Chapter 19 Access Controls; Overview - GE Revolution CT User Manual

Chapter 19 Access Controls

1 Overview

Today, most countries have enacted data privacy laws to protect against the unauthorized
access and use of health information.
Examples of global privacy laws are:
•
Health Insurance Portability and Accountability Act (HIPAA)
• Directive 95/46/EC on Data Protection (Data Protection Directive)
•
Personal Information Protection and Electronic Documents Act (PIPEDA)
•
NEMA XR 26‐2012 Access Controls for Computed Tomography: Identification, Interlocks
and Logs
GE has a long-standing reputation for providing customizable, clinical solutions that protect the
privacy and security of your organization's unique clinical workflow, as well as your patient's
confidentiality.
Make sure to understand the intended use of the product when determining privacy risk relative
to patient care and safety. GE is very concerned with providing the best care to patients, and in
some cases, we have determined that patient care is more important than the risk to privacy. In
these cases, GE takes every precaution to minimize privacy risk.
Security and privacy are maintained across a healthcare system. Any product that is placed into
an uncontrolled environment will not be secure and cannot protect privacy. GE designs systems
to be implemented in a "secure environment". A secure environment is based on multiple layers
of security, a concept known as "defense in depth".
For example, a best practice is to place firewalls between departments, as well as at a DMZ
(Demilitarized Zone) between all extranets, and the external internet access point. In this
example, a radiology firewall may allow DICOM and HL7 protocol traffic through, but no other
protocols. These DICOM and HL7 protocols would be blocked at the DMZ and again at the
internet firewall.
Chapter 19 Access Controls
Revolution CT User Manual
Direction 5480385-1EN, Revision 1
593