CoActiv Medical considers the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as a significant enhancement to both the privacy and security aspects of the healthcare industry. CoActiv EXAM-PACS and all related products closely conform to both the letter and the intent of the 1996 HIPAA regulations. CoActiv maintains HIPAA business associate agreements with all clients that are HIPAA covered entities.
Furthermore, CoActiv EXAM-PACS is FDA 510(k) listed and meets complete conformance with DICOM 3.0 Standards for the creation, movement, storage and retrieval of diagnostic radiological images and exams.
An example of some of the tools and procedures that CoActiv provides to its HIPAA covered client include the following:
- Access and usage logs of all image creation, use, distribution and storage.
- Separate User Login IDs, Passwords and User Rights and Privileges.
- Total client control over user accounts and access. CoActiv strongly encourages clients to safeguard this information and prohibit the use of shared passwords.
- Hierarchical User Access Rights & Privileges based on a strict need-to-know and right-to-know classification. Only patient medical treatment concerns can over-ride User Privilege classifications.
- Ability to limit access to specific patient images and information to Users based on both User Class as well as Individual Rights & Privileges within the system.
- Ability to limit access to patient’s images and information to only those physicians, practice medical staff and administrative staff with a legal and/or medical right to such images and information.
- All access to PACS images and information across the Internet is via Department of Defense 256-bit encryption and is limited to authorized Users only with appropriate User IDs and Passwords and all users are exposed to appropriate HIPAA warnings and are required to acknowledge such warnings before being allowed access to patient images or other patient information.
- Ability for the imaging entity to require varying levels of access information to different classes of remote users.
- Ability to organize and structure image and information archives into specific entity, practice or departmental groupings.
- Automated redundant backup of all patient image and related information on secure HIPAA audited on-line multiple remote archive sites as well as on the imaging center site. If requested, images and information may also be copied to archival removable electronic media for storage in offsite secure vaults.
- Archive redundancy includes: redundant hard drives; redundant RAID arrays; redundant servers with redundant power supplies, redundant cooling fans and redundant network interface cards; redundant archive centers with redundant Internet connections and redundant power sources, residing on divergent power grids and Internet peering points.
- All exams, images and information reside on: 1. Local Redundant On-Line RAID equipped Exam Server; 2. Remote Archive Site #1 with On-Line Redundant RAID devices; 3. Remote Archive Site #2 with On-Line Redundant RAID devices.
- Biometric Access Control to primary archive center.
- Ability to produce “anonymized” exam copies for teaching or clinical review purposes.
- Automatic Log-off of any and all unattended workstations and servers with PACS access.
- Ability for authorized Users of the PACS to manually enter PACS orders and patient demographic information in the event of HIS/RIS failure.
- CoActiv also can automatically populate all connected modalities with patient exam orders and demographic via a self contained DICOM Modality Worklist in the event of a HIS/RIS failure.
- Department of Defense 256-bit encryption of all transmitted images and exams to and from Secure Socket Level Internet based access devices.
- Use of secure client server technology to eliminate less secure “browser based” remote access protocols.
- CoActiv supplied user training in proper HIPAA compliant practices and procedures when accessing and handling all patient related images and information in the PACS.
- Classes in HIPAA practices and procedures are also made available on an as requested basis for any and all members of the entity PACS community, including physicians, medical staff, administrative staff, support staff and off-site PACS users such as referring and consulting physicians and their practice staff.
- CoActiv employees are required to execute appropriate confidentiality agreements and adhere to all HIPAA privacy guidelines.
To receive more detailed or specific information regarding CoActiv Medical HIPAA practices, procedures or policies please contact us at firstname.lastname@example.org or in writing to: CoActiv, LLC, Department of Regulatory Control, 2 Old New Milford Road, Suite 2F, Brookfield, CT 06804, or by phone at: 877-COACTIV (262-2848).
Information regarding CoActiv FDA and DICOM regulatory compliance is also available elsewhere on this website.
Additional Information regarding HIPAA may be found at the following Internet locations:
US Dept of Health and Human Services – www.hhs.gov/hipaa/
US Office of Civil Rights (OCR) – www.hhs.gov/ocr/privacy
American College of Radiology – www.acr.org
AHIMA – www.ahima.org/topics/pcs
HIMSS – www.himss.org