Home               Contact Us                  Links                     Disclaimer   

Search:

 

SUBSCRIBE (always Free)

  • To our Medical Device news subscription

  • Article Notification (every time a new one is added)

  • Newsletter

Subscribe

 

 
   


Medical Devices and HIPAA (Health Insurance Portability and Accountability Act) A Basic Introduction in plain English

....cont'd

  
   

 

  

 SECURITY STANDARDS AND PRIVACY STANDARDS

There are two methods that HIPAA uses for protection.  Namely security standards – including ensuring that information can not be corrupted, damaged or lost and Privacy standards – ensuring that information is kept from

inappropriate disclosures.  In short these address the underlying principle of maintaining confidentiality.

It is not acceptable any longer to have information backed up on a floppy and kept in a drawer.  The problem with this is that the information can become lost permanently in a fire – destroying both the record on the server and the backup on the floppy.  This important detail has resulted in services sprouting up that work to store your information in “warehouses”.  Some of these services have nicely integrated with the overall move of hospitals towards adopting Picture Archiving and Communication Devices or PACS. 

In this day and age radiology ‘light boxes’ are ever changing to the more efficient PACS systems.  In essence x-rays are either captured directly on digital media or are scanned in at a later time.  In both instances the images are kept and even diagnosed from computer systems.  Diagnosis is made off of high resolution monitors (2MP or in the case of mammography 5MP monitors). 

This move to the digital media has nicely co-evolved with the implementation of HIPAA.  Hospital administrators looking to implement PACS type devices should specifically asked to ensure that the products are HIPAA compliant.  A quick scan of manufacturers (at the time this article was written) showed that only a handful of PACS suppliers actually advertised as HIPAA compliant.

Third Party (off site) storage of Health Information should be initiated with an Agreement (or contract).  Such agreements ought to be drafted up by a lawyer specialized in HIPAA.  The reason being that the agreements can become complex especially if there are several parties privy to receiving the Health Information stored. 

Start of Article                                  ...Next (more)........

    
  © Medical Device School 2005