|
On Guard: A Tale of Two Security Settings
By Cat Vasko
 Imaging information is becoming increasingly mobile: For evidence, look no further than the FDA’s recent approval of an app for the iPod, iPhone, and iPad that allows diagnostic use of MRI, CT, PET, and SPECT exams. With increased connectivity, however, comes an increase in vulnerability. Under pressure to protect all patient health information or face significant regulatory backlash, how are facilities tending the technical security of medical-image data?
R. Todd Thomas, CIO of Austin Radiological Association (ARA) in Texas, says, “In the event of a breach involving 500 or more individuals, you have to publish it online and contact the patients involved. We hope we’re never caught in that kind of situation.” 
Preventing security breaches that involve patient health information—whether they occur as a result of equipment theft, viruses, hacking, or other causes—requires continuous vigilance, Thomas notes. “We’re constantly evaluating where users are logging in from, so if it’s somewhere we don’t recognize, we can find out why,” he says. “Our alerts happen in real time, but we can also query historical data.”
Jerry Walters, director of information security for OhioHealth Information Services in Columbus, takes a similar approach: “We track who comes into the system, how often they come in, and where they come in from,” he says. “We have logs to keep that audit-trail information for us.”
Click here for more >>
|
|
Data Conundrum: Ensuring Critical Access While Preserving Privacy
By George Wiley
A health care provider that is too intent on protecting personally identifiable patient information could take patient privacy beyond the level that is optimal for patient care. At the Children's Hospital (Denver, Colorado), however, Chris Goodale, radiology data systems administrator, prevented this problem by limiting access to radiology information, making it available only on a need-to-know basis (and in compliance with all privacy regulations).
Goodale reports that the steps that the Childrenâs Hospital takes to protect patient information from unauthorized access ensure, at the same time, that individual physicians and caregivers have access to the information that they need to care for their patients.
Creating safe methods for the exchange of patient information is a considerable responsibility; as Goodale explains, under HIPAA, liability has been extended to individual health-care personnel, leaving radiologic technologists and radiologists vulnerable to fines or personal lawsuits.
 "The burden is on every user, every provider, and every record librarian." —Chris Goodale,
Childrenâs Hospital, Denver, Colorado
Click here for more >>
|
|
Failure to Set Policy Tops List of Security Risks
By Cheryl Proval
 While RIS and PACS have become indispensable components of the electronic health record (EHR), they also pose risks to patient security and data integrity. These risks can range in scope from blaster worms to the curious technologist to just plain carelessness, and steps must be taken to secure the personally identifiable information contained in imaging informatics systems, to maintain business continuity, and to ensure HIPAA compliance.
“RIS and PACS are mission-critical systems and any user or device that accesses a PACS network entails risk,” according to Jim Morgan, vice president of medical informatics, FUJIFILM Medical Systems USA, Stamford, Connecticut. “There are internal risks and external risks: Internal risks can be anyone who has access to the system, from anywhere on the network.” Most RIS and PACS have internal locks and safeguards that can protect against inappropriate and unauthorized use and intrusions, Morgan says. The safeguards built into Synapse® RIS/PACS, for instance, are robust enough to meet US Department of Defense (DoD) standards. A strong security strategy, however, goes beyond the technical to establish security protocols and policies that reinforce safe use of the system.
Click here for more >>
|
|
|
|
Data Breach Involving 1.7 Million Reported in NY
In the largest data breach to date under the HITECH Act data breach notification rule, 1.7 million people will be notified of a data theft incident involving patient and employees of The New York City Health and Hospitals Corp. Encrypted computer backup tapes were stolen from an unattended truck that was en route to a warehouse. All affected persons will be offered one year free credit protection services.
Read More >>
Are You a Maverick, an Innovator, or a Guarantor?
One longtime IT observer divides IT leaders into three categories: The maverick thrives on taking risks, is likely to operate with a lower level of vendor standardization, and has a higher level of comfort with open-source software and early adoption; the diligent innovator understands that innovation can bring benefits, but pushes back on requests that do not align with business objectives; and the rock-steady guarantor’s priority is to keep essential systems running, causing him or her to take a late-majority approach to implementation.
Read More >>
Gamers Hijack Imaging Center’s Bandwidth
Seacoast Radiology, Rochester, New Hampshire, was forced to notify 231,400 patients that its database was hacked by Scandinavian gamers looking for bandwidth to play the game “Call of Duty: Black Ops.” Based on an investigation by a private security firm, it is unlikely that personal information was compromised, as the hackers simply sought bandwidth that would have cost approximately $14.95 per month for 18 players
Read More >>
Health System Creates iPad Sandbox Network
Physicians in record numbers have been early adopters of iPads, forcing Adventist Health System (Winter Park, Florida) to craft what it calls a sandbox network to ensure that it is safe to use the consumer devices in the health-care environment (where patient safety is paramount), according to an article in CIO magazine.
Read More >>
|
The Healthcare CIO Boot Camp: Prepare to Get Your Hands Dirty
Sponsored by the College of Healthcare Information Management Executives (CHIME)
April 16–19
University of Chicago Gleacher Center Chicago, Illinois
Register >>
SIIM Annual Meeting
Sponsored by the Society for Imaging Informatics in Medicine
June 2–5
Gaylord National Resort and Convention Center Washington, DC
Register >>
|
|
