Managing Users On The System; Configuring A Connection To A Directory Server; To Configure The Connection To A Directory Server - FujiFilm Sonosite PX Service Manual

• Audit Controls: Each user action associated with patient data will be tracked through ePHI audit
logs, which are accessible to and should be routinely audited by the administrator.
• De-identification: Use a de-identification option before exporting patient data to removable media
used for system troubleshooting or repair.
• Removable media handling: Removable media that contains images or other medical information
must be stored in a secure area that is not accessible by unauthorized individuals.
• Transmission Security: Clinical data transmitted over the network may not be encrypted. Add only
trusted devices to the network. (We highly recommend the use of encrypted DICOM. If secure
DICOM is not supported, then network security controls shall be implemented to protect integrity
and confidentiality of data).
• Data Integrity: Cryptographic methods should be used at all times to ensure the integrity of
personal data. When possible, perform integrity checks to identify unauthorized changes in personal
data. In case there is suspicion of improperly altered or destroyed clinical data, notify Fujfilm
Sonosite service.
• Data Encryption: Data at rest should be encrypted at the disk level as well as the database level
with a valid FIPS 140-2 compliant encryption method. Encryption keys should be kept secured and
maintained only by system administrators.
• System Hardening: The application and database hosting server(s) should be hardened according
to the NIST 800-123 server security controls. Software Updates: Only Fujfilm Sonosite authorized
updates and/or patches should be applied to the medical device.

Managing users on the system

Only administrators can manage user accounts, including importing user accounts from another system, creating or editing a
user account, or deleting user accounts from the system.
To manage users by synchronizing with a directory server and using server-based user accounts, see

"Configuring a connection to a directory server"

Required fields are indicated by an asterisk (*).To add a new user on the system
1 Using your administrative login information, log into the administrative settings page.
2 Tap User Management.
3 On the user management page, tap Add User. Fill in the user information fields.
4 If you want to require that the user change their password, select Require password change on next login, and then enter a
temporary password for the new user to gain initial access.
Note: To ensure security, choose a password that contains uppercase characters (A-Z), lowercase
characters (a-z), special characters, and numbers (0-9).
Note: Passwords are case-sensitive.
5 If you want the user account to expire on a given date (such as accounts for students, interns, or other temporary personnel), select
Enable account expiration, and then enter the number of days (such as 90) until the account will expire into the Set
account expiration in days field.
6 When you have finished configuring the new user account, tap Save to Database.
Configuring a connection to a directory server
In order to use server-based user accounts, you should configure the system in secure mode.

To configure the connection to a directory server

1 Using your administrative login information, log into the administrative settings page.
2 Tap LDAP/AD.
3 Select Use LDAP/AD authentication.
Note: Enabling a connection to a corporate directory server disables local account creation. You can continue to use pre-existing local
user accounts, but you cannot add new local accounts while this setting is enabled.
26 Chapter 3: Safety
below.