This statement confirms Algotec’s commitment to providing our customers with the infrastructure and tools to facilitate their full compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 in the use of Algotec’s products and technology.

It should be noted that there is no way to assert HIPAA compliance for software or hardware products. It is only a healthcare organization that can be compliant – not the products it uses. Therefore, instead of reviewing product compliance, customers should review the security features of products. Customers are further encouraged to review how these security features fit into their institution’s security procedures.

ImagiNet provides enterprises with a suite of security mechanisms to ensure the highest standards of patient confidentiality, in accordance with HIPAA regulations, making the ImagiNet system a “Privacy Enabled” system. Security mechanisms include centralized User Management components, support for a variety of encryption mechanisms, protection of remote client machines, Audit Trail and Access Control mechanisms. More information on specific ImagiNet security features and tools can be found below. Additional information will be provided upon request.

Entity Authentication

Central User Management

• All the ImagiNet components use a Central User Management component to create, manage and authenticate users.

Session Timeouts

• Auto-Lock mechanism locks an inactive application after a specified time.
• Auto-Logout mechanism terminates inactive sessions after a specified time.
  

Access Control

Role-based access.

• Different management and administration roles are possible in the system.
• Support of emergency Role.

Context-based access

• Allow administrators to provide information to users on a ‘need to know’ basis.
• Access Control restrictions can be placed on individual users, groups, or specific locations.
• Access restrictions can be configured for different data types, according to any DICOM criteria. Examples include limiting access to modalities, image types, study statuses, etc…

Audit Trail

• All ImagiNet products log their activity into a central, protected Audit Log.
• The Audit Log is only accessible to administrators who can monitor system activity and attempts at security breaches.

Data Encryption

• ImagiNet supports encryption of all the data passing through the system.
• Encryption can be enforced on LAN, WAN or dial-up using a variety of mechanisms.
• The encryption mechanisms for different clients can be configured separately, allowing maximum flexibility in the system.
• Data to and from local (LAN) clients can be encrypted using a variety of protocols (SSL, SSH, 3DES, etc…).
• Administrators can choose to encrypt patient demographics only, or image pixel data as well.
• DICOM communication can be encrypted using TLS.
• Data to and from Web clients can be encrypted using a variety of protocols (HTTPS, SSL, etc…).
• Usage of secured E-Mail in several options (Password protected E-Mails, Certificate signed E-Mails, etc…).

Disaster Recovery

• Server hardware Hot/Cold Backup – several configurations are supported for hardware failures.
• Both server OS, Applications and Data are daily backed-up to offline storage. Backup policies include daily Incremental backup and weekly full backup.
• Offline media protection - Image data is automatically cloned to secondary media. This media should be exported from the library and stored in a secured place (e.g safe deposit box).