As of July 1, the Florida Electronic Health Records Act requires that offsite storage of protected health information be physically maintained in the continental United States, its territories, or Canada. .
WHY IT IMPORTANT
In addition, the Florida Healthcare Licensing Procedures Act will require licensees to sign an affidavit attesting that all patient information in the electronic health record qualifies – including demographic and clinical health information of the patient – being physically kept under the revised EHR law.
According to Michael Sutton, a third-party provider that exists outside of the US and Canada, such as an IT support provider, EHR company, or data entry subcontractor can access qualified patient records. Events are stored on local servers. affiliated with Sheppard, Mullin, Richter and Hampton in National Law Review.
Sutton said in its regulatory review that the change includes the healthcare provider’s subcontracted computing facilities and any of its cloud service providers. headquarters or operations abroad.
He advises qualified healthcare providers to assess where electronic patient information is stored and whether there are any third-party providers outside of the United States or Canada, “such as IT support, scheduling assistance, etc”, whether or not to have access to patient information.
Many companies, such as AWS, allow users to choose a region to store their data or choose a default option.
TREND TO BIGGER WOMAN
Imaging is just one area of healthcare where doctors and patients need quick access to the vast majority of patient data.
According to Tim Dawson, chief technical officer of Canon, an example related to the rise of home care services is the use of portable ultrasound machines and portable X-ray machines, where a large number of Patient image data needs to be sent to doctors and radiologists quickly. Health, in the HIMSS23 conversation about data neutrality.
Cloud-based servers have reduced data storage costs and improved data transfer speeds.
However, software vendors often outsource subcontractors who can use data centers abroad. Even law-abiding foreign organizations may not be able to keep up with changing U.S. laws governing the storage and security of patient data, leaving healthcare providers and Other organizations subject to HIPAA are at risk if a patient data breach occurs.
“CIOs have a legitimate interest in their digital supply chains,” says Dawson.
However, software vendors have been using server farms, call centers, replicators, revenue cycle managers, and data analytics services overseas for several years.
It is the responsibility of the healthcare organization to state that it does not allow the transfer of PHI abroad in its contracts.
ON PROFILE
“When there is a conflict, qualified healthcare providers may need to begin moving patient information to new storage locations or take steps to ensure that access to patient information was appropriately restricted prior to the effective date of the Act,” Sutton said in the legislative review.
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
