Patient Data Security; Requirements On The Operating Environment - AGFA Valory User Manual

Valory (system with floor mounted column) | Product Information | 179

Patient data security

The user must ensure that the patients' legal requirements are met and that
the security of the patient data is guarded.
The user must define who can access patient data in which situations.
The user must have a strategy available on what to do with patient data in
case of a disaster.

Requirements on the operating environment

These operating environment requirements for information security and
privacy (ISP), must be implemented and used in connection with the use of
the Agfa medical device by the Customer (User). These are minimum
requirements and designed to protect against unauthorised access that could
hamper the device from functioning as intended.
Although Agfa has defined these ISP Operating Environment Requirements
for implementation by the Customer, Agfa makes no warranties, expressed or
implied regarding those ISP Operating Environment Requirements.
Agfa disclaims all liability if a security incident would occur despite the
implementation of these ISP Operating Environment Requirements by the
Customer.
Agfa reserves the right to revise these ISP Operating Environment
Requirements and to make changes to them at any time. Possible revisions of
the ISP Operating Environment Requirements will only be available in an
electronic form, on request, via our website, by using the user documentation
request form http://www.agfahealthcare.com/global/en/library/index.jsp.
The information presented herein is sensitive and is company confidential.
Without written authority from Agfa, further distribution outside the
company is not allowed.
• Perimeter firewalls shall be in place and appropriately configured in order
to ensure that communications between medical devices and external
resources are either denied or restricted to just the communications that
are essential for the medical devices to properly function.
• Network Intrusion Detection/Prevention Systems (NIDS/NIPS) shall be in
place at the perimeter and appropriately configured, in order to provide
early warning of an attack attempt or successful compromise of a medical
device as well as to attempt to prevent compromise of medical devices.
• A Network Time Protocol Server shall be configured in the medical devices
in order to synchronize the time in the audit logs with the time on the NTP
server.
• Medical devices shall be on an isolated network segment that restricts
communication of the medical devices to the systems that are required for
the device to function.
0426A EN 20220804 1858