Posted 8.13.13
by wpadmin
Blog

High-Capacity, Encrypted HIPAA Clouds for Medical Imaging Data Security

Any copy that should appear below the title and before the body of content of the resource.

A recent healthcare data breach was reported by HealthDataManagement.com as a result of a stolen unencrypted laptop, a component of a diagnostic imaging machine. Retinal Consultant Medical Group notified patients that their names, DOBs, gender, race and optical coherence tomography (OCT) images were stolen in June.

Although their privacy officer listed one of their remediation actions included increasing their physical security of imaging and other equipment, another way to keep very large medical imaging data safe is by keeping the data off of devices entirely and on a secure, encrypted cloud.

HIPAA Enterprise CloudWhile you may not have the resources required in a public cloud, a high-capacity, enterprise-class private cloud may be a good fit. A HIPAA enterprise cloud gives you completely dedicated compute, memory and storage; ideal for storage-intensive applications. Although not required, encryption of data at rest and in transit is also ideal for HIPAA compliance and securing protected health information (PHI). Enterprise clouds can provide encryption without affecting performance, depending on the quality of the infrastructure.

Picture Archiving and Communication Systems (PACS) is the electronic form of medical imaging; eliminating the need to use film. Using a combination of hardware and software for the storage, retrieval, management and distribution of images, PACs can use web-based applications that allow hospital staff to remotely access images and view them simultaneously. In order to view images securely, hospital staff can connect to the secure server hosting the data via a virtual private network (VPN) or secure website (HTTPS).

For remote access with VPNs, two-factor authentication can provide an additional layer of security by requiring authorized persons to provide username/password and a second form of identification using their phone. Read more about the technical security service, two-factor authentication for VPNs.

An SSL (Secure Sockets Layer) certificate is software that can encrypt data and verify the identity of a website, allowing web browsers to display a secure website. Read more about SSL certificates.

PACS requires your system, applications and data to be hosted in HIPAA compliant data centers and infrastructure – for healthcare software as a service (SaaS) companies that need to maintain storage and processing of large medical image files (X-rays, CAT scans, MRI scans, etc.) a HIPAA compliant cloud infrastructure as a service (IaaS) is ideal as it allows for true scalability and growth whenever resources are demanded.

The demand is definitely there – an analyst report from EMC and Frost & Sullivan reveals that in the United States, the rate of growth of PACS storage requirements are exceeding 20 percent annually, with cumulative PACS storage requirements tripling every four to five years.

Cumulative PACS Storage Requirements

Cumulative PACS Storage Requirements; Source: Frost & Sullivan

Frost & Sullivan report PACS storage requirements in 2015 is expected to be 10 times the total storage requirements in 2005 – potentially as high as 300k terabytes in U.S. hospitals alone.

With growing storage requirements and increasing oversight by the U.S. Dept. of Health and Human Services legislation regarding health data security, the cloud can provide a cost-effective, scalable and secure solution for medical imaging applications.

Related Articles:
Center for Democracy & Technology Clarifies the Healthcare Cloud
The Center for Democracy and Technology, a nonprofit public policy organization, has recognized cloud computing as a viable solution for data use – from email and document storage to specialized enterprise services such as CRM software and full servers. They … Continue reading →

What to Look for in a HIPAA Cloud Provider
The deadline draws near – September 23, 2013 marks the date of when both business associates (now including cloud service providers) and covered entities must meet the HIPAA Omnibus rule, released in January to update the 15-year-old law. A refresh … Continue reading →

References:
PHI Breach for Major Eye Care Group in Northern California
Picture Archiving and Communication System (PACS)
Medical Image Sharing and Management Drives Collaborative Care (PDF)

Get started with Otava now!

  • This field is for validation purposes and should be left unchanged.