Security model for picture archiving and communication systems

The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive da ta. To accommodate this reality, Congress passed the Health Insurance Porta bility and Accountability Act (HIPAA). While final guidance has not fully b een resolved at this time, it is up to the health care community to develop and implement conprehensive security strategies founded on procedural, har dware and software solutions in preparation for future controls. The Virtua l Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically disp ersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) an d wide area network (WAN) infrastructure. Their model, which is transferabl e to general PACS implementations, encompasses a strategy of application ri sk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both nonperformance limiting and scalable, the comprehensive appr oach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model . Copyright (C) 2000 by W.B. Saunders Company.