How a small startup efficiently and cost-effectively met HIPAA and data security requirements
Before X-rays, CT scans, and MRIs were digitized, these and other medical images had to be physically transported. If a patient sought a second opinion or if a physician needed the image at another facility, it had to be hand-carried or delivered. This could be both time consuming and costly. Despite its inherent flexibility, digitization did little in the way to change this. Hard copies of medical images were simply replaced by CDs. Complicated regulatory requirements and incompatible software prevented physicians and patients from easily sharing images until our client provided an alternative solution. Our client is a clinical application company, originally founded by a doctor, a UX designer, and a developer.
Challenges: Building secure, HIPAA compliant clinical apps
Our client needed to build a solution for physicians and patients to be able to share medical images beyond a medical facility’s firewall, to enable better patient care. The cloud was the logical answer, and a relatively straightforward one, if not for the fact that the data being shared is under regulatory control. Our client needed to build applications for uploading and viewing images in a secure cloud. And those applications needed to meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA).
Solution:SD Elements, a cost-effective, turn-key solution
Our client hired a consultant to help them determine how to address HIPAA compliance and data security. The consultant offered two options: continue to pay the consultant by-the-hour to assess the applications, or deploy an application security tool that would automate the process. To that end, the consultant recommended SD Elements. For our client, the choice was clear. "We were essentially looking at SD Elements as a turnkey solution to our security issues. They were a great tool for us as a startup to get that first couple layers of security built into the product," says the CEO of the company.
Benefits:Application security and regulatory compliance made easy
Being a small team with limited resources, our client appreciates that SD Elements is easy to use and that it simplifies application security. “It is very easy to set up and configure,” says the CEO. "SD Elements has a nice way of letting you tell it what your technology stack is and, based on that information, coming back to you and saying, ‘Here are the actions you should take to lock down your security’."
The ability to get those results almost instantly is a huge benefit. There’s no need to wait days – perhaps even weeks – for a consultant to assess the applications that comprise the client’s solution. And because SD Elements integrates with JIRA, the bug and project tracking software used by our client, developers can efficiently integrate security into the development process.
Furthermore, SD Elements specifically addresses regulatory requirements, assuring our client’s team that they are building a robust, HIPAA-compliant solution. “That was one of the nicest things,” says the CEO. “It creates a report and tags those actions that are HIPAA requirements.”
Now, using our client’s technology, patients and physicians can safely upload medical images to a secure, cloud-based storage area from which the images can be viewed. There’s no need to pay a courier service to deliver images or wait hours – even days – for their delivery. Patients receive their diagnosis sooner. Most importantly, our client and their customers rest assured that the applications used to upload and view the images are HIPAA compliant, and that data is protected.
"We love SD Elements. It is fast and easy to use. Kind of a no-brainer," says the CEO.