Privacy and security
Within the healthcare industry, several standardization efforts are ongoing as
a response to Privacy and Security legislation and regulations. The purpose of
this standardization for hospitals and vendors is to enable information
sharing, interoperability and to support the workflow of hospitals in a
multiple vendor environment.
In order to allow hospitals to comply with HIPAA regulations (Health
Insurance Portability and Accountability Act) and to meet the IHE standards
(Integrated Healthcare Enterprise) some security features are included in the
user interface of the Drystar 4500 (available via the web pages only: under
'Security tools'. Refer to
page 147):
Product Authentication: HIPAA supported products that communicate with
•
DICOM use the Transport Layer Security (TLS) protocol. The TLS
protocol uses public key certificates for client and server authentication
(X.509).
Product Accountability: HIPAA supported products require some level of
•
user and system activity to be recorded. As a consequence of these actions,
audit records are to be sent to and observed at an Audit Record Repository
(ARR).
Product User Authentication: 'User Authentication' of HIPAA products
•
involves password protection for access to User, Key operator, Service
Security/ Administrator and other user interfaces that allow access to
protected health information (PHI). These interfaces include all user
keypads, front panels displays and network connections.
The last two functions are available when access to the Administrator is
granted (i.e. when the Administrator password has been entered correctly).
2800E EN 20050215
'Controlling the Drystar 4500 via the browser'
D
4500 R
RYSTAR
EFERENCE MANUAL
Introducing the Drystar 4500
on
15