From the November 2016 issue of HealthCare Business News magazine
Before the advent of the smart-phone and tablet, it was relatively easy to secure image data and its associated protected health information by locking down the computers on the hospital network that were capable of accessing the department PACS and its radiology and cardiology images, and being somewhat careful about logins/passwords and timeouts.
For most of the other “ology” and “oscopy” departments and clinics that actually created and used clinical or diagnostic images there was no PACS, so security was somewhat simplified because their paper-based images or videotapes were rarely loaned and easily secured in the department files.
With the advent of the smartphone and tablet, the clinicians eventually succeeded in pressuring the IT department to approve the use of their personal devices to install thin client applications that would allow them to download images from the local PACS through the PACS zero or near-zero clinical viewing applications. Unfortunately, these same personal devices were also digital cameras, and so began the era of multimedia or mobile imaging. Today, still frame and video digital cameras, smartphones and tablets can be used throughout the health care organization to create a broad range of diagnostic, procedural or evidentiary images. Consequently, many departments and clinics can now easily become digital “imaging” departments. Dermatology, surgery, intensive care, anatomic pathology, the burn unit, the emergency department are but a few examples.
A PC can become the department’s “PACS archive," and assuming a degree of effort is made to establish and manage its network connections, as well as an active directory to manage user logins and passwords, a reasonable level of security can be achieved. Better yet, all of these departments and clinics could pass off the technical support and security issues to IT by arguing that these new imaging sets should be stored in a suitable PACS or the vendor neutral archive.
Unfortunately, in many health care organizations, a more standardized and formal approach to managing and providing security for this type of image data is frequently postponed or overlooked. The more serious problem is the practice of informal imaging, or as I refer to it, the “one-man imaging department.” In this use case, individuals are using their personal devices to capture clinical images and associated patient identifying information that is then kept on that device, or transferred to a thumb drive, back-up storage device, laptop or desktop computer, devices that are not behind a firewall or protected by any security measures besides a personal login.