HIPPA´s compliant Auditing System for Medical Imaging System

As an official rule for healthcare privacy and security, Health Insurance Portability and Accountability Act (HIPAA) requires security services supporting implementation features: access control; audit controls; authorization control; data authentication; and entity authentication. Audit controls proposed by HIPPA Security Standards are audit trails, which audit activities, to assess compliance with a secure domain´s policies, to detect instances of non-compliant behavior, and to facilitate detection of improper creation, access, modification and deletion of Protected Health Information (PHI). Although current medical imaging systems generate activity logs, there is a lack of regular description to integrate these large volumes of log data into generating HIPPA compliant auditing trails. The paper outlines the design of a HIPAA´s compliant auditing system for medical imaging system such as PACS and RIS and discusses the development of this security monitoring system based on the Supplement 95 of the DICOM standard: Audit Trail Messages