HIPAA compliance is an existential issue for medical businesses, especially if they use special-purpose software and mobile applications (e.g. mobile imaging operators). HIPAA (Health Insurance Portability and Accountability Act), adopted in 1996, includes a set of legal requirements for protecting sensitive patient information from unauthorized access or leakage. Medical institutions, their staff, and software they use must meet the criteria of physical, network, and process security. Today we will review a few common security tools used to protect data exchange in imaging diagnostics.
TLS (Transport Layer Security) is an encryption protocol that provides secure data communication between network nodes. It is widely used in web-based applications, as well as email and instant messengers. The primary function of this protocol is to prevent unauthorized access and traffic analyzing via so-called “sniffers.” This protection feature can be used in teleradiology to ensure the secure transmission of sensitive patient data, such as medical images. The DICOM protocol commonly used in medical imaging does not originally use TLS, although the relations between DICOM and TLS are specified in DICOM standards. So, to provide secure communication, you can hire an IT expert to “stream” your DICOM connection through TLS or find a ready-made solution.
SFTP (Security File Transfer Protocol) is a file exchange protocol, which is more secure than basic FTP. The underlying technology, SSH (Secure Shell), is a reliable and secure way of connecting two remote systems to exchange commands and data. The linked systems use authorization to “recognize” each other before they start sharing any information. For example, if two facilities need to exchange medical data, such as reports, progress notes or images, then using SFTP is a reasonable and simple solution. If the two systems use different standards (e.g. HL7 and DICOM), it may require a lot of data mapping and format conversion work, but SFTP certainly does its job as a file exchange means.
Direct messaging (also known as Direct Exchange or simply Direct) is a special-purpose encrypted protocol for exchanging medical information in the form of text messages and attached files. It is similar to web-based email, however, there are some crucial differences. It is managed by specialized providers – HISP (Health Internet Service Providers), cannot be accessed by non-Direct users, and has some additional tools. Being an integrated feature of modern EHR systems, it is user-friendly, standardized, and HIPAA compliant.
VPN (Virtual Private Network) technology is widely used in various industries. As for imaging diagnostics, VPN can provide encrypted links between, for example, a PACS server and a remote client. Currently, a lot of providers claim that their services are secure enough and meet the requirements of the healthcare industry. Some experts consider such networks safe and entirely HIPAA compliant. However, VPN users stay provider dependent, even if the connection is encrypted strongly enough.
These are the most common tools for keeping protected patient information secure. We could also mention end-to-end encrypted messengers, PGP, and more. Besides, you can get the ultimate solution, which combines multiple protection features and helps you stay 100% HIPAA compliant.
And does HIPAA compliance guarantee complete security? Technically, it doesn’t, although the requirements are strict and sophisticated. However, the damage may be too severe if you ignore them and use open email networks instead. We use those every day for common communication, and the probability of leakage is relatively low. But when it comes to patient information, even a single case of unauthorized access may turn out to be a costly matter. The overall penalties for each violation amount up to $1.5 million per year (while fines typically range from $100 to $50,000). So, you can analyze the financial risks and compare them to the costs of security tools.
[#20088] Option to sort invoices by patient name
We have improved the facility invoicing functionality of EMSOW. Previous versions of the system would always sort invoices by service ID. Now you can sort them by patient name. To enable this option, follow the path: Setup > Billing > Referring > Referring facilities. Open a facility record and click on the Billing tab. In the Invoices section, select Patient name as the preferred sorting mode, and then click OK.
To learn more about the facility invoicing functionality and other useful features for your imaging business, please contact us at firstname.lastname@example.org.
[#20089] “Remove” button in the Dispatch module
Now you can remove services from the Dispatch module. Select the services you need to remove, click Remove on the toolbar in the Results section, and then click Yes to confirm the action. Please note that once you click the Yes button, the service will be permanently deleted from EMSOW.
[#20085] Change study descriptions for dispatched cases in the Technologist Portal
The new version of EMSOW allows you to change study descriptions right in the Technologist Portal. Open the Studies section, select a date of service in the Date field, and click the Change study description button as shown below.
In the window that opens, start typing the new study name or its CPT code, or select the needed study type from the drop-down menu, and then click OK.
[#20074] “Uncancel” button in the Dispatch module
[#20064] Technician hours billing
The new version of EMSOW allows you to invoice a facility by the hours your technicians worked. Follow the path: Setup > Billing > Referring contracts. Start editing an existing contract or add a new one. In the Generic section of the Edit or Add new window, fill out the Technician hours rate field.
When adding an invoice, enter the hours worked. Then click Save.
The Quantity, Rate and Total technician charge will be stated in the invoice.
[#20045] Order the Resident Visit List by type of visit, patient name or room number
In previous versions of EMSOW, studies in the Resident Visit List (RVL) were always ordered by type of visit. Now you can order the studies by patient name or room.
Go to the Schedule module, select the Patient schedule tab, click on the Print button, and select Resident Visit List in the drop-down menu. In the Order by section of the window that opens, select Patient name, Room # or Type of Visit.
[#20033] New HL7 requests notifications
From now on, the HL7 Requests item on the menu bar will turn red if there are new study requests received through the HL7 protocol. Your dispatch will never miss a new order!
[#19902] Scroll through X-ray images with a mouse wheel
We have simplified your work with X-ray images in the EMSOW DICOM viewer. Previously, scrolling through X-ray images was done by pressing Shift and rotating a mouse wheel. Now you can do that with your mouse wheel only, no need to press and hold the Shift key!
[#20065] Service ID search filters in the Invoices and Payer Assignment modules
We have improved the search options of EMSOW’s billing portion. Now you can search exams by service ID in the Invoices and Payer Assignment modules. You will find the corresponding search fields in the Options section on the left.
[#20027] Auto-rotate uploaded JPEG images
Previous versions of EMSOW did not recognize the orientation of uploaded JPEG files. Therefore, some files were displayed incorrectly, e.g. a tech sheet that was intended to be viewed vertically might have been displayed horizontally or vice versa. We have fixed this issue, and now all the JPEGs are displayed correctly.
[#18753; #20022] Sending guarantor information through HL7
We have improved EMSOW’s interoperability with other healthcare systems. If you send images for reading to external radiology platforms that receive order information via HL7, now you can send insurance guarantor information in the GT1 segment of ORM messages. To add the guarantor information, open the Edit service window in the Processing or Billing module. By default, EMSOW defines the patient themself as a guarantor.
Clicking the Self button under the “Guarantor” label on the right of the Insurance section will allow you to change the guarantor relation to spouse, parent, other, employee, guardian, or life partner, and enter the guarantor information.
In the future, we are going to make it possible to send the guarantor information in electronic insurance claims as well.
[#19997] Search by invoice number in the Invoices module
We have added a new filter that allows you to search for invoices by invoice number. To use this feature, follow the path: Billing > Invoices. In the Options panel on the right, you will find the Invoice number field. Enter the invoice number you are looking for, then click Search. The system will display the referring facility or account for which the invoice was created.
[#19918, #19974] Flip and rotate tools in the DICOM viewer
Sometimes tech sheets come into the PACS system in a wrong orientation. We have added a simple tool that helps you fix such issues. Now you can rotate the tech sheets and images right in the DICOM viewer by clicking the Rotate right and Rotate left buttons on the toolbar.
In addition, the Flip image buttons allow you to mirror images horizontally or vertically.