Table of Contents
Advertisement
10. Appendices > 10.6. Security and privacy features
10.6.4. Other Security and Privacy features addressed
HIPAA defines a number of physical and technical safeguards which are either required or
addressable. Some features that could implement these functions are differently or not
implemented for reasons mentioned below.
This section also lists other information related to security features that are not implemented and
that the owner of the systems should be aware of.
System and application hardening
On the Sonalleve Console, unnecessary services have not been removed or disabled.
The HIFU Administrative account is provided for hospital administrative roles, however these
users are prevented from clinical use of the system.
The Sonalleve Console uses Windows default password complexity rules. The hospital
administrative user can change the password settings.
The Sonalleve Console has two logical drives. There is no distinct separation of operating
system, application software and data storage over these drives.
When logging on to the Sonalleve Console as a normal HIFU User the application is
automatically started, however it is possible for a user to switch to the operating system
interface (Windows desktop). When the application is closed, the user is logged off
automatically.
The Autoplay feature is turned off on the Sonalleve Console, so DVDs or USB devices inserted into
the system will not be opened automatically.
Automatic logoff
An auto-logoff feature is not implemented since it contradicts the intended use of the system.
Manual logoff using a 'short-cut' key combination is documented (see 2.15. Network safety, data
security and privacy).
Backup procedure
The system does not provide persistent storage for treatment data. It is not the intended use of the
system to permanently store (sensitive) personal information. Information should be exported to a
secure storage device as soon as possible.
The system does an automatic full system backup nightly to a second internal disk. The system
configuration is saved with the backup and can be retrieved by Service.
Emergency Access Procedure
The system allows the creation of multiple user accounts. You may create a generic user account
for emergency situations. However, to avoid unauthorized access to patient data, ensure that
knowledge of this generic account and access to the system is restricted.
The system does not mark data output as emergency usage, such as on-screen, printed, or
exported data during emergency access operation.
The system does not allow or enforce the users of a generic user account to enter their real
names.
Encryption
The system does not encrypt patient data that is stored on the hard disk or exported to external
media (DVD, USB device, etc.). The system also does not use encryption for transmission of data.
Network firewall configuration
The system is placed behind an external firewall which prevents all access to the ports of the
Sonalleve MR-HIFU system from the hospital network.
Physical access to the system
Instructions for Use
109745C2 / 02-2022
169 (192)
Advertisement
Table of Contents
