While RIS and PACS have become indispensable components of the electronic health record (EHR), they also pose risks to patient security and data integrity. These risks can range in scope from blaster worms to the curious technologist to just plain carelessness, and steps must be taken to secure the personally identifiable information contained in imaging informatics systems, to maintain business continuity, and to ensure HIPAA compliance.
“RIS and PACS are mission-critical systems and any user or device that accesses a PACS network entails risk,” according to Jim Morgan, vice president of medical informatics, FUJIFILM Medical Systems USA, Stamford, Connecticut. “There are internal risks and external risks: Internal risks can be anyone who has access to the system, from anywhere on the network.”
Most RIS and PACS have internal locks and safeguards that can protect against inappropriate and unauthorized use and intrusions, Morgan says. The safeguards built into Synapse® RIS/PACS, for instance, are robust enough to meet US Department of Defense (DoD) standards. A strong security strategy, however, goes beyond the technical to establish security protocols and policies that reinforce safe use of the system.
Potential ExposureIronically, the people for whom the systems were designed—radiologists, referring physicians, clerical staff, technologists, and nurses—can inadvertently jeopardize patient privacy. If a radiologist sends an image to a colleague via email in a way that is not secure, this is a potential security threat. Radiologists or referring physicians who review content from home, if the PACS allows images or data to be downloaded and left behind on a remote computer’s hard drive, also could compromise patient privacy.
Indiscriminate Web surfing is another potential threat: The nurse who downloads a virus from a website could bring down the whole system. Curious technologists and other hospital personnel, browsing the system looking for celebrity images, pose yet another well-publicized internal threat to patient privacy.
Service engineers who connect new modalities have full access to the system, in some cases, and Morgan highly recommends that they connect securely via VPN and that they have their own login that can be tracked using event logging.
If clerical personnel who provide CDs to patients do not have a policy in place to validate these requests, then patient information could be at risk. “In all cases, I don’t think there is malicious intent,” Morgan notes, “but each case poses risks to patient privacy.”
As for external threats, Morgan includes health-care providers among the many organizations under threat from hackers, viruses, worms, and other programs designed to exploit holes in security. If the firewall is penetrated and an intruder gains access to the network, the organization becomes vulnerable. “It is important to remove holes in an organization’s security safeguards up front, as much as possible,” Morgan says.
At a minimum, every PACS/RIS should have a mechanism for authentication—a challenge of user name and password—and encryption to secure system data. These tools are commonly paired with the use of a VPN that provides an encrypted tunnel from the health-care network to the end user’s computer.
Network-domain and workstation-group policy, which provides network administrators with the ability to lock down workstations, is an additional safeguard. It offers settings that prohibit the use of executable programs, that limit access to websites outside the company’s intranet, and that prevent users from plugging a memory stick into a computer and extracting data from the system.
The Synapse system, for example, has complete configurability at the workstation level, even extending to the ability to navigate patient/study folders to open and save documents, but many network administrators dare not go this far.
“If you leave it completely open, the data can walk out the door on a memory stick, email, or someone’s laptop,” according to ider Wider, regional product support specialist, Fujifilm. Lock it down too much, and the system can become unusable.
Network administrators struggling with the balance between workstation lockdown policies and providing enough freedom to end users are likely to find another tool useful: activity logging. Administrators can give users the freedom to go anywhere, but let them know that their activity is being recorded, analyzed,