Q

Is it against HIPAA regulations to permanently store sensitive information?

Security management expert Mike Rothman examines if it is against HIPAA guidelines to store consumer information permanently.

Are rewriteable media like CDs and DVDs allowed for permanent storage of patient images and files according to HIPAA, or must it be write-once media only to prevent accidental modification or deletion of records?
HIPAA doesn't specify that patient records can't be stored permanently, but that they have to be protected and kept private. So rewriteable media should be acceptable, as long as access to that media is restricted.

This brings up the issue of proper data-handling practices. Basically, if the records are digitized, then proper controls must be in place to dictate who can access the information. Maybe that means having proper security set up on file shares. Perhaps these CDs and DVDs should be kept in a safe so they aren't accessible to everyone. Encrypting the data should also be considered, to make sure that even if the data is accessible, it's...

not readable without the key.

Of course, it is good practice to implement procedures to protect against data corruption and unauthorized changes, so storing the data on write-once media isn't a bad idea. But since you would only be storing a point in time backup (or replication) of the data in question, there is a cost there.

Based on my understanding of HIPAA, these types of storage mechanisms would be acceptable. Yet as with any regulation, that is ultimately going to be a judgment call of the examiner that shows up to assess your organization.

For more information:

  • Mike Rothman discusses the terms of HIPAA, specifically if it is a violation of the act to publicly display client names.
  • In this expert response, learn if an off-site employee exit procedure will violate HIPAA regulations
  • This was first published in March 2008

    Dig deeper on HIPAA

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close