Carrison KS Tong PhD, Presenter: Nothing to Disclose

KK Chan PhD, Abstract Co-Author: Nothing to Disclose

Henry YH Huang MD, Abstract Co-Author: Nothing to Disclose

C.K.T.,K.C.,H.Y.H.: Authors are staff of Hong Kong Hospital Authority

Method:In 1995, the British Standards Institution (BSI) has released their standard for ISMS as BS7799. The first part of BS7799, which is the code of practice for information security, has been later adopted by International Organization for Standardization (ISO) as ISO17799. The second part of BS7799 states the specification for ISMS. For implementation of ISO17799 and BS7799, in general, four steps will be required. 1. To define the scope of ISMS in the PACS. 2. To make a risk analysis of the PACS. 3. Plans then need to be created to ensure that the necessary improvements are implemented to move the PACS as a whole forward towards the BS7799 objective. 4. To consider other methods of simplifying the above and achieving compliance with minimum pain.Results:In our hospital, PACS covers all clinical departments. The filmless radiological service has started since November 2003. A PACS security forum including representatives from senior management, clinicians, radiologists, radiographers, information technologists, medical physicists, and technical staff has been established. The PACS is, basically, a cacheless system. The image distribution is based on Web technology with limited Internet Protocol (IP) addresses. All imaging modalities were designed and configured according to Digital Image and Communication in Medicine (DICOM) standard which ensured the integrity of.data. The PACS is administrated by a system manager helped by other 6 technical staffs. All radiologists, radiographers and clinicians are classified as users of the PACS. They do not have the privileges of delete or modification of any data. The system log is only accessible by administrators locally in server room. In the beginning of 2004, the TKOH PACS has passed all requirements of a BS7799 certification audit performed by BSI. Conclusion:ISO17799/BS7799 covers not only the security of the system but also the integrity and availability of data. Practically, the later are more important for PACS. Furthermore, both the standards can help to improve not only the security but also the quality of a PACS.

Data security is an important issue in any PACS. The ISO17799 and BS7799 are the code of practice and standard by which organizations can manage and protect all information assets by ensuring confidentiality, data integrity and availability. The objective of this project is to apply the above standards on a PACS for filmless radiological service.

Tong, C, Chan, K, Huang, H, The Application of ISO17799 and BS7799 Information Security Management in Picture Archiving and Communication System.  Radiological Society of North America 2004 Scientific Assembly and Annual Meeting, November 28 - December 3, 2004 ,Chicago IL. http://archive.rsna.org/2004/4412496.html