HIPAA Blog

[ Saturday, December 26, 2020 ]

 

The National Institute for Standards and Technology (NIST) has published a new Cybersecurity Practice Guide, NIST SP 1800-24, entitled "Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector."  

Radiologists and imaging centers use computerized libraries to store medical images they produce and interpret, so that they can easily access the images and keep them organized.  The early versions of these databases were called "picture archiving and connumication systems," and the name has stuck.  Lately, advances in character recognition technology have revealed that these PACS systems have been particularly vulnerable to inadvertent disclosures of PHI: often, images will include the name of the patient in the "picture" part of the image or on the border.  The name isn't digitized, and would not be visible upon viewing the file names, but would be visible upon seeing the picture.  Prior to the availability of character recognition, it would require a human to view the pictures to find the names; when machine review isn't available, the cybersecurity risk is greatly reduced.  However, character recognition isn't just applicable to documents and PDFs anymore; it can be applied to pictures.  So now, those vistigial names written on the edges of medical images in PACS machines take on new risks.

NIST has responded with a best practice guide.  Radiology and medical imaging providers should take note.  

Jeff [4:26 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template