Cedara Software HIPAA Compliance Statement by aqu16527

VIEWS: 139 PAGES: 17

									                                                                                                              Cedara Software HIPAA Compliance Statement
                                                                                                                       Document No. 2002-00040 Rev 10.0

Cedara Software HIPAA Compliance Statement


                             Document Number:               2002-00040
                             Revision:                      10.0
                             Revision Type:                 Major
                             Document Status:               Approved
                             Date:                          June 26, 2007
                             Effective Date:                Upon Approval
                             Author:                        Chris Wiedmann
Note: When printed, this is an uncontrolled copy, unless accompanied by approval signatures.


Approvals
Product Manager, I-Response                                Chris Wiedmann


Mandatory Reviewers
RA/QA Project Manager                                      Jodi Coleman
Director of Quality & Regulatory Affairs                   Carol Nakagawa
Engineering Manager, I-Response                            Pinar Crombie
Subject Matter Expert, I-Response                          Doug Hussey


Optional Reviewers
Director/Solutions Architect                               Lorelle Lapstra




Cedara Software Corp. – Confidential                                                           Page 1 of 17
                                                                                               Cedara Software HIPAA Compliance Statement
                                                                                                         Document No. 2002-00040 Rev 10.0

Revision History
Date           Revision        Author        Changes
25/12/01          1.0                        Initial draft
01/12/02          2.0                        Add in I-Store comments from Michael Wong
                                             Added documentation from Microsoft White Paper
                                             Added Carol Nakagawa’s comments to document
03/11/2003        3.0         Sabrina        Updated as per Health Insurance Reform: Security Standards; Final Rule
                             Cannistraro     http://a257.g.akamaitech.net/7/257/2422/14mar20010800/edocket.access.gpo.gov/2003/pdf/03-
                                             3877.pdf
                                             Added I-Acquire information.
                                             Edited I-Acquire audit trail information.
07/14/2004        4.0       Ken Fairbairn    For the inclusion of Cedara I-ReadMammo.
                                             Updated section 2.1
02/16/2005        5.0       Ken Fairbairn    For the inclusion of Cedara OrthoWorks Spine Analyzer and Cedara OrthoWorks Care
                                             Manager.
07/28/2005        6.0       Ken Fairbairn    • Added Cedara PET/CT
                                             • Re-formatted table in 2.2.
04/28/2006        7.0        Scott Illsley   Added Cedara OrthoWorks ProPlanner
                                             Changed status to Approved
10/18/2006        8.0           Kinga        Changed Status to Approved
                               Szekely
                                             Currently PET/CT 1.3 does not log the following actions – these items have been removed:
                                             Study status is modified; Installation or upgrade; When users have chosen to mark all the
                                             studies as READ without actually viewing all of them
03/27/2007        9.0           Harald       Changed Status to Approved
                              Zachmann
                                             Removed “study status” info from PET-CT audit trail
06/26/2007        10.0          Chris        Added I-Response to doc and sent for review. Changed wording of first requirement. Per
                              Wiedmann       Mirela, removed “Print” from list of logged actions




Cedara Software Corp. – Confidential                                          Page 2 of 17
                                                      Cedara Software HIPAA Compliance Statement
                                                               Document No. 2002-00040 Rev 10.0




Cedara Software
HIPAA Compliance Statement


                                                            Document Number: 2002-00040
                                                                               Revision: 10.0
                                                                         Date: June 26, 2007




Cedara Software Corp. – Confidential   Page 3 of 17
                                                                                                                                                                           Cedara Software HIPAA Compliance Statement
                                                                                                                                                                                    Document No. 2002-00040 Rev 10.0




TABLE OF CONTENTS

REVISION HISTORY................................................................................................................................................. 2

1.      INTRODUCTION............................................................................................................................................... 5
     1.1        PURPOSE OF THIS DOCUMENT .................................................................................................................. 5
     1.2        SOURCE DOCUMENTS ............................................................................................................................... 5
     1.3        DEFINITIONS ............................................................................................................................................... 6
     1.4        IMPORTANT NOTE TO THE READER ............................................................................................................ 7
2.      HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT ................................................. 8
     2.1        HIPAA........................................................................................................................................................ 8
     2.2        CEDARA SOFTWARE’S APPLICATIONS COMPLIANCE WITH HIPAA........................................................... 9




Cedara Software Corp. – Confidential                                                                                                       Page 4 of 17
                                                                                       Cedara Software HIPAA Compliance Statement
                                                                                                Document No. 2002-00040 Rev 10.0

1. Introduction

1.1 Purpose of this Document

This document is the HIPAA Compliance Statement for Cedara Software’s Applications. The purpose of this document is to
describe how the different applications meet or exceed the standards defined by the Health Insurance Portability and
Accountability Act.

1.2 Source Documents

Reference      Author                  Date         Revision   Document
     1.        Robert Segal            November       1.2      I-SoftView Software Requirements Document for
                                       2001                    HIPAA
     2.        Microsoft Corporation   April 2000      6       HIPAA Technology Review White Paper
     3.        SCAR-Reiner, Bruce      2000            1       Security Issues in the Digital Medical Enterprise
               et al
     4.        United States           December       n/a      Standards for Privacy of Individually Identifiable Health
               Department of Health    2000                    Information
               and Human Services
     5.        Hubert Chu              September      1.4      I-Reach Software Requirements Document
                                       2001
     6.        U.S. Department of      April 17,      n/a      Security Standards for the Protection of Electronic
               Health and Human        2003                    Protected Health Information
               Services




Cedara Software Corp. – Confidential                                  Page 5 of 17
                                                                                           Cedara Software HIPAA Compliance Statement
                                                                                                    Document No. 2002-00040 Rev 10.0


1.3 Definitions

 Word                 Definition
 HIPAA                Health Insurance Portability and Accountability Act
 HHS                  Department of Health and Human Services




Cedara Software Corp. – Confidential                                        Page 6 of 17
                                                                                                Cedara Software HIPAA Compliance Statement
                                                                                                           Document No. 2002-00040 Rev 10.0


1.4 Important note to the reader

The use of this compliance statement by itself does not guarantee complete coverage of those regulations issued under the HIPAA Act.
The user or integrator of Cedara products should keep the following issues in mind:
1. Certain functions will require integration work on the Customer side in order to get full benefit of the features implemented in Cedara’s
   applications.
2. HIPAA regulations are currently open to interpretation and Cedara makes no guarantee that its interpretation of those regulations is
   correct or will be found to be all-inclusive of the requirements.
3. Each installed site requires protocols and policies in place to ensure that security features enabled in Cedara’s applications are fully
   utilized.
4. The HIPAA requirements will continually evolve to meet new user requirements. Cedara will follow the changes in the Act by
   implementing new features as specified. Cedara reserves the right to make changes to its products or to discontinue its delivery. The
   user or integrator should ensure that any non-Cedara device providers, which connect with Cedara devices, should also follow HIPAA
   regulations. Failure to do so will likely result in future security problems.
5. Only those applications identified within this document have been considered for compliance. Any other products that Cedara offers
   that are not covered in this document require interested parties to contact Cedara’s marketing department for more information.
   Applications covered in this document include:


   •   Cedara I-Acquire                                                    •   Cedara OrthoWorks Care Manager
   •   Cedara I-Reach                                                      •   Cedara PET/CT
   •   Cedara I-SoftView                                                   •   Cedara OrthoWorks ProPlanner
   •   Cedara I-Store                                                      •   Cedara I-Response
   •   Cedara I-ReadMammo
   •   Cedara OrthoWorks Spine Analyzer




Cedara Software Corp. – Confidential                                           Page 7 of 17
                                                                                             Cedara Software HIPAA Compliance Statement
                                                                                                       Document No. 2002-00040 Rev 10.0

2. Health Insurance Portability and Accountability Act

2.1 HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US Federal Law that requires that health care providers and
other covered entities protect the privacy and security of patient health information.

Areas that require specific control include:

   •   Control of authorization of users to access data;
   •   Chain of trust agreements;
   •   Data availability;
   •   Contingency plans;
   •   Continuity of operation plans;
   •   Unauthorized changes to data;
   •   Organizational policies; and
   •   Human resources changes;

HIPAA Privacy Standards came into complete effect on April 14, 2004. Covered entities have until April 21, 2005 to comply with the
HIPAA Security Standards. Small covered entities have until April 21, 2006.

As a manufacturer of medical imaging software, Cedara Software Corp. has integrated security features into its medical applications to
help covered entities ensure their compliance with HIPAA requirements.

This HIPAA Compliance Statement is intended to indicate Cedara product features that could be implemented to address certain HIPAA
privacy and security requirements.




Cedara Software Corp. – Confidential                                        Page 8 of 17
                                                                                                            Cedara Software HIPAA Compliance Statement
                                                                                                                        Document No. 2002-00040 Rev 10.0


2.2 Cedara Software’s Applications Compliance with HIPAA

Security Standards for the Protection of Electronic Healthcare Information: Technical Safeguards


                                                                                                                                                          Currently
  Requirement          Description                                              Cedara Implementation
                                                                                                                                                          Available
Access Control Implementation Specifications
Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to
those persons or software programs that have been granted access rights.
Unique user          Assign a unique      Cedara I-Acquire                                                                                             Available. Must be
identification       name and/or                                                                                                                       enforced by the
(Required).          number for           Cedara I-Acquire authenticates users based on their Windows passwords. Each user in the hospital             healthcare
                     identifying and      enterprise should have a unique username and password.                                                       enterprise.
                     tracking user        Cedara I-Reach
                     identity.
                                          Each Cedara I-Reach user must have a unique username and password in order to use the system. Only
                                          one Cedara I-Reach session may be run for each user at any given time.
                                          Cedara I-SoftView
                                          Cedara I-SoftView authenticates users based on their Windows passwords. Each user in the hospital
                                          enterprise should have a unique username and password.
                                          Cedara I-Store
                                          Cedara I-Store authenticates users based on their Windows administrative rights. Each administrator should
                                          have a unique username and password.
                                          Cedara I-ReadMammo
                                          Cedara I-ReadMammo authenticates users based on their Windows passwords. Each user in the hospital
                                          enterprise should have a unique username and password.
                                          Cedara OrthoWorks Spine Analyzer
                                          Cedara OrthoWorks Spine Analyzer authenticates users based on their Windows passwords. Each user in
                                          the hospital enterprise should have a unique username and password.
                                          Cedara OrthoWorks Care Manager
                                          Cedara OrthoWorks Care Manager authenticates users based on their Windows passwords. Each user in
                                          the hospital enterprise should have a unique username and password.



Cedara Software Corp. – Confidential                                                    Page 9 of 17
                                                                                                              Cedara Software HIPAA Compliance Statement
                                                                                                                           Document No. 2002-00040 Rev 10.0

                                                                                                                                                             Currently
 Requirement          Description                                               Cedara Implementation
                                                                                                                                                             Available
                                         Cedara PET/CT
                                         Cedara PET/CT authenticates users based on their Windows passwords. Each user in the hospital
                                         enterprise should have a unique username and password
                                         Cedara OrthoWorks ProPlanner
                                         Cedara OrthoWorks ProPlanner authenticates users based on their Windows passwords. Each user in the
                                         hospital enterprise should have a unique username and password.
                                         Cedara I-Response
                                         Cedara I-Response authenticates users based on their Windows passwords. Each user in the hospital
                                         enterprise should have a unique username and password. It also requires an additional username and
                                         password, specific to I-Response, at the application level.


Emergency access    Establish (and                                                                                                                        Healthcare facility
procedure           implement as                                                                                                                          must implement
(Required).         needed)                                                                                                                               procedure and
                    procedures for                                                                                                                        process for this.
                    obtaining
                    necessary
                    electronic
                    protected health
                    information during
                    an emergency.
Automatic logoff    Implement            Cedara I-Acquire                                                                                                 Available
(Addressable).      electronic
                    procedures that      The system administrator can create screen savers that are invoked after a certain time-period, thus
                    terminate an         requiring the user to re-enter their Windows domain password.
                    electronic session   Cedara I-Reach
                    after a
                    predetermined time   The application automatically times out after a time-period designated by the system administrator. After this
                    of inactivity.       time-out period, the user must login again.
                                         Passwords automatically expire after a configurable amount of time (default is 90 days).
                                         Cedara I-SoftView
                                         The system administrator can create screen savers that are invoked after a certain time-period, thus
                                         requiring the user to re-enter their Windows domain password.
                                         Cedara I-Store



Cedara Software Corp. – Confidential                                                    Page 10 of 17
                                                                                                             Cedara Software HIPAA Compliance Statement
                                                                                                                         Document No. 2002-00040 Rev 10.0

                                                                                                                                                         Currently
 Requirement          Description                                               Cedara Implementation
                                                                                                                                                         Available
                                         The system can be configured to automatically logoff the archive console after a predetermined time of
                                         inactivity.
                                         The Web Status page can be configured to automatically timeout after a predetermined period of inactivity.
                                         Cedara I-ReadMammo
                                         The system administrator can create screen savers that are invoked after a certain time-period, thus
                                         requiring the user to re-enter their Windows domain password.
                                         Cedara OrthoWorks Spine Analyzer
                                         The system administrator can create screen savers that are invoked after a certain time-period, thus
                                         requiring the user to re-enter their Windows domain password.
                                         Cedara OrthoWorks Care Manager
                                         The system administrator can create screen savers that are invoked after a certain time-period, thus
                                         requiring the user to re-enter their Windows domain password.
                                         Cedara PET/CT
                                         The system administrator can create screen savers that are invoked after a certain time-period, thus
                                         requiring the user to re-enter their Windows domain password.
                                         Cedara OrthoWorks ProPlanner
                                         The system administrator can create screen savers that are invoked after a certain time-period, thus
                                         requiring the user to re-enter their Windows domain password.
                                         Cedara I-Response
                                         The system administrator can create screen savers that are invoked after a certain time-period, thus
                                         requiring the user to re-enter their Windows domain password.


Encryption and      Implement a          Cedara I-Acquire                                                                                             The healthcare
decryption          mechanism to                                                                                                                      facility must
(Addressable).      encrypt and          N/A                                                                                                          implement such a
                    decrypt electronic   Cedara I-Reach                                                                                               mechanism if
                    protected health                                                                                                                  necessary.
                    information.         When using the https protocol to access information, Cedara I-Reach uses a 128-bit SSL to send encrypted
                                         data.
                                         Cedara I-SoftView
                                         N/A



Cedara Software Corp. – Confidential                                                   Page 11 of 17
                                                                                                                 Cedara Software HIPAA Compliance Statement
                                                                                                                             Document No. 2002-00040 Rev 10.0

                                                                                                                                                              Currently
  Requirement         Description                                                 Cedara Implementation
                                                                                                                                                              Available
                                          Cedara I-Store
                                          When using the https protocol to access the Web Status information, Cedara I-Store uses a 128-bit SSL to
                                          send the encrypted data.
                                          Cedara I-ReadMammo
                                          N/A
                                          Cedara OrthoWorks Spine Analyzer
                                          N/A
                                          Cedara OrthoWorks Care Manager
                                          Cedara OrthoWorks Care Manager uses a 128-bit SSL to send the encrypted data on a local area network.
                                          Cedara PET/CT
                                          N/A
                                          Cedara OrthoWorks ProPlanner
                                          Cedara OrthoWorks ProPlanner supports the following for encryption/decrption:
                                          1) DICOM Media Security (encrypted P10 files)
                                          2) DICOM Transport Security (SSL sockets).
                                          Cedara I-Response
                                          N/A


Audit Control Implementation Specifications
Audit Control       Implement             Cedara I-Acquire                                                                                                 The healthcare
                    hardware,                                                                                                                              facility must
                    software, and/or      N/A                                                                                                              implement such
                    procedural            Cedara I-Reach                                                                                                   mechanisms if
                    mechanisms that                                                                                                                        necessary.
                    record and            An audit trail is created that includes the following information: Username; Action performed (e.g. printing);
                    examine activity in   Date and time the action was performed; Name of workstation; Patient name; Study UID; GSPSS UID;
                    information           Unsuccessful login attempts.                                                                                     Mechanisms for
                    systems that          Cedara I-SoftView                                                                                                this are currently
                    contain or use                                                                                                                         under review.
                    electronic            An audit trail is created that includes the following information: Username; Action performed (e.g. printing);



Cedara Software Corp. – Confidential                                                      Page 12 of 17
                                                                                                              Cedara Software HIPAA Compliance Statement
                                                                                                                           Document No. 2002-00040 Rev 10.0

                                                                                                                                                            Currently
 Requirement          Description                                               Cedara Implementation
                                                                                                                                                            Available
                    protected health   Date and time the action was performed; Name of workstation Cedara I-SoftView is running on; Patient
                    information.       name of the study; UID of the study; GSPSS UID; Study status new and old.
                                       Data is sent to logging component when the following actions are executed: Study is viewed; Study is
                                       printed; Study is consulted; Study status is modified; Modified GSPSS data of a study has been saved;
                                       Invoking I-SoftView DICOM transfer has been made; Installation or upgrade of I-SoftView; When users have
                                                                                                                    1
                                       chosen to mark all the studies as READ without actually viewing all of them.
                                       Cedara I-Store
                                       An audit trail is created to track modifications to the patient or study demographic information. The location
                                       where studies that are transferred are also logged.
                                       Cedara I-ReadMammo
                                       An audit trail is created that includes the following information: Username; Action performed (e.g. printing);
                                       Date and time the action was performed; Name of workstation Cedara I-ReadMammo is running on; Patient
                                       name of the study; UID of the study; GSPSS UID; Study status new and old.
                                       Data is sent to logging component when the following actions are executed: Study is viewed; Study is
                                       printed; Study is consulted; Study status is modified; Modified GSPSS data of a study has been saved;
                                       Invoking I-ReadMammo DICOM; transfer has been made; Installation or upgrade of I-SoftView; When users
                                       have chosen to mark all the studies as READ without actually viewing all of them.
                                       Cedara OrthoWorks Spine Analyzer
                                       N/A
                                       Cedara OrthoWorks Care Manager
                                       An audit trail is created that includes the following information: Login; operation performed (delete a patient );
                                       Date and time the action was performed; Name of workstation Cedara Care Manager is running on;
                                       Data is sent to logging component when the following actions are executed: a user has logged in; A user has
                                       logged out; A patient file has been created; A patient file has been deleted; A patient file has been viewed;
                                       Has been updated; Has been exported; A module has been installed; A module has been updated.
                                       Cedara PET/CT
                                       An audit trail is created that includes the following information: Username; Action performed (e.g. printing);
                                       Date and time the action was performed; Name of workstation Cedara PET/CT is running on; Patient name
                                       of the study; UID of the study; UID.
                                       Data is sent to logging component when the following actions are executed: Study is viewed; Study is
                                       printed; Invoking PET/CT DICOM transfer has been made; Saving a Secondary Capture image; Saving
                                       registration information.



Cedara Software Corp. – Confidential                                                   Page 13 of 17
                                                                                                                    Cedara Software HIPAA Compliance Statement
                                                                                                                                 Document No. 2002-00040 Rev 10.0

                                                                                                                                                                     Currently
  Requirement          Description                                                   Cedara Implementation
                                                                                                                                                                     Available
                                           Cedara OrthoWorks ProPlanner
                                           An audit trail is created that includes the following information: Username; Action performed (e.g. printing);
                                           Date and time the action was performed; Name of workstation OrthoWorks ProPlanner is running on; Patient
                                           name of the study (if available); UID of the study (if available); UID of the series (if available); Study status
                                           new and old (if available).
                                           Data is sent to logging component when the following actions are executed: Study is viewed; Study is
                                           printed; Study status is modified; Invoking/Exiting OrthoWorks ProPlanner; DICOM transfer has been made;
                                           DICOM Secondary Capture Series Created; Installation, upgrade or uninstallation of OrthoWorks
                                           ProPlanner; When users have chosen to mark all the studies as READ without actually viewing all of them;
                                           When user saves the presentation state of a study (GSPS)
                                           Cedara I-Response
                                           An audit trail is created that includes the following information: Username; Action performed (e.g. printing);
                                           Date and time the action was performed; Name of workstation application is running on; Patient name of the
                                           study (if available); UID of the study (if available); UID of the series (if available); UID of the registration (if
                                           available); Study status new and old (if available).
                                           Data is sent to logging component when the following actions are executed: Installing, upgrading or
                                           uninstalling the application; Invoking/Exiting the application; Load patient data for display; DICOM transfer;
                                           DICOM Secondary Capture series created; Saving Presentation State series; Saving ADC series; and
                                           Saving Registered series.


Integrity Implementation Specifications
Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.
Mechanism to         Implement                                                                                                                                    Mechanisms for
authenticate         electronic                                                                                                                                   this are currently
electronic           mechanisms to                                                                                                                                under review.
protected health     corroborate that
information          electronic
(Addressable).       protected health
                     information has not
                     been altered or
                     destroyed in an
                     unauthorized
                     manner.
Person or entity Authentication Implementation Specifications



Cedara Software Corp. – Confidential                                                        Page 14 of 17
                                                                                                               Cedara Software HIPAA Compliance Statement
                                                                                                                            Document No. 2002-00040 Rev 10.0

                                                                                                                                                              Currently
  Requirement         Description                                                 Cedara Implementation
                                                                                                                                                              Available
Person or entity    Implement              Cedara I-Acquire                                                                                                Available
Authentication      procedures to
                    verify that a person   Users must enter their unique username and password when logging in to the system. Cedara I-Acquire then
                    or entity seeking      authenticates the user prior to allowing access to electronic protected health information.
                    access to              Cedara I-Acquire can be integrated with biometric devices to ensure access to PHI is the one claimed.
                    electronic
                    protected health       Cedara I-Reach
                    information is the     Users must enter their unique username and password when logging in to the system. Cedara I-Reach then
                    one claimed.           authenticates the user prior to allowing access to electronic protected health information. Upon a
                                           configurable number, (default is 8) of unsuccessful login attempts, the user account is automatically made
                                           inactive. Each user’s predefined role limits the information to which they have access.
                                           Cedara I-Reach can be integrated with biometric devices to ensure access to PHI is the one claimed.
                                           Cedara I-SoftView
                                           Users must enter their unique username and password when logging in to the system. Cedara I-SoftView
                                           then authenticates the user prior to allowing access to electronic protected health information.
                                           Cedara I-SoftView can be integrated with biometric devices to ensure access to PHI is the one claimed.
                                           Cedara I-Store
                                           Users must enter their unique username and password when logging in to the system. Cedara I-Store then
                                           authenticates the user prior to allowing access to electronic protected health information.
                                           Cedara I-Store can be integrated with biometric devices to ensure access to PHI is the one claimed.
                                           Cedara I-ReadMammo
                                           Users must enter their unique username and password when logging in to the system. Cedara I-
                                           ReadMammo then authenticates the user prior to allowing access to electronic protected health information.
                                           Cedara I-ReadMammo can be integrated with biometric devices to ensure access to PHI is the one claimed.
                                           Cedara OrthoWorks Spine Analyzer
                                           N/A
                                           Cedara OrthoWorks Care Manager
                                           Users must enter their unique username and password when logging in to the system. Cedara OrthoWorks
                                           Care Manager then authenticates the user prior to allowing access to electronic protected health information.
                                           Cedara PET/CT
                                           Users must enter their unique username and password when logging in to the system. Cedara PET/CT then



Cedara Software Corp. – Confidential                                                     Page 15 of 17
                                                                                                                Cedara Software HIPAA Compliance Statement
                                                                                                                             Document No. 2002-00040 Rev 10.0

                                                                                                                                                           Currently
  Requirement          Description                                                Cedara Implementation
                                                                                                                                                           Available
                                          authenticates the user prior to allowing access to electronic protected health information.
                                          Cedara PET/CT can be integrated with biometric devices to ensure access to PHI is the one claimed.
                                          Cedara OrthoWorks ProPlanner
                                          Users must enter their unique username and password when logging in to the system. Cedara OrthoWorks
                                          ProPlanner then authenticates the user prior to allowing access to electronic protected health information.
                                          Cedara I-Response
                                          Users must enter their unique Windows username and password when logging in to the system. Users must
                                          enter their unique I-Response username and password when logging in to the application.


Transmission security Implementation Specifications
Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an
electronic communications network.
Integrity controls   Implement security                                                                                                                 Mechanisms for
(Addressable).       measures to                                                                                                                        this are currently
                     ensure that                                                                                                                        under review.
                     electronically
                     transmitted
                     electronic
                     protected health
                     information is not
                     improperly
                     modified without
                     detection until
                     disposed of.
Encryption           Implement a          Cedara I-Acquire                                                                                              Available
(Addressable)        mechanism to
                     encrypt electronic   N/A
                     protected health     Cedara I-Reach
                     information
                     whenever deemed      When using the https protocol to access information, Cedara I-Reach uses a 128-bit SSL to send encrypted
                     appropriate.         data.
                                          Cedara I-SoftView
                                          N/A




Cedara Software Corp. – Confidential                                                     Page 16 of 17
                                                                                                         Cedara Software HIPAA Compliance Statement
                                                                                                                       Document No. 2002-00040 Rev 10.0

                                                                                                                                                  Currently
 Requirement          Description                                            Cedara Implementation
                                                                                                                                                  Available
                                       Cedara I-Store
                                       When using the https protocol to access the Web Status information, Cedara I-Store uses a 128-bit SSL to
                                       send the encrypted data.
                                       Cedara I-ReadMammo
                                       N/A
                                       Cedara OrthoWorks Spine Analyzer
                                       N/A
                                       Cedara OrthoWorks Care Manager
                                       Cedara OrthoWorks Care Manager uses a 128-bit SSL to send encrypted data on local network area.
                                       Cedara PET/CT
                                       N/A
                                       Cedara OrthoWorks ProPlanner
                                       Cedara OrthoWorks ProPlanner supports the following for encryption/decrption:
                                       1) DICOM Media Security (encrypted P10 files)
                                       2) DICOM Transport Security (SSL sockets).
                                       Cedara I-Response
                                       N/A




Cedara Software Corp. – Confidential                                                Page 17 of 17

								
To top