Harding D B, Gac R J, Reynolds C T, Romlein J, Chacko A K
InformaTech, Inc, Frederick, MD 21703, USA.
J Digit Imaging. 2000 May;13(2 Suppl 1):202-3. doi: 10.1007/BF03167663.
The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.
现代信息革命推动了医疗保健服务的变革,同时也带来了保护患者敏感数据的挑战。为适应这一现实,国会通过了《健康保险流通与责任法案》(HIPAA)。虽然目前最终指南尚未完全确定,但医疗保健界有责任制定和实施基于程序、硬件和软件解决方案的全面安全策略,为未来的管控做好准备。虚拟放射学环境(VRE)项目是美国陆军的一个具有里程碑意义的图像存档与通信系统(PACS),已在10个地理位置分散的医疗设施中实施,该项目通过规划医疗图像和报告在其本地(局域网)和广域网基础设施上的安全传输来应对这一挑战。他们的模式可应用于一般的PACS实施,包括应用风险和数据流识别策略、数据审计、安全策略定义和程序控制。当与不影响性能且可扩展的硬件和软件解决方案相结合时,这种全面的方法不仅能充分满足当前的安全要求,还能适应企业安全模型的自然演变。
