How a small startup met HIPAA and data security requirements efficiently and cost effectively
Before Xrays, CT scans and MRIs were digitized, these and other medical images had to be physically transported. If a patient sought a second opinion or a physician needed the image at another facility, it had to be hand carried or delivered. This could be both time consuming and costly. Digitization, despite its inherent flexibility, did little in the way to change this. Hard copies of medical images were simply replaced by CDs. Complicated regulatory requirements and incompatible software prevented physicians and patients from easily sharing images – that is, until image32 came along.
Challenges: Building secure, HIPAA compliant clinical apps
image32 is a clinical application company founded by a doctor, a UX designer and a developer. Their goal: Build a solution that allows physicians and patients to share medical images beyond a medical facility’s firewall, thus enabling better patient care. The cloud was the logical answer and a relatively straightforward one, if not for the fact that the data being shared is under regulatory control. image32 needed to build applications for uploading and viewing images in a secure cloud. And those applications needed to meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA).
Solution: SD Elements a cost-effective option
image32 hired a consultant to help them determine how to address HIPAA compliance and data security. The consultant offered two options: continue to pay the consultant by the hour to assess the applications, or deploy an application security tool that would automate the process. To that end, the consultant recommended SD Elements. For image32, the choice was clear.
“We were essentially looking at SD Elements as a turnkey solution to our security issues. They were a great tool for us as a startup to get that first couple layers of security built into the product,” says Bob Pellican, CEO and cofounder of image32.
Benefits: Application security and regulatory compliance made easy
Being a small team with limited resources, image32 appreciates that SD Elements is easy to use and simplifies application security. “It is very easy to set up and configure,” says Pellican.
“SD Elements has a nice way of letting you tell it what your technology stack is and, based on that information, comes back to you and says, ‘Here are the actions you should take to lock down your security’,” says Pellican.
The ability to get those results almost instantly is a huge benefit. There’s no need to wait days – perhaps even weeks – for a consultant to assess the applications that comprise the image32 solution. And because SD Elements integrates with JIRA, the bug and project tracking software used by image32, developers can efficiently integrate security into the development process.
Furthermore, SD Elements specifically addresses regulatory requirements, assuring the image32 team that they are building a robust, HIPAA compliant solution. “That was one of the nicest things,” says Pellican. “It creates a report and tags those actions that are HIPAA requirements.”
Now, with image32, patients and physicians can safely upload medical images to a secure, cloud-based storage area from which the images can be viewed. There’s no need to pay a courier service to deliver images or wait hours – even days – for their delivery. Patients receive their diagnosis sooner. And image32 and its customers rest assured that the applications used to upload and view the images are HIPAA compliant, and that data is protected.
“We love SD Elements. It is fast and easy to use. Kind of a no-brainer,” says Pellican.