Case Study | Healthcare

Fast, secure sharing.

Putting patient privacy rights first drives a unique solution to help manage sensitive data and care.

The Situation

Working with plastic surgery patients often involves numerous patient photos that need to be shared with both the internal and external medical staff. Treatment time in a reconstruction scenario can stretch years, and the ability to see how the body changes and adapts is critical.

Photographs, however, may qualify as Protected Health Information (PHI) and be governed by HIPAA regulations. Accessing these photos and other patient data through traditional means includes logging in through the hospital intranet and typing in multiple passwords to gain access. In addition, taking new pictures on a cell phone or camera can introduce risks. The image cannot reside on the phone as that would be a HIPAA violation.

Sending photographs through text messages has become a common scenario across healthcare fields, even though many times the texting platform is not encrypted and violates HIPAA Privacy and Security laws.

It’s a tough situation: The technology that would be helpful to the doctor and the patient is cumbersome because of privacy concerns. There has to be an easier way.

While vital to patient care, sending photos by text violates patient privacy regulations. This client needed a better solution to leverage technology efficiently.

Creating A Custom Solution

ASMGi paired our Governance, Risk and Compliance expertise with our technology expertise to provide a solution enabling access to the pictures in a secure way that preserves patient privacy compliance while working practically for all stakeholders.

There were four large pieces to the puzzle:

Viewing the pictures with patients

Sharing with colleagues for additional input while remaining compliant

Capturing new photographs on a mobile device in a HIPAA compliant manner

Consolidating new and old photos to one place that could easily be accessed remotely, while maintaining HIPAA privacy and security

ASMGi implemented Box in multiple departments for a major hospital to allow HIPAA compliant mobile viewing, file sharing and collaboration. Box Capture was implemented for creating new images. And Box Sync was leveraged to manage all current photos in the Cloud.

“Box is fast, efficient and I do not have to log into the intranet and find the right folders, which takes forever. I can use it on my phone, which is too easy. It is a big help!” Client Surgeon

from major hospital system

The Result

Box allows mobile and desktop access, which means the doctors can use the service at their desks, in a consultation with patients or on the move.

Colleagues are able to receive notifications and give second opinions without ever downloading the sensitive data. It is all audited and the storage and collaboration meets stringent HIPAA standards.

New photographs are never stored on the phone, even temporarily, when using Box Capture. The Box Capture app skips the phone’s storage and writes the image directly to the Cloud, encrypted in transit and at rest.

What would normally be a minefield for HIPAA violations is now as simple as taking a photograph. Box Sync made migration easy: Simply drag-and-drop the files into a Box Sync folder and they automatically populate the Box Cloud.

► Compliance requirements met

► Solution fully adopted by multiple departments

► Time and cost savings compared to the old way of managing images

► Works with all PHI, not just photographs

► Viral impact: This department solution is now held up as a model to be adopted by other departments

The ASMGi Advantage

Working with protected health information is complex: There are many opportunities to violate the law and privacy standards.

However, if the process is too cumbersome, the solution won’t be used. In this case, that means either there will be a potential HIPAA violation or collaboration will be limited, depriving both patient and doctor from the benefits.

Our goal was to implement a solution that worked at the speed of business, making it as seamless as possible. While HIPAA is important, it’s often a barrier to adoption for end users. The hospital’s security and audit teams needed to feel confident the system would actually be used.

A plastic surgeon in this major hospital system now uses the solution regularly: “Box is fast, efficient and I do not have to log into the intranet and find the right folders, which takes forever. I can use it on my phone, which is too easy. It is a big help!”

ASMGi worked to deploy a solution that met all the compliance requirements yet also was easy, intuitive and would have a high rate of adoption.