HIPAA Compliance

HIPAA Compliance

Canfield Imaging Systems is making every effort to develop software that integrates easily into a HIPAA-compliant practice and to assist our customers in complying with HIPAA.

Image management software is used to store digital images in electronic records that typically contain PHI (patient name, full-face photos, etc.). The Privacy Rule requires that practices make reasonable efforts to limit the use and disclosure of such PHI by staff members to the "minimum necessary" to perform their duties. Practices are also expected to minimize the likelihood of "incidental disclosures" to persons who have no legitimate need to view PHI. Further, practices must maintain a log of certain PHI disclosures that are not directly related to a patient's treatment.

The following are some suggestions to help ensure that your practice manages patient images in a responsible and HIPAA-compliant manner with Canfield's Mirror, DermaGraphix or PhotoFile software:

  • Set up user accounts for your image databases that require users to log in with a password.
  • Always exit or log out of your imaging software when not using it.
  • When using imaging software in front of patients, use the "Privacy" feature to hide PHI for other patients in the Search screen.
  • Develop standard operating procedures (SOPs) requiring any use of the Export Patients or Export Images functions to be documented.
  • Don't store your complete patient database on a laptop computer that is taken outside your practice. Instead transfer only those patient records of immediate need to the laptop and remove those records from the laptop when finished with them.
  • Obtain a signed Business Associate Contract from Canfield Imaging Systems. In the course of providing technical support for your imaging software, Canfield technicians may have occasion to access your image database. The HIPAA Privacy Rule requires that a practice have a signed Business Associate Contract before granting such access. Canfield Imaging Systems can provide a contract template as needed. Canfield staff are trained on HIPAA regulations and limit the use and disclosure of customer data to the minimum necessary.

Canfield Imaging Systems is making every effort to develop software that integrates easily into a HIPAA-compliant practice and to assist our customers in complying with HIPAA.