What is HIPAA security? (HIPAA Act)

We analyze what this HIPAA law that ensures the protection of data and medical information consists of. We'll see how it fits today's needs when sharing sensitive information digitally.

The era of digitalization is increasingly engulfing the world. An important element of this new reality is the security of the information that is sent over the different networks. This becomes more important when it comes to Confidential content, which must be exclusively in the hands of experts, such as patient information.

This information is governed by what is contemplated in the HIPAA law. When a PACS system is implemented to manage and store clinical images, one of the objectives is that such studies can be transmitted over communication networks with several operating areas of a health center, through intrahospital networks, with other doctors and with the same patients.¹ An important point of this Information exchange is to be done in a secure manner.

How do PACS systems ensure security?

Seeking this security, PACS systems for medical imaging commonly work with two network systems that make it possible for these studies to be treated with privacy, integrity and authenticity. The first system corresponds to the connections that are shared with the hospital's Central Network Authority (CNA), and the latter has its own regulations, maintenance and management.²

The second system is the network itself of the PACS system, in which there is also a cover for cables and terminals in concentrators that support the information shield. Only authorized personnel working with these systems and medical specialists can access the medical images that support the software so that there is control over the use of information exchange.²

But who governs compliance with the appropriate management of medical images?

It can be difficult to prevent the leak and manipulation of information, and for this reason it has arisen HIPAA, the Health Insurance Transfer and Accountability Act in the United States. This law seeks to protect and secure patients' health care information, so that it can be disclosed to interested parties, enforcing a series of requirements for health centers.²

However, the DICOM standard that is used for medical images of different modalities also establishes security criteria for information exchange policies.² 

Because of all this, when choosing a PACS system, you should consider that it is governed by HIPAA.

What requirements does HIPAA specify?

Some of the most important requirements established by this law for the secure communication of medical information are:

• All patients who undergo medical studies have the right to see their results and obtain a copy of them. History must also be evidenced to evaluate the progress of a pathology.³
• Legally certified professionals can access patients' medical information in order to make diagnoses and make decisions about them.³
• Every health professional who works in a center in this sector needs to know what policies the institution applies to ensure the confidentiality of its patients.³ 
• Commercializing patient information is a crime with significant legal penalties (criminal and civil)⁴ And it's forbidden. This information can only be exchanged with the health center's internal professionals³ to respond to the patient.

It should be noted that in certain cases it may be required to disclose information without the patient's authorization, for example if it is a contagious condition, if there is abuse of violence, when organ donations are required or when the law requires it.⁴

How can the health center comply with HIPAA?

The main requirements of HIPAA are quite precise, but they do not impose a single way of ensuring the confidentiality of patient data and studies. The important thing is that each health center creates standards that protect such information, including clinical images, so that they are not altered or revealed to people who don't belong.⁴

To achieve the above, it is essential that each medical center uses systems that are shielded against cyberattacks or misuse of electronic data (even through carelessness) that can leak confidential information.

This is why quality PACS systems comply with these HIPAA guidelines.

Is Eden PACS HIPAA compliant?

Among the benefits of Eva PACS for the management, transmission and cloud storage of radiological images, is the complete guarantee of electronic security protocols and protection of confidential data.

Eden PACS complies with the electronic requirements of HIPAA. As an added value, patients will also be able to access their studies securely digitally. Finally, only authorized personnel will have access to patient information from the Eva system.

References

¹ National Center for Technological Excellence in Health (2009). Systems for image archiving and communication. Mexico, Ministry of Health.

² Huang, H.K. (2004). PACS AND IMAGING INFORMATICS BASIC PRINCIPLES AND APPLICATIONS. University of California, Los Angeles. P.:691

³ Merck Manual. Confidentiality and HIPAA (Health Insurance Portability and Accountability Act in the United States). Recovered from https://www.merckmanuals.com/es-us/hogar/fundamentos/asuntos-legales-y-%C3%A9ticos/la-confidencialidad-y-la-hipaa-ley-de-portabilidad-y-responsabilidad-de-seguros-de-salud-en-estados-unidos 4 Centers for Disease Control and Prevention. Health Insurance Portability and Accountability Act of 1996 (HIPAA). Recovered from https://www.cdc.gov/phlp/publications/topic/hipaa.html