which ones are safe to delete, many practices choose to store studies indefinitely.
Many Purview customers, for instance, take this approach to ensure there is no question they are compliant and also to make sure they retain a complete history of their patients' imaging studies. However, even if you choose to store only the images you are legally required to keep, you could still end up storing an enormous amount of data.
This is why it makes sense to use a cloud or hybrid PACS solution to reduce or avoid the cost of managing additional hardware. Otherwise it can begin to feel like you are running your own data center. As your storage requirements balloon, maintaining onsite hardware leads to the point where the oversight and overhead required to manage them becomes burdensome.
But given the regulatory complexities that exist within the health care industry, compliance must be a priority when vetting a cloud vendor to help alleviate the burden of storage.
Best Practices for Cloud and Hybrid PACS Storage
The best practice for storing medical imaging data is to ensure redundancy of information with a purpose built architecture, so that images are not lost even if there is a disaster that destroys the hardware used to store them. For instance, cloud vendors create such redundancy by storing your data in more than one secure data center location at any given time.
Vendors also need to follow industry standards around how they monitor and track access to your data. Meaning you should be able to look back historically, to see who has accessed your stored information and when.
Ultimately, You're Accountable
Cloud computing is a booming industry, which means new vendors are popping up in the marketplace all the time, offering the "next big thing" in cloud or hybrid PACS solutions. However, no matter how innovative or attractive a particular cloud or hybrid PACS option may seem, you need to do your research and determine for yourself what steps a provider will (or will not) take to protect your data.
At the end of the day, the responsibility for hybrid PACS compliance lies with you as a medical practice, so don’t assume that a vendor will keep your data safe until you’ve looked into their policies and procedures. Otherwise, any benefits you might realize from a cloud or hybrid approach in the short term could be negated entirely by the cost of regulatory noncompliance down the road.