Hosting Images for Healthcare Providers

IMS maintains millions of images on secure servers for clients who want them managed economically, professionally and securely. Any item printed or scanned can be hosted on the system. Once logged in, all one needs to access and view the images is a Web Browser.

The system, OnLineFileCenterSM, was developed to host all non-proprietary image formats including PDFs, TIFFs, HTM and XML data. The system’s security features include safeguards necessary to meet HIPAA privacy guidelines. The system is fast, efficient and utilizes dual T-1 Internet connections to facilitate fast retrieval.

Our hosting services are very competitive since we don’t use third party viewing software which usually requires the purchase of expensive viewing licenses. We use our own internally developed hosting software and pass the saving along to you.

The primary benefits of using IMS as your ASP to host your print images are:

  • Little or no capital investment in hardware and software
  • IMS accepts the risk of technological obsolescence
  • High server security
  • Fast implementation of complex applications
  • Redundant data backup
  • Customization of the web-based retrieval software
  • File integrity

On Line File Center SM

The electronic document management system, OnLineFileCenterSM offered by IMS was developed to meet the needs of healthcare providers to convert paper documents to electronic images, store them in a safe electronic environment, and make them available to their owners in a manner that complies with HIPAA requirements.

Data stored on the system is typically scanned documents saved in a TIFF format, print images stored in either a PDF format, or print images in an XML format. The images are generally created when paper documents are sent to IMS where they are scanned and electronically indexed to facilitate their retrieval. Typical paper documents converted to electronic images for the healthcare industry are HCFA 1500s, EOBs, accounts receivable and payable records, contracts and other common business records.

Retrieval is made using a common Web browser such as MS Internet Explorer. No other software needs to be installed on a user’s computer. Retrieved data transmitted via the Internet is protected using 128 bit encryption.

The hosting software at IMS is a Web based data and electronic image hosting application with an administrator’s module where user access is controlled. An administrator must assign a unique User Name and Password before a user can log into the system. The administrator’s module also tracks who comes in, their name and password and what documents they viewed. An administrator also controls what documents and record types individual users can view. When users select a document to view, they are not directly viewing the document stored on OnLineFileCenter but are being shown a mirror image of the archived image. No user, other than an administrator, has access to the scanned images or indexes.

All data is kept in a non-proprietary format so if users wants to move it to their own system, they can do so.

HIPAA and On Line File Center SM

The following are important HIPAA issues related to the hosting of electronic images on-line of medical documents.

HIPAA Overview

When Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996, they set forth various provisions for the privacy of protected health information (PHI) during diagnosis, treatment, and billing for medical issues. As a result of this regulation, the U.S. Department of Health and Human Services (HHS) issued the Privacy Rule to guide healthcare providers through the implementation of HIPAA-compliant processes and procedures.

In the section below titled “Important HIPAA issues as related to Electronic Records Management System” there are five areas related to disclosure, tracking, security and other important components that form the foundation of how document storage and hosting system for medical records must be handled.

Important HIPAA issues related to Electronic Records Management System

Five primary areas of concern include disclosure tracking, protected disclosure, de-identification of protected information, patient disclosure authorizations, and generally protecting the security and privacy of personally identifiable electronic health information as it routes through the processes of diagnosing, treating, and billing individuals for health-related Issues.

1. Disclosure tracking
HIPAA regulations require that the healthcare provider track disclosures of personally identifiable health information to any internal or third party. This includes doctors, insurance providers, billing and claims processing, and all other entities that might have reason to view the information.

2. Protected Disclosure
The Privacy Rule allows for certain types of disclosures that do not require authorization from the patient. These include 1) to the individual, 2) treatment, payment, and health care operations, 3) disclosures with the opportunity to object, 4) incidental use, 5) public interest and benefit activities, and 6) release of a
limited data set. There is specific information that must be captured for each disclosure,
And in some situations, only a subset of the patient’s record may be disclosed.

3. De-identification
There are no restrictions on the use of de-identified health information, and much of this type of information is used by the government, researchers, and health organizations in compiling statistics. De-identification requires the user to strip all personally identifiable information (i.e., patient name, identity number, address, etc.) from the health document before it is passed on.

4. Patient Authorization
A healthcare provider may not disclose PHI outside the scope of the HIPAA regulations without written authorization from the patient. This authorization must be obtained, recorded, and then maintained for a period of at least six years. In general, authorizations should be specific as to the information being disclosed, the person disclosing and receiving the information, expiration, etc., so a separate authorization is often required for each disclosure.

5. Security
The Security Rule portion of the HIPAA regulations applies to the transmission of electronic protected health information (EPHI). The healthcare provider is to ensure the confidentiality, integrity, and availability of all EPHI the covered entity creates, receives, maintains or transmits.