Not hippos, not hippies … the latest software-induced concern for healthcare technology managers is HIPAA, patient record regulations that put information security in the spotlight and create questions about the vulnerability of remote diagnostic ports connecting clinical devices to the wide world of hackers. It’s 2001. Do you know where your modems are?
People who work in healthcare are sensitive to the ethical significance of maintaining the confidentiality of highly sensitive clinical data. But the new HIPAA (Health Insurance Portability and Accountability Act of 1996) regulations coming down the pike are ratcheting up concerns about information security and patient privacy. HIPAA adds a legal mandate to the existing ethical imperative.
What exactly does HIPAA consider “protected health information?” Any patient information that is electronically processed or transmitted such as name, date of birth, medical record number, address, social security number and so on. But you say, “That’s information clinicians use all the time to provide patient care!” So true.
Security leaks can occur in dozens of ways: cell phones used to discuss confidential patient information, a copy of a patient record faxed to the wrong number, two physicians discussing a case on the elevator. And our focus here: remote connections between clinical equipment and service professionals conducting diagnosis and maintenance.
When it comes to remote diagnostics, building a robust security system is increasingly important. You want to protect your valuable equipment from an unauthorized outsider who wants to subtly tamper with the operation of your system, such as adding “distributed denial of service” code (AKA a “Smurf”), or is simply bent on shutting your system down altogether. Most important, you want to protect the clinical data that is generated about the patients in the institution you serve.
CT and MRI scanners are often equipped with a modem so they can communicate with the manufacturer during a remote diagnostic session, but ask yourself, who else can reach that port? Could a hacker use your CT equipment as a backdoor into the Hospital Information System (HIS) network? You betcha’! In this era of connectivity, the PACS (Picture Archiving and Communications Systems) is connected to RIS (Radiology Information Systems) network, the RIS is connected to the HIS net, and so on.
To purchase the full text of this article, click here…