- CHICAGO – Patient health data security continues to be an important discussion point at HIMSS15, and it is not an issue relegated to just EHRs. HIEs are also working to ensure that they are using secure systems to transport patient data, including medical imaging records.
Greater Houston HealthConnect has been using a cloud medical image exchange through DICOM Grid. According to HealthConnect CTO and Privacy and Security Officer Phil Beckett, PhD, the exchange has been beneficial from a patient safety standpoint and is also assisting physicians in their daily workflows.
Not only are these types of medical images critical to a patient’s health records, they’re also expensive to conduct, and they expose patients to a certain amount of radiation. With a more thorough way of transporting records, a patient will not have to undergo superfluous tests, such as CT scans, Beckett said in an interview with HealthITSecurity.com.
“From a radiologist’s workflow, they always need a prior study,” Beckett said. “If they’re going to read a mammogram, for example, being able to have access to that prior [test], they can’t finish their reports unless they have access to the prior.”
Moreover, the exchange of information is much faster than previous options, he explained. The DICOM version is almost in real-time, which “really adds value to the health information exchange, to the providers in the community, and to the patients,” Beckett said.
In terms of health data security, Beckett said that HealthConnect has a federated model, so information is not moved unless it is requested. Information is also encrypted and transferred through VPN tunnels. The two end points are both certified, he added, and the HIE’s web services have transport layer security (TLS).
“It’s critical that there is encryption both when the data is static and when it is in transport,” Beckett said. “We can do that with digital certificates, the same way that others do.”
HealthConnect also does not keep any patient data stored, Beckett explained, which cuts down on cybersecurity issues.
“We don’t keep it,” he said, in reference to the patient data. “So we try to leverage existing security and not store data. We ensure that only authorized users have access. Then with our end points, they’re using that extra layer of security. We know where it’s coming from and where it’s going to.”
Looking ahead, Beckett said that HealthConnect hopes to move toward a more automated workflow. Currently, it’s a manual query approach, where clinicians or technicians need to request certain medical images or studies.
“As an HIE, we need to deliver value,” he said. “Physicians and clinicians have too much data already. We don’t need to pile more on. It’s got to be smart. It needs to be the right data, the right person, at the right time, and in the right format to make the right clinical decisions.”
Moreover, Beckett said that data security is his largest concern for 2015. Data breaches are announced in the news nearly everyday, and HIEs are so dependent on trust it’s essential to have strong and comprehensive security measures in place. It’s important to ensure that data remains secure throughout the entire exchange process, he said.
“If an HIE has a breach it’s over for that HIE,” Beckett said. “Things are so dependent on trust: with both the participants who you’re exchanging data with, and also with the patients. We need to be super vigilant about that and take every step and go beyond the minimum necessary in order to provide secure transfer of data.”