Because of its sensitive nature, many hospital patients assume their personal information is safe and secure. Unfortunately, though, data breaches in the medical industry is a common occurrence. In 2015, the health insurance provider Anthem suffered a massive cyber attack in which the personal records of some 78.8 million patients were disclosed. In 2017, Morehead Memorial Hospital of North Carolina said a hacking incident resulted in the disclosure of some 66,000 patient records.
Because of the increased number of data breaches in recent years, many patients wonder where and how hospitals store their personal information. While different hospitals have different policies regarding the creation and storage of Protected Health Information (PHI), most use a few basic storage platforms.
Cloud Service
Many hospitals store patient information on the cloud. In fact, research cited by Forbes suggests that 83 percent of information technology (IT) professionals in the healthcare industry use cloud apps. Storing patient information on the cloud offers several advantages over local storage. When information is uploaded to the cloud, the practitioner or his or her associates can access it from any internet-connected computer. Cloud storage also reduces overhead costs associated with maintaining a local IT infrastructure.
Local Hardware
Even with a cloud service, however, hospitals often store patient information on local hardware. If the cloud service experiences an outage, this allows the hospital to continue its normal operations without any disruption of service. Normally, this data is encrypted to provide a higher level of security. The Health Insurance Portability and Accountability Act (HIPAA) doesn't require medical practitioners to encrypt patient information, but it does require them to implement technical safeguards to protect sensitive records from disclosure. Encryption is one of the most effective technical safeguards as it scrambles the patient's information so that it can't be deciphered without a decrypt key.
Some hospitals also have databases designed specifically for storing electronic health records. Patient information is uploaded to the database, after which the medical practitioner can log in through a secure portal to access it. This eliminates the need for a large file room consisting of thousands of folders. Hospitals can simply create and store patient information on a database instead of keeping physical files.
Medical Imaging Storage Solutions
Patient information consists of more than just names, addresses, phone numbers, Social Security numbers and health insurance identifiers. It also consists of medical images like CT scans, x-rays and MRI scans. When a hospital creates medical images such as these, it must store them in a safe and secure environment.
There are multiple storage solutions available for medical images, one of which is a Vendor Neutral Archive (VNA). This framework involves the use of a special device that stores medical images in a universal format with a universal interface so that other systems can easily access it. By using a VNA, hospitals can ensure that all medical practitioners can easily access a patient's medical images if needed.
Business Associates
Under HIPAA, medical practitioners -- known as covered entities -- are allowed to share patient information with third-party entities if those entities take the appropriate measures to protect the information from unauthorized use or disclosure. If a hospital is seeking advice on how to treat a rare disease from which a patient is suffering, for example, it may share the patient's information with a research organization or another medical practice. HIPAA allows hospitals to share patient information, but only if they implement physical, technical and administrative safeguards, which are the same requirements for covered entities.
The old days of storing patient information in paper files are long gone. Most hospitals have switched to electronic storage solutions, including those mentioned here. It reduces overhead, improves accessibility and offers a more secure storage environment.
No comments:
Post a Comment