Example White Paper:

VPNs and Medical Image Sharing: Very Problematic News

There are many acronyms in healthcare – EHR, ICD-10, HHS, VPN and more. Simply put, a virtual private network (VPN) is a technology for using the Internet or another intermediate network to connect multiple networks or computers to isolated remote computer networks that would otherwise be inaccessible, allowing users to access files, images and more. Data sent through VPNs stays isolated from other computers on their intermediate network, typically through encryption.

In healthcare, medical facilities have been using VPNs to exchange data between facilities whose IT systems don’t communicate with each other. VPNs are often used as a method for providing security for hospital resources and connectivity to remote sites, such as clinics, labs or physician offices. Clinicians may use a VPN to remotely access their EHR system or for computerized physician order entry. VPNs are also used in healthcare for picture archiving and communication systems.

VPNs require a thorough understanding of public network security issues and proper deployment of precautions. Although they provide authentication, authorization and encryption, they do not have the ability to restrict access to resources at an unrefined level. The process of connecting to a VPN requires a multitude of steps since users need to wait for authentication, resulting in unnecessary time constraints. Also, the use of VPNs between healthcare organizations may create a security whole since, once connected resources can be openly accessed, those VPNs provide a window through which two facilities at either end can access.

If a VPN provider carries a log of its users’ activities, the likelihood of them being able to offer a truly anonymous service declines. Since connecting to a VPN requires data to travel through two different connections, there is a greater chance for data to become lost or transmitted out of order. In addition, anytime users lose their Internet connection, they have to re-establish the VPN connection.

In addition to the security issues involved with VPNs, the amount of time required to set up and manage one can be detrimental for a healthcare organization. Each new user or system that has to be connected to the VPN requires a lengthy setup process, and there are issues with handling the associated complex routing systems and encryption devices. VPN implementation can be extremely time-consuming for healthcare organizations that don’t have a dedicated IT department, and many physician offices and groups don’t have an IT staff in place to install and maintain a VPN connection.

The high cost of implementing and maintaining VPNs often places them beyond the reach of many healthcare organizations. The higher the quality and speed such organizations want, the more they will have to pay. The high costs of installing, configuring and maintaining a VPN often are not worth the benefits for a healthcare organization, and for those organizations that are comprised of multiple sites, the cost for each site to purchase or lease the necessary software and hardware is too exorbitant.

Though the use of VPNs can limit some healthcare organizations in their sharing of data, including medical images, there is a method that performs the same task with increased security, scalability and efficiency and reduced costs and necessary resources. Peer-to-peer technology is a distributed application architecture that partitions tasks or workloads among peers. Specifically, the BEAM™ network from Seattle-based OneMedNet Corporation provides medical image sharing anywhere around the world over the Internet without a VPN connection. Patented for electronic exchange and patient ID reconciliation, BEAM transfers medical images directly between peer sites using two-level encryption while avoiding Cloud storage of studies.

BEAM ensures user security by running on a hardened, locked down Linux OS, allowing all messages sent and received to be are encrypted, transferred over SSL and authenticated by the destination system. Since BEAM-to-BEAM transfers are peer-to-peer (P2P), they are not stored on a server, thereby allowing the transfers to travel in half the time of cloud-based image sharing solutions. Only authenticated users are allowed access to the BEAM appliance, and image transfers occur only when both sides approve the transfer. The cost of BEAM for healthcare organizations is further reduced because no software is required for the technology.

Once a healthcare organization’s PACS is configured to accept DICOM connectively from BEAM, they can start utilizing the solution in a mere few hours. If a healthcare organization’s system goes down, BEAM is designed to recover accordingly by waiting and retrying the transfer until that system is back online. BEAM is every environmentally friendly since it significantly reduces the need for CDs, paper and shipping or mailing in medical image sharing.