When It Comes To HIPAA, No Departments Data Is An Island
By
As the healthcare industry continues to evolve, healthcare organizations are challenged to continue to provide high-quality, cost-effective care, while dealing with HIPAA privacy and security compliance issues.
In the past, data management and storage of critical patient, purchasing and compliance information was handled departmentally, and as a result, “islands” of disparate information were created across the organization.
With the advent of HIPAA, these past storage strategies are no longer viable, as organizations are faced with a significant additional burden and cost of meeting privacy and security requirements for all health information within the organization. As the healthcare enterprise begins to develop strategies that will conform to new federal regulations, it is critical to take a centralized enterprise view of data management, patient archival, disaster recovery and data security needs.
Organizations in the past have experienced three primary data management and storage needsbackup and restoration of data, disaster recovery, and patient image archiving. These organizations were faced with implementing and managing information systems to meet these needs, while maintaining stringent cost controls.
HIPAA mandates that organizations comply with additional privacy and security requirements for all health information. As a result, healthcare enterprises are challenged with addressing the inherit issues surrounding the existing islands of information throughout the organization and moving to a more centralized approach to data management.
The IT department in a healthcare enterprise has traditionally been concerned with the business needs of the hospital, and the departments involvement was primarily administrative (i.e., patient registration, billing, insurance and medical records). The amount of data actually generated by these activities is relatively small when compared to the total amount of data that is generated across the entire healthcare enterprise.
As digital modalities such as CT, MR, CR, digital mammography and digital cardiology were introduced, individual departments had a need to store the “raw digital” data, as well as a representative subset of this data in the form of films.
Because of the limited role the IT organization played, IT managers were often unaware that these archives were being installed by departments, or they had given their consent to have these archives maintained locally and outside of their control. This was due to the lack of resources to handle the large amount of data that these digital modalities generated.