Privacy And Security - AGFA Drystar 5500 User Manual

Privacy and security

Within the healthcare industry, several standardization efforts are ongoing as
a response to Privacy and Security legislation and regulations. The purpose
of this standardization for hospitals and vendors is to enable information
sharing, interoperability and to support the workflow of hospitals in a multiple
vendor environment.
In order to allow hospitals to comply with HIPAA regulations (Health
Insurance Portability and Accountability Act) and to meet the IHE standards
(Integrated Healthcare Enterprise) some security features are included in the
user interface of the Drystar 5500 (available via the web pages only: under
'Security tools'. Refer to
browser)' on page
•
Product Authentication: HIPAA supported products that communicate with
DICOM use the Transport Layer Security (TLS) protocol. The TLS protocol uses
public key certificates for client and server authentication (X.509).
•
Product Accountability: HIPAA supported products require some level of user
and system activity to be recorded. As a consequence of these actions, audit
records are be sent to and observed at an Audit Record Repository (ARR).
•
Product User Authentication: 'User Authentication' of HIPAA products involves
password protection for access to User, Key operator, Service Security/
Administrator and other user interfaces that allow access to protected health
information (PHI). These interfaces include all user keypads, front panels
displays and network connections.
The last two functions are available when access to the Administrator is
granted (i.e. when the Administrator password has been correctly entered).
2901B EN 20040413
'Controlling the Drystar 5500 via a remote PC (with
141 of the Drystar 5500 Reference manual):
Introducing the Drystar 5500
15