HIPPA's compliant Auditing System for Medical Imaging System

Abstract

As an official rule for healthcare privacy and security, Health Insurance Portability and Accountability Act (HIPAA) requires security services supporting implementation features: Access control; Audit controls; Authorization control; Data authentication; and Entity authentication. Audit controls proposed by HIPPA Security Standards are audit trails, which audit activities, to assess compliance with a secure domain's policies, to detect instances of non-compliant behavior, and to facilitate detection of improper creation, access, modification and deletion of Protected Health Information (PHI). Although current medical imaging systems generate activity logs, there is a lack of regular description to integrate these large volumes of log data into generating HIPPA compliant auditing trails. The paper outlines the design of a HIPAA's compliant auditing system for medical imaging system such as PACS and RIS and discusses the development of this security monitoring system based on the Supplement 95 of the DICOM standard: Audit Trail Messages.