If your practice already has an onsite storage system for your medical images, you might be considering deploying a cloud picture archiving and communication system (PACS) or hybrid (a mix of cloud and onsite storage) to increase the accessibility of your studies.
Apart from being disrespectful of the patient's privacy, sharing medical images in a HIPAA-noncompliant fashion can expose you to large fines and potentially criminal liability. But what exactly constitutes a HIPAA violation? In theory, the nature of HIPAA violations is straightforward: sharing what's considered to be private health information with someone who's not supposed to receive it.
But from this simple definition, HIPAA violations can take many forms: exposing a patient's medical images to a vendor who does not have a Business Associates Agreement (BAA), sharing images with a family member or spouse without the patient's written consent, losing a laptop computer or cell phone containing protected medical information, or even forwarding a medical image to the wrong email address.
So what are the guidelines for not violating HIPAA, and what steps can you take to reduce your risk even further?