From The Editor

RSS

By Amy Lockton

Stolen laptops or other portable devices with unencrypted Protected Health Information (PHI) is probably the biggest threat most organizations face in regards to HIPAA breaches. From my experience, a common piece of PHI that is stored on a physician's laptop would be clinical pictures from a patient encounter. Notification of a breach would be required if, based upon thoughtful reasoning and analysis, it was determined that the PHI elements, individually or in combination, could point to a specific individual(s). A full face photographic image of a patient would certainly qualify as well as any other photographic image where unique identifiers can be attributed to a specific individual like name, MRN, DOB, etc.

Utilizing an enterprise content management (ECM) solution not only provides security to maintain compliance with privacy initiatives, but also makes the images accessible to all authorized individuals.

One CIO I recently met with was spurred into action when a camera containing patient sensitive photographs was stolen. With further discovery, it was determined that the institution was being put at risk in many departments. That institution is currently putting together policies and procedures around the collection, indexing, and storage of clinical photographs which will utilize their ECM solution. In conjunction with this initiative they are also developing policies and procedures around the subsequent deletion of those images from portable devices.

Have you considered an ECM solution to protect your clinical photographs?

SOURCE: Perceptive Software