HIPAA Act and the PACS

¶ … HIPAA act and the PACS program to determine whether they collide or coincide with each other.

PACS, the privacy issues

For the past few years the laws in health care with regard to privacy have created a bottleneck effect in many of the industry areas. Those who work in the health care field have had to secure privacy statements, insurance protocol has changed dramatically and many other areas have been addressed in a manner intended to improve overall care of patients, but in reality have also caused many obstacles to be overcome.

As the medical community continues to involve many new technologies have come forth to make the delivery of health care more accurate than ever before. One such technology is the PACS system that is used in the field of medical imaging. The PACS system fine tunes the use and delivery of medical imaging results through the use of digital technology. It allows patients and doctors to access information much more quickly than was possible in the past thereby creating more efficient means of health care delivery. While this is an exciting new ability in the field of medical imaging those who utilize it must take care not to violate the many restrictions that the HIPAA laws have placed on sharing of information without the patient's permission.

PURPOSE of the STUDY

The purpose of this study was to discover whether PACS and HIPAA collide or coincide with regard to the privacy afforded to patients in America today who enter the health care system and need medical imaging completed.

HYPOTHESIS

The working hypothesis of this study is: if PACS is utilized correctly and the proper security measures are put into place then the HIPAA laws will coincide with the PACS system and deliver the most secure, efficient information possible to patients and doctors across the nation.

DISCUSSION THROUGH LITERATURE

Before one can begin to determine whether HIPAA and PACS coincide or collide it is important that one first have a grasp on the two systems and how they operate within the health care industry.

Once one has a firm understanding of both systems and their workings one will be able to see the obstacles that they present to each other and the dovetailing that they share.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) is an act that was mandated to take full effect in 2001 and it is designed to protect the privacy of health care consumers when it comes to sharing information about their health. It also protects the information about the consumer being openly discussed or having their identity divulged without their consent (HIPAA http://www.hhs.gov/ocr/hipaa/).

While HIPAA is undeniably useful for the purpose of protecting the privacy of health care consumers in America it placed a significant burden on the health care industry with regards to its implementation (Glaser, 2000).

HIPAA's birth and legislation provided avenues to force the hand of health care industry workers with regards to standardizing the protection of privacy of the consumers that it serves.

It also provides protection for the health care providers as it also protects their privacy when it comes to having their name divulged without reason. One example of this is when one enters calls a hospital emergency room and asks what doctor is on duty one uses to get an answer. Today, the person is told that the HIPAA regulations prevent that information from being given out over the phone or in the waiting room.

In addition to protecting identities of both employees and patients within the health care field it also standardized the use of codes for the practice of insurance claims. This federally mandates program is meant to streamline insurance processing by providing one sent of codes that will be use throughout the industry.

Where HIPAA and PACS intersect significantly is in the area of security and privacy. Congress passed laws giving the health care industry until January 1, 2000 to fully implement the privacy standards that the act calls for (McClure, 2000).

HHS issued the proposed rule for privacy standards for individually identifiable health information, which seeks to protect the privacy of medical records that are transmitted or stored electronically and the paper printouts of these records (McClure, 2000)."

These regulations standardized and reduced the ability of medical imaging personnel to share information about their patients with regards to test results and test procedures.

While this was a positive step in the protection of the privacy rights of the consumer it had the potential to create a bottleneck of congestion in the medical imaging field and patients were contacted to provide permission and physicians and other health care providers waited to get results to order the next step in their patient's care.

PACS

The mandates that HIPAA puts into place for the privacy and protection of those purchasing health care are important but it is important that they don't place undue and unnecessary stress on other systems being used within the health care industry. One of those systems is the PACS system. It is a system that promises to revolutionize the medical imaging field.

PACS has commonly been referred to as a crowd pleaser because of its ability to share information with several people at the same time with an almost non-existent wait or delay.

In addition the proper use of the system provides privacy and security so that it complies with the measures mandated by HIPAA.

Before PACS came on the scene the field of medical imaging was fraught with issues because of time delays between having the procedure done and getting the results to the doctors and other health care professionals that needed them to make important health care decisions for their patients (Kywi, 2005).

One would typically have the procedure completed and then one would have to wait several days at the least to have their doctor find out the results. This proved to be problematic in situations where speedy results could mean more effective, earlier treatment.

Problems including gallstones and kidney stones would create significant pain and discomfort for patients who would sometimes wait three to five days to get the results and be scheduled for surgery. More importantly those delays sometimes meant issues would worsen with the liver and other organs of the body.

Also, healthcare delivery was occasionally jeopardized because some studies or reports were misplaced or not returned by users, leading to incomplete records. Patients, too, were inconvenienced. The many steps involved in imaging, interpreting the image, dictating a report and communicating the report to the patient's physician could take several days, which increased patients' anxiety about the results and delayed the next stage of their care (Kywi, 2005)."

The PACS system of approaching the field of medical imaging included several steps that created a more smooth flowing exchange of information between the medical imaging departments, the physicians and the patients.

Some of the benefits that occur with the PACS system include:

physicians to have access to all radiological images from their own computers;

clinicians at different locations to be able to simultaneously view the images;

access to images and reports to be nearly instantaneous, to improve both the quality of healthcare delivery and the efficiency and productivity of staff;

to create a digital archive that would help ease the process of comparing current images to past exams;

to make a complete break with the world of film (Kywi, 2005)."

All of these advantages lead to one outcome, better health care delivery to the consumers. Physicians no longer have to wait until a courier delivers results from tests that they have ordered. With PACS they can sit at the computer in their office or at home and pull any results that they need.

With PACS physicians no longer have to send one set of films or results to specialists one by one as the patient sees them. With the click of a mouse and a few well placed signals from the keyboard many physicians or clinics can view the results at the same time (Kywi, 2005).

The PACS system provides many benefits to the medical community including cost reductions. It has been estimated that almost half a million dollars are saved annually in chemical and film that is no longer needed.

PACS is also responsible for boosting productivity and has been credited with improving the use of resources. When a physician needs to examine a study or procedure that has been completed in the medical imaging field he or she can retrieve it almost as soon as it is completed without having to wait for results to be sent.

The system also provides a video radiologist clip that provides insight to the study without making the physician wait to talk to a "live" staff members.

This means that instant results are available thereby allowing the physician to make important health care decisions for patients without having delays that could be dangerous or costly.

If a physician wishes to consult with a technician or radiologist he can do so in real time. They each get on the phone, pull up the image on computer and discuss the image and the results and what the results indicate.

One recent study measured the productivity benefits of using PACS and the participants, all radiologists estimated there was a 100% increase in productivity for CT scans, MRIs and ultrasounds (Kywi, 2005).

Overall PACS has provided a new and innovative method for physicians to utilize medical imaging to their highest potential.

COLLIDE or COINCIDE

While the PACS system is undeniably important in the world of medical care because of the advantages that it provides. It creates a speedy, accurate and instant result to tests which doctors can pull up at their desk and view almost as soon as the procedure is over with. With the new abilities the system allows it has revolutionized the medical imaging field as well as many aspects of total health care.

With the decision to implement HIPAA laws the government placed mandates on health care professionals that threatened to stretch the very fabric of its boundaries. Many areas of health care had to make some significant changes in order to comply with the HIPAA regulations. The field of medical imaging was revolutionized with the implementation of PACS however, there was concern about the ability to comply with HIPAA while still using PACS to its fullest advantage.

Experts agree that only using PACS some of the time and still depending on paper and film would greatly reduce the effectiveness of PACS on productivity and health care ability in the area of medical imaging.

One of the very benefits of PACS threatens the core process of HIPAA. PACS is a field wide ability to produce medical imaging results to physicians faster than ever before in history. It allows the instant transmission of data to parties at the other end of the connection (Gater, 2004).

HIPAA provides mandates that protect the identity and many other aspects of a health care consumers life with regards to their medical needs.

On the surface it would appear that HIPAA and PACS are in direct opposition of each other with regards to privacy and security.

And if it could be found that HIPAA and PACS collide in their ability to deliver services with security then legally PACS would have to be modified or dismantled all together which would put the field of medical imaging back many years.

While there are concerns about PACS and its ability to maintain the health privacy and security standards set up by the government with HIPAA it is possible for measures to be taken that will insure PACS can continue being used while at the same time maintaining compliance with HIPAA.

The biggest concern when it comes to the use of PACS with regard to the compliance with HIPAA is the security and privacy issue. Those who are concerned believe that the instant transmission of data over a computer connection presents a risk that information will be provided to those who have not been given permission to access the information by the consumer. This leads to concerns of liability for the health care providers and anyone who was involved with the transmission of that information.

If PACS had not become an accepted standard of medical imaging delivery than there would be little concern about the ability to comply with HIPAA standards of laws as the entire medical imaging report and test result would be confined to one area. The patient would have an authorize the sharing of that information with certain entities and provide the name and address of those who would be allowed to see the results. The medical imaging department would then send by courier the results that had been released and they would be signed for at the receiving physician's office.

This would be a safe guarded method that would insure that HIPAA laws were being complied with. However, in light of PACS and the revolutionized abilities that it has provided to the medical community, few if any health care workers would volunteer to give it up to go back to the pervious methods of waiting for days to have results delivered to them through a courier or the mail.

With the advances that PACS has provided for the medical imaging field as well as those that depend on the field for their medical needs it would be a significant disservice to society to stop its use at this point in history. Instead it is important to maintain its use and continued improvement as technology avails itself to such advantage.

The laws of HIPAA are federally mandated therefore PACS is bound by them as well as anyone who uses the PACS system for the storage, retrieval and transmission of medical imaging procedures that have been performed on patients.

When one examines the true scope and depth of the PACS system however one will see that it is indeed a system that coincides with the expectations and mandates of the HIPAA laws.

The first indicator that PACS dovetails with HIPAA is the need for passwords and various codes to get into the system and maneuver around its components. When PACS is first installed there is a training period in which those who will be working with the medical imaging department will be trained in how to use passwords and codes to open and enter the system. In addition, many hospitals and other medical facilities have opted to change and rotate passwords on a frequent basis thereby reducing even further the chance that the information contained within the storage area of the system will be accessible by a hacker.