Healthcare operations are transforming, rapid adoption of electronic medical records, global access to a patient records and ensuring patient privacy and trust are critical. Coupled with rapidly increasing demand for improved patient services, the industry is under excruciating pressure to contain costs, improve medical practices and compliance with privacy & security regulations. Proper planning and seamless execution will result in improved workflow, lower operational costs and increased patient safety.
Whether it is HIPAA, PIPEDA, the EU Directive or additional regulations in your country, Carestream Health partners with you to achieve your compliance and business goals.
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law August 21, 1996. This landmark legislation affects nearly everyone involved in the healthcare process from providers to healthcare information systems vendors to payers. HIPAA contains provisions for the portability of insurance coverage as employees move from one employer to another. It also contains provisions for Administrative Simplification covering the privacy and security of individually identifiable healthcare information and for government-mandated Standards for electronic Transactions, Code Sets and Identifiers.
Read the full article (pdf)
The evolution and rapid distribution of malware has caused major disruptions in the network world. As medical devices become infected, network congestion increases and performance degrades, malware appliances such as anti-virus or intrusion prevention software can be applied with proper guidance. Medical devices are regulated by governmental organizations such as the FDA, to protect the interest of public health. The FDA mandates that software modifications (such as security updates) for medical devices be first tested and 'validated' to ensure the safety and effectiveness of the medical device. Carestream Health follows a Quality Assurance process to validate all operating system changes, security updates, third party software and application enhancements as required.
Carestream Health realizes the need to react quickly to malware (malicious software) risks to patient safety, system performance and data privacy. Carestream Health recommends a layer security approach that includes the installation of medical devices on an enclave network to provide lower risks of malware to these devices.
• View Network Vulerability Process
| Message to our Customers About Commercial Off the Shelf Software (COTS) |
Back to Top |
Carestream Health continues its commitment to provide products and services that reduce security risks. We continually monitor the Internet for vulnerabilities in COTS and the related potential risks of malware on Carestream Health products. Carestream Health 's approach is to following industry best practices for hardening the operating system and building in security at the design phase renders the majority of the risks of malware to reported vulnerabilities ineffective.
Carestream Health 's rapid release of security updates (sometimes called Modification Kits) provides additional measures to reduce the risk to relevant vulnerabilities for supported products in the field. To obtain a modification kit or software upgrade to a newer version, contact your Carestream Health Service Technician or call the Carestream Health Technical Support Center at 1-800-328-2910.
National Electrical Manufacturers Association (NEMA) Carestream Health has active members on DICOM and NEMA committees. These committees are a collaborative group of medical device and healthcare information system manufacturers. The Medical Imaging Informatics (MII) Committee and the Security and Privacy Committee (SPC) focus on providing industry guidance to regulatory bodies that generate healthcare legislation. In addition the SPC works with the European, Coordination Committee of the Radiological and Electromedical Industry (COCIR) and Japan Industries Association of Radiation Apparatus (JIRA). .
These committees provide best practices, guidance and product requirements for the health care sector to enable data security and data privacy compliance with regulations in Japan, Europe, and the U.S. The NEMA team has developed and released white papers to assist healthcare providers in the comprehension privacy and security regulations, white papers can be found at:
http://www.nema.org/prod/med/security/
Healthcare Information and Management System Society (HIMSS) The Privacy and Security Steering Committee provides guidance and implementation of strategic initiatives that promote the privacy and security of healthcare information and management systems. The Committee has set the following goal: By 2014, all entities that use, send or store health information meet requirements for confidentiality, integrity, availability and accountability based on sound risk management practices, using recognized standards and protocols.
Proceedings from educational privacy and security sessions at recent Annual HIMSS Conferences and articles from various publications can be found at: http://www.himss.org/ASP/topics_FocusDynamic.asp?faid=62
Carestream Health can partner with you to assure that both financial as well as operational objectives are met. Patient safety and confidentiality are a responsibility that requires secure networks and systems that reduce the risks from malware attack. Carestream Health’s Privacy and Security Services are available, to assist you in remediation, or to provide a security network assessment, and to design, implement, and support tailored secure network solutions. For more information on these Professional Services, please contact your Carestream Health Sales or Service Representative.
Healthcare Information Technology Standards Panel (HITSP)
American National Stadards Institute (ANSI)
|
