Patient Privacy
This article was originally published in RAJ Devices
Executive Summary
White paper released on security in healthcare imaging systems
White paper released on security in healthcare imaging systems
At the Radiological Society of North America (RSNA) annual meeting in December 2002, a white paper on international standards for security rules in healthcare imaging systems was presented by the Joint NEMA/COCIR/JIRA Security and Privacy Committee1,2. The paper, entitled Identification and Allocation of Basic Security Rules in Healthcare Imaging Systems, was prepared by the National Electrical Manufacturers Association (NEMA), the European Coordination Committee of the Radiological and Electromedical Industry (COCIR) and the Japan Industries Association of Radiological Systems (JIRA), and recommends common security rules that can be applied to fulfil requirements from different sets of national regulations. These regulations include US Health Insurance Portability and Accountability Act (HIPAA - see page 107), European Directive 95/46/EC and Japanese HPB 517 legislation3-5.
The recommendations in the paper are based on the belief that technology alone cannot provide all patient data protection and that procedural safeguards must be put in place as well. The framework of 38 security and privacy rules is intended for healthcare providers who are required by law to protect patient privacy and for manufacturers of medical imaging information technology (IT), and covers the following nine topics:
- user management;
- security of data;
- security of electronic media and hardcopy;
- individual accountability: auditing/logging/signals (alarms);
- electronic signatures;
- privacy;
- environment;
- documentation; and
- availability of service.
References
1. Joint NEMA/COCIR/JIRA Security and Privacy Committee, `Identification and Allocation of Basic Security Rules in Healthcare Imaging Systems', September 2002, www.nema.org/medical
2. COCIR press release, January 2003, www.cocir.org/data/press02_03.htm
3. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ, 1995, L281, 31-50
4.The Regulatory Affairs Journal, 2002, 13 (10), 874
5. Falk J and Nichols B, Understanding US HIPAA Privacy Regulations and Plotting a Course Toward Compliance, The Regulatory Affairs Journal, 2002, 13 (3), 171-172