The modern information revolution has facilitated a metamorphosis of health
care delivery wrought with the challenges of securing patient sensitive da
ta. To accommodate this reality, Congress passed the Health Insurance Porta
bility and Accountability Act (HIPAA). While final guidance has not fully b
een resolved at this time, it is up to the health care community to develop
and implement conprehensive security strategies founded on procedural, har
dware and software solutions in preparation for future controls. The Virtua
l Radiology Environment (VRE) Project, a landmark US Army picture archiving
and communications system (PACS) implemented across 10 geographically disp
ersed medical facilities, has addressed that challenge by planning for the
secure transmission of medical images and reports over their local (LAN) an
d wide area network (WAN) infrastructure. Their model, which is transferabl
e to general PACS implementations, encompasses a strategy of application ri
sk and dataflow identification, data auditing, security policy definition,
and procedural controls. When combined with hardware and software solutions
that are both nonperformance limiting and scalable, the comprehensive appr
oach will not only sufficiently address the current security requirements,
but also accommodate the natural evolution of the enterprise security model
. Copyright (C) 2000 by W.B. Saunders Company.