Healthcare is a people business, and collaboration among people is core to delivering effective care. On the other side of the spectrum, we are also very sensitive about our health information because we value our privacy. These two values can come into conflict when healthcare professionals are trying to provide care. The easier it is to share and access information, the more likely it is that we will have good care outcomes. At the same time, this also creates more opportunities for data leaks. Finding the right balance can sometimes feel like being stuck between a rock and a hard place.This tug of war has existed for some time, but is coming to the forefront as the focus in healthcare shifts from fee-for-service, to value-based care. Why is finding middle ground so important? If information is too hard to share, users may seek out HIPAA–risky ways to do so on their own, which opens organizations up to potentially costly data loss and legal risks.
In the world of medical imaging, this topic holds the spotlight. One way to approach the situation is by putting medical imaging data in the center and then surrounding it with the most robust solutions for physical security, end-to-end encryption, user management, and auditing. This specifically means relying on technology as well as policies that govern data access, audit trails, remote monitoring, and business continuity. Keep in mind that as we enter a new era of collaborative care and interconnectivity, controlling access to data is just as important as how it is shared and stored.
Implementing cloud-based services allows healthcare providers to achieve necessary data security and availability. One of the most important requirements is to use a platform that provides the flexibility to support many different workflows, preferences, and permissions, while offering the visibility you need to oversee it all.
As you consider cloud image management make sure to think about the points below to help you strike a balance between security and usability.
In order to simplify image sharing and collaboration in the cloud, you’ll need a powerful way for administrators to centrally manage user privileges. A“role-based” permission system is a scalable way to define what activities a user is allowed to execute. Essentially, this approach to managing users makes it easy to apply granular control over “who gets to see what, and when”.
A gateway is a Windows-based software application that is installed on a server, workstation, or virtual machine. It communicates with DICOM devices (PACS, modalities, workstations, etc.) to send and receive medical images across the network. Gateways compress/decompress and encrypt/ decrypt medical images transferred to and from the cloud. The advantage of using gateways is they are much easier to install and maintain than the alternatives, such as virtual private networks.
Of course, the devil is in the details. That’s why you’ll need a variety of custom settings to help fine-tune security workflows. These customizations can be referred to as last-mile settings and include session/password expiration, single-sign on, anonymization of personal health information, custom fields, etc.
Last but certainly not least, having insight and the ability to continuously monitor account activity is key. Having a 360-degree view and log info provides visibility into which data has been accessed and shared inside the four walls of your institution and beyond. The more analytics and audit trails the better.
More and more MDs are citing innovations in healthcare IT as key to their practice. How are you balancing patient privacy and convenience? Let us know in the comments section below.