5 keys to consider when storing and transferring medical images
The process of storing and transferring large medical images—such as CT scans, MRIs and X-rays— is a critically important one, and not without its own set of complications.
Thanks to the information age, it's not just radiologists, specialists and physicians who use these images; patients empowered over matters of their own healthcare are interested too. With new advances in technologies and as the use of medical images become more widespread, it's important to be aware of the issues surrounding them.
Here are five keys to consider when it comes to sharing and storing medical images:
1. File encryption
Privacy and security issues are well documented when it comes to medical records, including electronic health records. In fact, health care data breaches have already affected more than 30 million patients. Whether stored on in-house servers or through a third-party provider in the cloud, it's important that all medical records, including image files, be encrypted.
Patient privacy is essential, but professional thieves, hackers or—in many cases— rogue hospital or medical center staff or employees, are all too willing to exploit such information. Therefore, hospital radiology and cardiology departments, medical imaging centers, physician offices, and any other medical organization working with such images must ensure files are encrypted to securely protect patient privacy. This includes not only when housing these images, but when sharing them with specialists, physicians, or the patients themselves.
Optimally, image files should be encrypted with a unique non-deterministic encryption key (as opposed to a fixed one used, whose passwords can be hacked). Using this method ensures all the encrypted data remains protected if there is a security breach on the server side, as no encryption keys can be accessed.
2. Vendor neutrality
All medical images should be accessible by multiple vendors and not saved and stored in a proprietary file format. As the medical community expands the use of images, it becomes increasingly important for images to be more widely accessed, stored and distributed. More and more departments within medical organizations now rely on the availability of these images on their picture and archiving communications systems (PACS) servers. While most employ a standard interface and format—such as digital imaging and communications in medicine (DICOM)—proprietary software and protocols are sometimes used to achieve optimal workflow, leading to non-standard practices as images are archived.
A vendor neutral archive (VNA) separates the capture and distribution of images from the archiving process, so that one proprietary solution doesn't handle all functions. VNA vendors incorporate common standards as much as possible into their systems, enabling greater archive use and retrieval. This solution provides assurances to departments and organizations needing to archive medical images that—in addition to collaborating more widely with internal and external parties interested in the information—they can also efficiently switch systems should a vendor fall in disfavor.
Medical images present unique challenges beyond those of other medical records. Medical images require extremely large files sizes for storing and transfer, and the data size will only continue to grow. Medical images used in active cases must be quickly and conveniently accessed, but the same goes for cases that are inactive as a patient's medical history can be invaluable at a later date. Therefore, storing and archiving of image data becomes problematic over time if storage needs aren't adequately addressed.
Servers can become overwhelmed with data, rendering themselves inefficient or ultimately incapable as the numbers of image files mount. Thus, organizations need to seek solutions early on. One way is to use virtual servers in the cloud through cloud-based services that automatically scale according to data needs. Cloud vendors can save healthcare providers as much as 50 percent in hardware costs when compared to scaling their needs in-house. In addition, the cloud enables providers to share images more quickly and conveniently, since—because of their large data size—they must otherwise be saved on CDs and shipped to their destination.
4. HIPAA compliance
Security issues concerning the storage and transfer of medical images also find their way into areas of compliance and non-compliance. HIPAA places responsibility on healthcare providers to ensure the privacy and security of their patients' records. All personal health information (PHI) is covered, but electronic PHI (ePHI) is regulated by a stricter security rule since non-compliance is more likely to affect up to thousands of patients all at once. If a hacker breaks into the system or information is lifted from a stolen laptop, patient privacy is compromised. Breaches of this sort bring unwanted publicity, patient mistrust, and steep HIPAA fines.
That's why adopting standards like DICOM and PACS is one significant step, but encrypting image files, as mentioned earlier, is not only the right thing to do for maintaining patient privacy, it also protects medical providers from significant financial losses. For an initial offense, HIPAA fines can be as high as $50,000. After that, they escalate accordingly. Therefore, medical providers need to ensure the privacy and protection of medical images—and all electronic health records—through encryption and other means to protect their own best interests as well as those of their patients.
5. Leveraging the Cloud
For storing, handling and transferring all medical records, including medical images, the medical community is rapidly adopting cloud-based solutions. For radiology departments, imaging centers and other offices working primarily with medical images, having image files on an in-house PACS server is something that won't change anytime soon. Active patient cases necessitate the ability to rapidly access these images for viewing and having them in-house makes them most accessible for those who most need them.
Cloud services, however, like SurMD and our free Surlink exchange service, help solve the needs of medical providers to securely store, archive and share electronic medical records, and solve the scalability issues raised by the large medical image files. Solutions like ours offer encryption of the highest order, and are HIPAA compliant. Since most breaches are the result of on-site theft—more than 83% of patient records breached in 2013 resulted from theft, typically from criminals stealing unencrypted laptops from health providers and their business associates--storing archived images in the cloud protects providers from such events.
Also, using the cloud saves valuable time for providers needing to share archived images. Instead of having to ship CDs between offices, users can share image results easily using the cloud. For instance, sharing files with Surlink involves inputting the sender's email address along with that of the recipient. Users can upload up to five files and generate a passcode that the recipient must include before accessing files on their end. The process is quick and simple to learn.
Storing and transferring medical images involves many factors, and it's important that medical providers employ a set of best practices when handling images to ensure effectiveness and efficiency in the healthcare system, and, just as importantly, patient privacy and security. While each of the keys outlined above is important in its own right, medical organizations will find the best results when incorporating all of them together.
Yvonne Li is a technologist and business development executive. She is an expert in cloud storage, healthcare data exchange, Internet business models, SaaS and content engagement platform design. She is the co-founder of SurMD, a cloud storage technology company and has launched a line of HIPAA- compliant cloud services. Li currently serves as VP of Business Development, at SurMD, and can be followed on Twitter at @mySurMD
The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.
© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.