1 Introduction
17
Security Information
Protecting Personal Information
Protecting personal health information is a primary component of a security strategy. Each facility
using the monitors must provide the protective means necessary to safeguard personal information
consistent with country laws and regulations, and consistent with the facility’s policies for managing
this information. Protection can only be realized if you implement a comprehensive, multi-layered
strategy (including policies, processes, and technologies) to protect information and systems from
external and internal threats.
As per its intended use, the patient monitor operates in the patient vicinity and contains personal and
sensitive patient data. This also includes the trace print-outs at the monitor.
The monitor also includes controls to allow you to adapt the monitor to the patient's care model.
To ensure the patient's safety and protect their personal health information, you need a security
concept that includes:
• Physical security access measures - access to the monitor must be limited to authorized users.
It is essential that you consider physical security measures to ensure that unauthorized users
cannot gain access.
• Operational security measures - for example, ensuring that patients are discharged after
monitoring in order to remove their data from the monitor.
• Procedural security measures - for example, assigning only staff with a specific role the right to
use the monitors.
In addition, any security concept must consider the requirements of local country laws and regulations.
Always consider data security aspects of the network topology and configuration when connecting
patient monitors to shared networks. Your medical facility is responsible for the security of the
network, where sensitive patient data from the monitor may be transferred.
When a monitor is returned for repair, disposed of, or removed from your medical facility for other
reasons, always ensure that all patient data is removed from the monitor by ending monitoring for the
last patient (see “Discharging a Patient” on page 148). Also select
Erase All in the Stored Data Recording
menu, to erase all stored data.
NOTE
Log files generated by the monitors and measurement modules are used for system troubleshooting
and do not contain protected health data.
About HIPAA Rules
If applicable, your facility’s security strategy should include the standards set forth in the Health
Insurance Portability and Accountability Act of 1996 (HIPAA), introduced by the United States
Department of Health and Human Services. You should consider both the security and the privacy
rules and the HITECH Act when designing policies and procedures. For more information, please
visit:
http://www.hhs.gov/ocr/privacy/
To Next Page
Loading...
