Translator Disclaimer
15 April 2005 A HIPAA-compliant architecture for securing clinical images
Author Affiliations +
The HIPAA (Health Insurance Portability and Accountability Act, Instituted April 2003) Security Standards mandate health institutions to protect health information against unauthorized use or disclosure. One approach to addressing this mandate is by utilizing user access control and generating audit trails of the various authorized as well as unauthorized user access of health data. Although most current clinical image systems (eg, PACS) have components that generate log files as a solution to address the HIPAA mandate, there is a lack of methodology to obtain and synthesize the pertinent data from the large volumes of log file data generated by these multiple components within a PACS. We have designed and developed a HIPAA Compliant Architecture specifically for tracking and auditing the image workflow of clinical imaging systems such as PACS. As an initial first step, a software toolkit was implemented based on the HIPAA Compliant architecture. The toolkit was implemented within a testbed PACS Simulator located in the Image Processing and Informatics (IPI) lab at the University of Southern California. Evaluation scenarios were developed where different user types performed legal and illegal access of PACS image data within each of the different components in the PACS Simulator. Results were based on whether the scenarios of unauthorized access were correctly identified and documented as well as normal operational activity.
© (2005) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Brent J. Liu, Zheng Zhou, and H. K. Huang "A HIPAA-compliant architecture for securing clinical images", Proc. SPIE 5748, Medical Imaging 2005: PACS and Imaging Informatics, (15 April 2005);

Back to Top