Merge Unity HIPAA COMPLIANCE STATEMENT. Merge Healthcare 900 Walnut Ridge Drive Hartland, WI 53029

Similar documents
New Features & Web Solutions. IHE (Integrated Healthcare Environment) Enhanced PACS Features Web Integration

North Shore LIJ Health System, Inc.

Introducing a new take on efficient workflow: Deeply integrated clinical applications

HEALTHCARE. Taking workflow where you want it to go.

Contents. Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule

Power Digital Imaging

IBM Clinical Trial Management System for Sites

Creating a More Efficient Workflow for Reading High-Volume CT and MR Studies

HIPAA and Electronic Information

HIPAA Summit VII. Preconference III. Advanced Strategies to Achieve ROI in Implementing HIPAA

Welcome to Northside Hospital s Annual / New Hire Compliance Training. 1 of 35

Imaging Solutions. AccessSTAT business analytics with drill down on real time and history AccessVAULT vendor neutral archive in the cloud

IBM Clinical Development

Stand Alone Viewers A COMPLETE DIAGNOSTIC VIEWER WITH CONSOLIDATED WORKLIST DESIGNED TO OPTIMIZE REPORTING TIME

System Overview and Features Prepared for AceScript

ClickStaff Orientation Training. Presented to: Contingent Workers Presented by: <Supplier ABC> Version Effective Date: June 20, 2012 Version: 8FINAL

Oracle Manufacturing Cloud. Release 13 (updates 18A 18C) New Feature Summary

Oracle Hospitality Suites Management. Release Notes

IBM Clinical Trial Management System for Sites

Guidance for Industry - Computerized Systems Used in Clinical Trials

Integrating the Imaging Workflow By Konica Minolta

PRODUCT DESCRIPTIONS AND METRICS

RIS / PACS A WEB-BASED APPLICATION DESIGNED TO AUTOMATE YOUR WORKFLOW

GeriMedProfiles. Consultant Pharmacist Software

PATIENT BILLING SYSTEM PATIENT BILLING SYSTEM PDF A PATIENT S GUIDE TO BILLING - MYMSK LOGIN PAGE BILLING AND COLLECTIONS POLICY

Mobile Radiography Radiology Information System by AMT/EMD

DICTATION & TRANSCRIPTION

WebSphere Business Integration Collaborations Reference guide. Integrate business processes across your company and beyond.

IBM Clinical Development Subscription

EGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY Created for mike elfassi

Dictation & Transcription Solutions

Analysis & Planning Guide for Adopting the CAQH CORE Eligibility & Claim Status Operating Rules. March 27, 2012

Manage more data, meet healthcare regulations and improve availability

Business Continuity Standard

Directors: Dr. Shivram G. Iyer, MD Dr. Rohit Gupta, MD, DNB, MNAMS. Phone numbers:

Infor Cloverleaf Integration Suite

Patient Engagement in Imaging

Healthcare Solutions Nuance PowerShare Network. PowerShare. The industry s largest medical imaging network.

Cost & Limitations. My Vision Express ver For Certified Healthcare IT EHR. July 21st, 2017 Insight Software, LLC

Nuacare HMS. PMS. LIMS. CMS. RIS

siemens.com/teamplay teamplay data sheet

SOLUTIONS Express Enterprise SP Enterprise XP Integral Breast Workspace. better images mean better results

Analysis & Planning Guide for Implementing the Phase IV CAQH CORE Operating Rules

CARESTREAM RIS/PACS SuperPACS Architecture. A Changing Landscape

Operational Impacts of Administration Simplification Lessons Learned and Practical Approaches to Compliance

Ensuring the health of endpoints in healthcare IT

HIPAA Compliant Access Control

PACS A WEB-BASED APPLICATION DESIGNED TO AUTOMATE YOUR WORKFLOW

2017 RamSoft. Corporate Overview

SIMATIC IT. SIMATIC IT R&D SUITE V7.1 Compliance Response ERES. Introduction 1. The Requirements in Short 2

New Features in Primavera Contract Management 14.1

Prioritization of IHE Radiology Profiles. Herman Oosterwijk, President, OTech, Inc.

DON T MISS BE T JUMP START YOUR CARDIAC SAFETY PROGRAM WITH CARDIAC S AFETY

teamplay data sheet valid from March 2017 teamplay data sheet siemens.com/teamplay

How Plans and Providers Can Leverage Their HIPAA Investment for Productively and Profitability

Service Planning Survey

Laboratory Information Management System Index

Release Notes. Oracle Revenue Management and Billing. Version Revision 1.0. E June, 2016

Centricity 360 Suite Case Exchange Physician Access Patient Access

Online Bill Payment and Presentment Quick Start Guide. By Paul A. Murphy Author of Banking Online for Dummies

EMC Information Infrastructure Solutions for Healthcare Providers. Delivering information to the point of care

U.S. FDA TiTle 21 CFR PART 11 ComPliAnCe ASSeSSmenT of SAP SRm

SAP and SAP Ariba Solution Support for GDPR Compliance

SECTION 3: TMHP ELECTRONIC DATA INTERCHANGE (EDI)

Managing ECG workflow your way

Technical Information Agreement Clinical Systems Technical Education Courses

Transaction Based Usage Costs

09/03/2010. Radiological Information System

Oracle Supply Chain Planning Cloud. Release 13 (updates 18A 18C) New Feature Summary

SAP SuccessFactors Onboarding

RADIATION DOSE MONITOR. The DACS for Building a Low-Dose Culture

QUARTZ FA-LIMS. Laboratory Information Management System for Failure Analysis THE ONLY LIMS SYSTEM DESIGNED SPECIFICALLY FOR FAILURE ANALYSIS

ORACLE CRM ON DEMAND LIFE SCIENCES EDITION

Moving Toward a Consumer-Driven Electronic Health Records Infrastructure

RSNA/SNM/FDA. Management of Image Data Workflow. Two Topic Imaging Workshop: Standards for Imaging Endpoints in Clinical Trials

There Has to Be More:

Legacy Health Data Management, an Overview of Data Archiving & System Decommissioning with Rick Adams

Enterprise image viewing platform. Secure access to patient images and data. Real-time collaboration. Diagnose from mobile or web.

New Features in Primavera Analytics 16.2

An Integrated Solution to Your Medical Billing & Collection Needs

Electronic I-9 Documentation Guardian Electronic I-9 and E-Verify Compliance with 8 CFR 274a.2

for exceptional care

U.S. FDA TiTle 21 CFR PART 11 ComPliAnCe ASSeSSmenT of SAP ReCiPe management

ORDER ENTRY IN RADIOLOGY

Sarbanes-Oxley Compliance Kit

Oracle Hospitality Inventory Management Mobile Solutions. Installation and Configuration Guide

FILMLESS HOSPITAL: INTEGRATION AND DATA WORKFLOW IN HOSPITAL

EEG in a Connected World

SYNAPSE is a registered trademark of FUJIFILM Medical Systems U.S.A., Inc. in United States, Australia and Canada

CARESTREAM DIRECTVIEW Max CR System

INCREASING YOUR LABORATORY PRODUCTIVITY

SECTION 3: TMHP ELECTRONIC DATA INTERCHANGE (EDI) TEXAS MEDICAID PROVIDER PROCEDURES MANUAL: VOL. 1

SECTION 3: TMHP ELECTRONIC DATA INTERCHANGE (EDI) TEXAS MEDICAID PROVIDER PROCEDURES MANUAL: VOL. 1

Atlant s atwatch CAPA TM. Corrective and Preventive Action System (CAPA) Product & Services Bundle for

Lytec Features Evolution Matrix

Collaboration with Business Associates on Compliance

IBM System Storage. IBM Information Archive: The next-generation information retention solution

Introduction DICOM and imaging Replacing film with PACS What is wrong with the scenario? Going beyond DICOM IHE impact: workflow problems

Transcription:

Merge Unity Merge Healthcare 900 Walnut Ridge Drive Hartland, WI 53029

Copyright 20XX-20XX Merge Healthcare Incorporated, an IBM Company. The content of this document is confidential information of Merge Healthcare Incorporated and its use and disclosure is subject to the terms of the agreement pursuant to which you obtained the software that accompanies the documentation. Merge Healthcare is a registered trademark of Merge Healthcare Inc. The Merge Healthcare logo is a trademark of Merge Healthcare Inc. All other names are trademarks or registered trademarks of their respective companies. U.S. GOVERNMENT RESTRICTED RIGHTS This product is a Commercial Item offered with Restricted Rights. The Government s rights to use, modify, reproduce, release, perform, display or disclose this documentation are subject to the restrictions set forth in Federal Acquisition Regulation ( FAR ) 12.211 and 12.212 for civilian agencies and in DFARS 227.7202-3 for military agencies. Contractor is Merge Healthcare. INDICATIONS FOR USE: Merge Unity PACS Merge Unity PACS is a medical image and information management system that allows viewing, selection, processing, printing, telecommunications, and media interchange of medical images from a variety of diagnostic imaging systems. Merge Unity PACS interfaces to various storage and printing devices using DICOM or similar interface standards. Merge Unity PACS displays, stores, prints, and telecommunicates images from a number of medical modalities, including but not limited to MRI, CT, US, PET, DXA (bone densitometry), nuclear imaging, computed radiography, digital radiography, digitized films, digital photographs, mammographic images, and processed data from FDA-cleared third party image processing systems, including FDA-cleared systems for computer-aided detection and advanced image processing (e.g. 3-D processed images such as those produced by Voxar Corp.). Lossy compressed mammographic images must not be used for primary diagnostic interpretation unless approved for use in digital mammography. Display monitors used for primary diagnostic interpretation of mammographic images must be approved for use in digital mammography. INDICATIONS FOR USE: Z3D Z3D is intended to provide reading physicians, referring physicians, and other appropriate healthcare professionals tools to aid in interpreting medical images, including: Displaying DICOM compliant medical image volumes, such as CT, MRI, and PET. Reformatting images, including creation of MPRs, MIPs, MinIPs, color/monochrome 3D volume rendered images. Manipulating displayed images via control of slice thickness, slice interval, obliquity, perspective, rotation, window/level, crop, zoom, color/monochrome transformations, segmentation, sculpting, straightening the display of curved structures, and creating images perpendicular to a curvilinear path. Creating series of DICOM images and individually captured images that can be displayed and stored in a PACS. Measuring coronary calcium, which is intended for non-invasive identification and quantification of calcified atherosclerotic plaques in the coronary arteries using tomographic medical image data and clinically accepted calcium scoring algorithms. CAUTION: Federal law restricts this device to sale by or on the order of a physician. CAUTION: Unity PACS and Merge Z3D are not intended for diagnostic use on mobile device such as a phone or tablet. The symbols glossary is provided electronically at http://www.merge.com/support/resources.aspx. CANADIAN DEVICE IDENTIFIER: Device Name UNITY RIS/PACS Merge Z3D Device Identifier C-DRSW-00001 MERGE Z3D Manufacturer s Address Merge Healthcare Incorporated 900 Walnut Ridge Drive Hartland, WI 53029

DOCUMENT VERSION LOG: Part Date Revision Description UPAX-4462 June 7, 2016 1 Initial Merge release. May 10, 2017 2 Updated copyright page and migrated to Merge template.

Table of Contents 1 Introduction... 5 1.1 Purpose... 5 1.2 Scope... 5 1.3 Related Information... 5 1.4 Glossary... 6 2 Responsibility for compliance... 6 3 How DR Systems supports compliance internally... 6 4 How DR Systems supports compliance for its customers... 7 4.1 Access controls... 7 4.2 Audit controls... 8 4.3 Integrity... 8 4.4 Authentication... 8 4.5 Transmission security... 8 4

1 Introduction 1.1 Purpose The purpose of this document is to provide general information in relationship to the technical security services referenced within the Technical Safeguards section of the Federal Register, Section G (164.312), as they pertain to Protected Health Information in electronic form. DR Systems products are designed to assure the privacy and security of electronically stored medical data. The regulations set standards for electronic transactions, the privacy of all medical records and all identifiable health information and the security of electronically stored information. DR Systems products are designed to assist Covered Entities (as defined under HIPAA) to comply with the HIPAA Regulations referenced in this document. 1.2 Scope The scope of this document is focused solely on the five technical security services requirements with supporting implementation features: Access control; Audit Controls; Integrity; Person or Entity authentication; and Transmission Security. For details, reference Technical Safeguards section of the Federal Register, Section G (164.312). All other required privacy and security elements associated with the HIPAA regulations are the sole responsibility of the Covered Entities. Note: a complete description of HIPAA is beyond the scope of this document. 1.3 Related Information The following are Web sites with related information: Web Site http://www.hhs.gov/ocr/hipaa/ http://edocket.access.gpo.gov/20 09/pdf/E9-20169.pdf http://ecfr.gpoaccess.gov/cgi/t/te xt/textidx?c=ecfr&tpl=/ecfrbrowse/title 45/45cfr162_main_02.tpl Description United States Department of Health and Human Services Office for Civil Rights - HIPAA Medical Privacy National Standards To Protect the Privacy of Personal Health Information Federal Register Part II, Department of Health and Human Services, 45 CFR Parts 160, 162, and 164 Health Insurance Reform: Security Standards; Final Rule. Section G. Technical Safeguards 164.312. 5

1.4 Glossary Business Associate Under HIPAA, Business Associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information, on behalf of, or provides service to, covered entity. Covered Entity (CE) Under HIPAA, Covered Entity is a health plan, a health care clearinghouse, or a health care provider who transmits any health information in electronic form in connection with a HIPAA transaction. Also see Part II, 45 CFR 160.103. HIPAA (Health Insurance Portability and Accountability Act) The Health Insurance Portability and Accountability Act (HIPAA) of 1996 mandates legal and regulatory environments governing the provision of health benefits, the delivery and payment of healthcare services, and the security and confidentiality of individually identifiable, protected health information. Protected Health Information (PHI) PHI is individually identifiable health information that is transmitted by, or maintained in, electronic media or any other form or medium. This information must relate to 1) the past, present, or future physical or mental health, or condition of an individual; 2) provision of health care to an individual; or 3) payment for the provision of health care to an individual. If the information identifies or provides a reasonable basis to believe it can be used to identify an individual, it is considered individually identifiable health information. See Part II, 45 CFR 164.501 2 Responsibility for compliance Compliance with state and federal regulations regarding patient confidentiality, security, and privacy is the responsibility of all covered entities and business associates. This includes, but is not limited to, compliance with the Health Information Portability and Accountability Act (HIPAA) of 1996. 3 How DR Systems supports compliance internally DR Systems supports compliance with regulatory and ethical requirements in many ways: 1. Confidentiality agreement. All DR employees are required to execute a confidentiality agreement, because employees may gain access to confidential medical information as a result 6

of their work with clinical customer sites. A copy of DR Systems internal confidentiality agreement can be provided upon request. 2. Background checks before hiring. A background check is performed on all new hires to DR Systems. 3. Requirement for creating anonymized patient records. DR Systems internal policies prohibit the inappropriate transmission or duplication of patient records, if the patient records include identifying information. 4 How DR Systems supports compliance for its customers In the Technical Safeguards section of the Federal Register, Section G (164.312), the following security services features are discussed: Access Controls Audit Controls Integrity Authentication Transmission Security See the following sections for details on how DR Systems addresses these features. 4.1 Access controls Requirements for unique user identification and other methods of access control: Unique user identification. DR Systems supports a username/password system for gaining access to DR Systems user applications. We strongly discourage any user from sharing or disclosing this personal password or user name. Restrictions based on user rights. User Security Administration enables certain Administrators to tailor the rights assigned to any given user, including limiting and suspending user rights as appropriate. Automated log-outs. DR Systems supports an automatic logout mechanism. The system requires the user to log on again, if the workstation is not used for a selected period of time. Placement of equipment in secure areas. DR Systems participates with customers in planning implementation so that confidentiality and security is promoted. This includes placing computer technology in appropriately secured and confidential areas when applicable. 7

4.2 Audit controls Audit control procedures to record and examine system activity: Audit trail. DR Systems provides an audit trail that records access to any patient s medical record within DR Systems products. The event log can be queried and sorted, and can also be copied to external databases such as Microsoft Excel. 4.3 Integrity Integrity is maintained through the following methods: 4.4 Authentication Archiving and backup methods. DR Systems provides a multi-tiered archive to ensure security of imaging and related records. DR Systems strongly encourages all customers to create backup copies of their medical imaging records using our Archiving systems when applicable. Disaster planning support. DR Systems supplies fault-tolerant image servers and other related technologies to support disaster planning when necessary. For example, technologist workstations can be configured to continue functioning even in the event of a server or network failure, so that patient imaging can continue. Patient demographics and exam schedules can be input directly into DR Systems in the event of a particular failure. User Authentication Username/password system. Approval and authentication of reports. Some of DR products supports approval and authentication of reports, which can include electronic signature. User names and passwords are required to generate, edit, revise, or correct reports and appropriate audit trails are retained. 4.5 Transmission security Data encryption. The system supports data encryption when information is transmitted via the Internet, using secure technology such as SSL, TLS, or VPN.. Confidentiality warning. Appropriate confidentiality notices are displayed when records are queried over the Internet. 8

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback