Caringo Acquired by DataCore Read the Press Release

Healthcare Information Management in a Post-HIPAA World

Screenshot 2015-07-06 at 4.45.18 PM
Screenshot 2015-07-06 at 4.45.18 PM

We all want to know that our personal health data is well protected. Any company that handles protected health information (PHI) needs to ensure that all required network, physical, and process security measures are followed. With the introduction of HIPAA, the Health Insurance Portability and Accountability Act, it requires that sensitive patient data is protected, which includes medical data systems. Anyone who provides treatment, payment and operations in healthcare, or anyone who has access to patient information and provides support in payment, treatment or operations must be HIPAA compliant. According to the U.S. Department of Health and Human Services, if you are hosting your data with a HIPAA compliant cloud hosting provider, they must have certain administrative, physical and technical safeguards in place.

How did this start?

HIPAA was enacted in the United States in 1996, and since has caused major changes to the way in which physicians and medical centers operate. Before HIPAA existed, there was no federal law that regulated the privacy of health records. Since the 1970s, Congress had passed a variety of privacy laws that protected school records, driver’s license records, cable TV records, phone records and even video rental records. However, none regulated personal health information. Congress eventually decided something needed to be done to better protect people’s most sensitive information: their health records.

Screenshot 2015-07-06 at 4.46.34 PMThe HIPAA Privacy Rule’s right of an individual to access protected health information (PHI) about him or her held by a covered entity has primarily been done through a paper-based system since it was created. However, now an increasing number of covered entities are beginning to utilize new forms of health information technology (health IT), often involving the transition of PHI from paper to electronic form. For example, many healthcare providers are using comprehensive electronic health records (EHRs) to enhance the quality and efficiency of the care they deliver.

So where does Caringo Swarm come in?

HIPAA requires imaging records to be stored without identifiable information about the patient. Object storage uses a random “key” to index each piece of information, rather than a name or social security number. Caringo Swarm object storage removes an entire category of HIPAA headache for healthcare data.

Screenshot 2015-07-06 at 4.47.21 PMData systems for healthcare were once closed—locked into specific storage or solutions. It was difficult and painful to share solutions if a patient changed hospitals. Then a new law emerged that required hospitals to share data, so a new market emerged—Vendor Neutral Archives (VNAs).

We now have what are called clinical clouds, the notion of storing information and accessing it from anywhere. The American College of Radiology (ACR) and National Electrical Manufacturers Association (NEMA) created the DICOM standard (Digital Imaging and Communications in Medicine standard, also known as NEMA standard PS3 and ISO standard 12052:2006) for handling, storing, printing, and transmitting information in medical imaging. HIPAA requires that the hospital remove identifiable information from the actual document making object storage critical in the medical space. Data stored as objects get an ID that is not associated with an identifiable patient information.

Caringo Swarm provides a highly automated storage solution that delivers a securely accessible, unified medical archive for clinical data. Swarm is also natively accessible by many popular picture archiving and communication system (PACS) applications and is currently being used by medical facilities around the world. Find more information about Caringo Swarm’s healthcare solutions and specific use cases here. Also we invite you to email us at and follow us on Twitter (@CaringoStorage), LinkedIn, Facebook and Google+.

Tony Barbagallo
Tony Barbagallo

About The CEO

Throughout his 30-year career, Tony Barbagallo has leveraged his extensive experience to establish and grow hardware, software and service organizations. He has held a mix of leadership roles at small and large companies, including VP of Marketing and Product Management at Skyera, WildPackets (now Savvius), and EVault, VP of Marketing and Sales at Dantz (acquired by EMC), and senior management positions at Microsoft, Mentor Graphics, Sun, and GE. He holds a BS in Computer Science from Syracuse University and has also completed the Stanford University Executive Program.

More From CEO