HIPPA's compliant Auditing System for Medical Imaging System.

ABSTRACT

As an official rule for healthcare privacy and security, Health Insurance Portability and Accountability Act (HIPAA) requires security services supporting implementation features Access control; Audit controls; Authorization control; Data authentication; and Entity authentication. Audit controls proposed by HIPPA Security Standards are audit trails, which audit activities, to assess compliance with a secure domain's policies, to detect instances of non-compliant behavior, and to facilitate detection of improper creation, access, modification and deletion of Protected Health Information (PHI). Although current medical imaging systems generate activity logs, there is a lack of regular description to integrate these large volumes of log data into generating HIPPA compliant auditing trails. The paper outlines the design of a HIPAA's compliant auditing system for medical imaging system such as PACS and RIS and discusses the development of this security monitoring system based on the Supplement 95 of the DICOM standard Audit Trail Messages.