Enterprise Imaging Blog

Security and Compliance for All Unstructured Patient Content
Alternate text Posted by John Hansen on 10/10/2017 9:21:39 PM

Security and Compliance for All Unstructured Patient Content
The following is the second installment of a four-part blog series. To read Part 1, please click here.

An often overlooked – or perhaps taken for granted – benefit of VNA is security and compliance for all unstructured patient content. There is a lot to chew on in that sentence. Let’s break it down.
 

Content Types
First, I should probably clarify what types of content we’re talking about when I say “unstructured patient content.” We’re generally referring to the type of patient content that lives outside of the Electronic Health Record (EHR) such as, but not limited to: patient photos, videos, wave forms, PDFs, scanned documents, and of course, medical images (i.e. DICOM). Sometimes this is referred to as “multi-media content.” Other times it’s called “unstructured content” (in contrast to the discrete, structured data in the EHR), although this term is not universally accepted because some would argue that there’s plenty of structure in medical images. I can see both sides. The main point is that you should expect your VNA to be truly ‘open’ to all content regardless of source (the device or system which created it) and regardless of format or file type.

The Importance of Security & Compliance
When this unstructured or multi-media content is not stored and managed in a VNA, it often lives in unmanaged and/or unsecured departmental data silos such as network file systems or shared workstations, or even on clinicians’ personal devices like smart phones and tablets. While these silos create operational challenges and inefficiencies pertaining to backup and recovery strategies, another significant concern is that they often lack HIPAA-compliant access controls and auditing capabilities. This exposes the organization to unnecessary levels of compliance risk and potential litigation in the event of a HIPAA violation or PHI (personal health information) data breech.

A simple Google search will quickly provide enough cautionary tales to prompt any healthcare C-suite executive to make sure all patient content, regardless or source or format, is securely stored and managed in a VNA. As you can imagine, lawsuits abound.

Lifecycle Management
An important aspect of compliance also pertains to data retention. Your data can become a liability if you retain it longer than you are legally required to according to your organization’s data retention policies which typically take into account various state, local and/or national regulations. At Watson Health, we believe that you’re not truly managing your content if it’s not being managed throughout its lifecycle, including final disposition and policy-based deletion. A modern VNA should include robust Information Lifecycle Management (ILM) capabilities. If it doesn’t, or if you’re not taking advantage of them, you could be exposing your organization to risk.

Flexibility is Essential
The days when VNAs were only used to store DICOM images are long gone. But to take it one step further, your VNA provider should not prescribe what format to store your content in. It’s your data. You own it. If you need to DICOM-wrap your content for whatever reason, you should be free to do so (and there may be many valid reasons to do this in your environment). Likewise, if you prefer keeping your content in its native format, that’s your choice to make. A modern VNA should not only be flexible enough to support all content regardless of source or format, but also powerful enough so the format itself is decided by the customer and not prescribed by the vendor.
 
To have parts 3 and 4 of this blog series delivered to your inbox, please subscribe to the blog toward the top right of this page.
 
 
 

Share on: Add to Twitter Add to Facebook Add to LinkedIn
<< back to blog home

Enterprise Imaging Blog

Our blog covers topics related to medical images, including how to safely and securely archive, manage and share these important pieces of medical information. We also discuss issues related to imaging, such as industry trends, government regulation, reimbursement changes and much more.

Subscribe Via Email

Follow Merge

Search the Blog

© 2017 IBM Watson Health. All Rights Reserved. Privacy | Terms | Email Signup | Sitemap