Secure Medical Records Transfer Helps Indiana University Health Deliver Better, Faster Care
Secure medical records transfer is a requirement for any U.S. healthcare organization (HCO) interested in improving quality of care while supporting compliance with HIPAA, as this case study about Indiana University Health shows.
Indiana is known for a lot of things: Notre Dame football, the birthplace of James Dean and David Letterman, five U.S. vice presidents, the Indy 500, the Studebaker, Hoosiers, the first gas pump, the first machine gun, and lots more.
Indiana isn’t known, however, for an overabundance of pediatric neurologists. There are only a few of these highly specialized practitioners in the entire state, and most of them are located in Indianapolis, the state’s capital. This presents a problem – and potentially a life threatening one – if a juvenile patient living in Gary is suffering seizures and needs to have her EEG results analyzed by a pediatric neurologist working in Indianapolis.
Typically, this would require a two-and-a-half hour car ride (without traffic) across the state. Best case scenario, this is an all-day trip requiring mom and/or dad to miss a day of work and their daughter to miss a day of school. Worst case scenario, this is an ambulance or helicopter ride with a little girl’s life hanging in the balance. Either way, it’s a trip that everyone involved would like to avoid. Secure medical records transfer shouldn’t require a car trip, a helicopter flight, or combustion engine of any kind. Secure cloud services should do the trick.
Secure Medical Records Transfer with Kiteworks
Indiana University (IU) Health, a comprehensive health system providing a broad range of treatments, therapies and other care services to children and adults across Indiana, utilizes the Kiteworks secure file sharing and governance platform to bundle patient files from different systems and send them to specialists in other facilities and cities, such as the remote pediatric neurologist in the scenario above. Previously, secure medical records transfer in non-emergency situations required the medical staff at IU Health to copy data like sleep study results, x-rays, and other patient data onto CD-ROMs and ship them overnight to another medical facility. This was inefficient, costly, and did nothing to protect patient privacy. As a result, IU Health needed an alternative that was easy to use but also secure and compliant with HIPAA.
David Boyer, who formerly led IU Health’s video conferencing and telemedicine efforts, was tasked with finding a solution. He found in Kiteworks’ content collaboration platform a solution that met all of IU Health’s requirements. Security and efficiency however weren’t the only attributes that won Boyer over. Features such as a web user interface, email plug-in for Microsoft Outlook and Lotus Notes, and automatic scan and delivery of files were additional value adds for Boyer. Also, an email-like interface with no file size limitations made the likelihood IU Health’s staff would adopt Kiteworks, rather than a shadow IT solution or service, significantly higher. Since deploying the Kiteworks platform for secure medical records transfer, Boyer and the IU Health medical staff have realized significant benefits. Sending and receiving all of a patient’s necessary medical records in real time has dramatically accelerated the diagnosis process and, in turn, improved patient care. Jennifer Baron, former Director of IU Health’s telemedicine program summarizes: “What used to be done in two weeks can now be done in two hours.” When specialists are able to share patient records securely and efficiently, everybody wins. To learn more how Kiteworks helps IU Health with secure medical records transfer and how Kiteworks enables secure medical records transfer for healthcare organizations, schedule a custom demo of Kiteworks today.
Frequently Asked Questions
HIPAA compliance is the adherence to the federal standards set forth in the Health Insurance Portability and Accountability Act (HIPAA) of 1996. This includes requirements on the handling and protection of patient data, as well as patient privacy.
Protected health information (PHI) is any individually identifiable information related to a patient’s physical or mental health condition, the provision of healthcare, or payment for healthcare services. This includes names, addresses, Social Security numbers, medical records, and any other confidential information associated with a patient’s health.
Failure to adhere to HIPAA compliance regulations can result in civil or criminal penalties. Civil penalties range from $100 to $50,000 per incident. In cases of willful neglect, criminal penalties can lead to up to 10 years of imprisonment.
To meet HIPAA compliance requirements, your technology must offer secure data storage, access control, user authentication, encryption, audit logging, and activity monitoring. It should also offer the ability to restrict access to data based on the user’s role and authorize individuals to have access only to the data they need.
Adhering to HIPAA compliance regulations can help protect patient data, increase trust in the healthcare system, reduce healthcare costs, and improve patient safety. It can also protect your organization from legal and financial repercussions.
To ensure your organization is HIPAA compliant, you should work with a qualified third-party vendor that can help you audit your data and processes, develop a comprehensive information security plan, and train your staff on best practices for data security and patient privacy.
Kiteworks provides organizations with the tools and features necessary to ensure their data is secure and private and remains compliant with HIPAA. The Kiteworks Private Content Network enables organizations to demonstrate compliance with HIPAA by unifying, controlling, tracking, and securing sensitive PHI data exchanges—email, file sharing, managed file transfer, web forms, and APIs. Kiteworks offers role-based access control to ensure users are only granted access to the data they need to perform their job, and helps organizations monitor and control data access in accordance with HIPAA. It also keeps organizations in compliance with HIPAA through its automated audit logging capabilities, as well as providing on-demand data destruction capabilities and comprehensive reporting capabilities. These features help organizations maintain a clear view of their data security posture and ensure that patient data is only being accessed by authorized individuals and is securely and permanently deleted when no longer needed.
Additional Resources
- Blog Post hipaa compliant
- Blog Post hipaa compliant form
- Blog Post hipaa encryption protocols
- Blog Post Send HIPAA-compliant Email
- Blog Post the hipaa breach notification rule