We now have the technology to unlock devices with our faces, but that doesn’t mean that we are immune to data loss as a result of poor image management. Here’s a question, how do you manage your patient medical images? Do you store them in a local hard drive, filing cabinet, image router, or onsite PACS? If you selected any of these options, it is likely that you are possibly one of many victims to data loss, and if not - you still have time to take the measures to protect your patient's private health information (PHI). 

If you are under the impression that even thieves have honor when it comes to keeping hospitals and healthcare practices off of their hit list, think again. No business is safe from theft. In fact, in 2014, an outpatient facility in California was robbed. During the burglary many things were stolen, one of which was a thumb drive that held medical imaging records of nearly 34,000 patients. Now before you go to judge the reason why this thumb drive was just laying around available for anyone to just pick it up, note this: it was the practice’s backup strategy. That’s right. This thumb drive was intentionally created by the staff in case there was an emergency situation, so that patient records would always be safe and available. While these folks were probably think that by taking this “precaution” they were avoiding the hefty fines allotted by HIPAA, they were so very wrong.

How To Protect Yourself And PHI

While it doesn’t take much to violate HIPAA, it really doesn’t take that much effort to ensure that you are not crossing a line. HIPAA fines can cost an upwards of $1M, and don’t even get us started on how the GDPR is changing everything. If you don’t already know about what GDPR is and how it affects you (because it does), click here to read more on the differences between HIPAA and GDPR.

There are many ways to protect your patient’s confidential information, and in return, protect yourself and your business from the chaos that comes with a breach. Here are some easy things you can do to become proactive and avoid HIPAA coming for you and your livelihood.

1. Don’t ever use a physical hard drive as a backup. Learn from the mistakes of others. That hospital robbery costed the institution big time. The rule of thumb should be as follows: if you can pick it up and walk with it, it’s just not secure enough.
2. If your backup is at your site, it doesn’t actually count as a backup. That means if you are using an image router or local viewing station at your physician business, you are at risk of being noncompliant. Here’s the take away lesson: if your data would be lost forever if your practice burned in a fire, you’re at risk.
3. Don’t trust your vendor. Now, that sounds a bit dramatic. However, there are many vendors and PACS administrators out there that don’t practice full compliance in all of their offerings. It does not mean that they are not worthy of your business. It depends on what services you are using. However, just to make sure that you are in the clear, contact your vendor as soon as possible.

Final Thought

Think your practice and patient PHI is safe? Think again, because chances are that it might not be. Having the right type of backup implemented is absolutely critical to avoiding permanent data loss as well as hefty fines from HIPAA. In order to avoid getting into trouble with compliance, put your best foot forward and find out if you are taking the measures to stay in line and off of HIPAA’s radar.