Data Protection; Confidentiality And Protection Against Unauthorized Access - Brainlab EXACTRAC INFRARED MONITORING Clinical User Manual

1.7

Data Protection

1.7.1

Confidentiality and Protection Against Unauthorized Access

Regional In the ExacTrac Infrared Monitoring software, patient data is identified by the patient's name and
Legislation a unique ID. For this reason, it must be handled in accordance with the relevant confidentiality leg-
islation and protected against unauthorized access. In the United States, patient data must be han-
dled in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Access to System The ExacTrac workstation is housed in a cabinet with a front and rear door. Both doors should be
Hardware locked to prevent unauthorized access, and the key stored in a secure location. The control panels
(see "ExacTrac Operating Panels" on page 30) can still be operated via the openings on the front
door.
Access to The Windows XP operating system provides user authentication that protects against unauthorized
Electronic Data access to patient data. All login and password information should be handled by the hospital network
administrator, and all personnel operating the ExacTrac system instructed to log off the system after
use. A password-protected screensaver can be implemented to provide additional security.
Access to Printouts As ExacTrac Infrared Monitoring treatment reports (see "Generating Treatment Reports" on
page 74) contain the patient name and ID, the printer must be located in a secure area and the print-
outs protected against unauthorized access.
Data Backup In order to protect against patient data loss, the ExacTrac Infrared Monitoring patient folders
should either be backed up on DVD, or stored using network-based archiving.
System Disposal As confidential patient data is stored on the hard drive of the ExacTrac workstation, this data must
either be securely erased, or the hard drive physically destroyed before system disposal.
18
The cabinet must either be appropriately protected against public access or installed
in a location that can be supervised at all times.
It is the hospital's responsibility to ensure cabinet security outside of working hours.
Simply erasing the data from the hard drive does not provide sufficient protection
against data retrieval. A dedicated software application must be used so that the data
cannot be recovered.
Clinical User Guide Rev. 1.1, ExacTrac Infrared Monitoring Ver. 1.0