X-Ray Film Scanners and Digitizers, X-Ray Film Scanning Services and Software

HIPAA Compliant Scanning

posted Jan-5-2015

If you plan to outsource the scanning of medical records or X-ray film, then you need to understand what HIPAA compliance requirements apply before you send those records out.  When you move from paper and film to the process of electronically storing, transmitting or receiving medical records, claims or remittances you are responsible for ensuring that the privacy and confidentiality of your patients are protected.   This means that if you use a scanning service to outsource your medical records and X-ray scanning, then that service must comply with HIPPA laws.


HIPAA laws cover protected health information.   Any information that you collect from an individual that relates to the past, present or future health or condition of that individual and that contains identifying information must be protected.   You are responsible for ensuring that any scanning service bureau your hire has procedures in place to protect identifying health information on any records that they scan.

The HIPAA Security Rule addresses the privacy protection of electronic protected health information (PHI). Similar to the Privacy Rule, the Security Rule also deals with identifiable health information as defined by 18 HIPAA identifiers. The Security Rule defines standards, procedures and methods for protecting electronic PHI with attention to how PHI is stored, accessed, transmitted, and audited.

What does this mean?

The Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information.   It requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization.

When you’re choosing a scanning service bureau, this may mean procedures such as having a private, locked area where patient health records are stored and scanned.    In addition, security of the medical records and images may require administrative safeguards, such as a HIPPA security compliance person who oversees the scanning of documents; physical safeguards such as protection of electronic systems, equipment and data; and technical safeguards such as authentication & encryption used to control data access.

All employees who scan the medical records must have a training session which discusses HIPAA compliance and privacy standards.     The HIPPA enforcement rule took effect in 2006. This HIPAA rule creates civil punishment criteria for any health care provider violations of the “Administrative Simplification” rules. Prior to this rules creation, civil and criminal penalties were imputed only on health care providers who weren’t in compliance with just the privacy rule. This rule opened the door for punishment on any violation of these rules. This rule also outlines the standard procedures for any necessary investigations, it outlines what factors are used to determine the penalty, and it outlines the procedures necessary to appeal a ruling.

How can you be sure that the scanning bureau meets HIPAA requirements?

Generally any scanning service bureau that meets HIPAA requirements is not going to be shy about it…they will advertise it on their website or otherwise let you know that they meet HIPAA requirements.  Often, the scanning service can even upload the scanned records and images to your records management system, or they can provide a HIPAA compliant system for your use.


Request a Free Quote for Medical Records Scanning