Abstract
The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement conprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both nonperformance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.
Full Text
The Full Text of this article is available as a PDF (670.4 KB).
References
- 1.The NSA Rainbow Series Orange Book. URL:http://www. fas.org/irp/nsa/rainbow/tg006.htm
- 2.The NSA Rainbow Series. URL:http://www.fas.org/irp/nsa/rainbow.htm
- 3.Saul J: HIPAA Security and Electronic Signature Provisions —Executive Summary. Communications Technology Consulting and Jerboa, Inc, 1999. URL:http://www.Jerboa.comhipaa
- 4.Epstein MA, Pasieka MS, Lord PM, et al. Security for digital information age of medicine: Issues, applications, and implementation. J Digi Imaging. 1998;11:33–43. doi: 10.1007/BF03168723. [DOI] [PMC free article] [PubMed] [Google Scholar]