D
5500/5503 R
RYSTAR
EFERENCE MANUAL
Privacy and security
Within the healthcare industry, several standardization efforts are ongoing as
a response to Privacy and Security legislation and regulations. The purpose of
this standardization for hospitals and vendors is to enable information
sharing, interoperability and to support the workflow of hospitals in a
multiple vendor environment.
In order to allow hospitals to comply with HIPAA regulations (Health
Insurance Portability and Accountability Act) and to meet the IHE standards
(Integrated Healthcare Enterprise) some security features are included in the
user interface of the Drystar 5500 (available via the web pages only: under
'Security tools'. Refer to Chapter 4,
PC (with
browser)'):
•
Product Authentication: HIPAA supported products that communicate with
DICOM use the Transport Layer Security (TLS) protocol. The TLS
protocol uses public key certificates for client and server authentication
(X.509).
•
Product Accountability: HIPAA supported products require some level of
user and system activity to be recorded. As a consequence of these actions,
audit records are to be sent to and observed at an Audit Record Repository
(ARR).
•
Product User Authentication: 'User Authentication' of HIPAA products
involves password protection for access to User, Key operator, Service
Security/ Administrator and other user interfaces that allow access to
protected health information (PHI). These interfaces include all user
keypads, front panels displays and network connections.
The last two functions are available when access to the Administrator is
granted (i.e. when the Administrator password has been entered correctly).
22
Introducing the Drystar 5500
'Controlling the Drystar 5500 via a remote
2900H EN 20071108