Imaging in a HIPAA world
There are now many new rules and regulations regarding the protection and privacy of patient information.
The majority of dental offices now use some sort of image management system.
Whether it’s digital X-rays, intraoral cameras or digital cameras, dentists accumulate images on their computer systems.
As many practices know, there are now many new rules and regulations regarding the protection and privacy of patient information. For electronic data images, this is part of the HIPAA Security Rule. Unlike practice management data, however, image files are significantly larger and need to be handled differently. In this article, we will look at the storage of images, data backup and disaster recovery and how to share these images with other practitioners.
The biggest threat dentists face when it comes to patient images is having an unauthorized person access those images. This would qualify as a data breach, and the law is quite clear on what happens next. If a practice suffers a data breach, it must notify all patients in writing and the local media, as well as be listed on the Health and Human Services website, affectionately known as the Wall of Shame. However, there is one “get-out-of-jail-free card” and that is encryption.
If you encrypt the folders where the images reside and suffer a loss of the data, you are exempt from the Breach Notification rule. Because most offices have far more ePHI (electronic protected health information) than just images, I would almost always recommend you encrypt the entire hard drive of the server. Windows Server 2008 and Server 2012 have a free encryption program called BitLocker built into the operating system.