Philips RM US 0091 01A Data Security Lumfiy System Security?func=doc
Lumify System and Data Security Lumfiy_System_Data_Security?func=doc Lumify
User Manual: Philips Data Security Lumify
Open the PDF directly: View PDF .
Page Count: 18
Download | |
Open PDF In Browser | View PDF |
Shared Roles for System and Data Security English Lumify Ultrasound System Contents Contents 1 Introduction ............................................................................................................................................. 5 General Information ......................................................................................................................................... 6 2 Control of Security Vulnerabilities on Philips Ultrasound Products............................................................ 7 Strategy for Defense-in-Depth Security ............................................................................................................ 7 Regulatory Environment ................................................................................................................................... 8 Role of Philips in the Product Security Partnership .......................................................................................... 8 Security Issues and Guidelines........................................................................................................................ 10 Information-Maintenance Example................................................................................................................ 13 Assumptions About the Environment ............................................................................................... 13 Information Zones ............................................................................................................................. 13 Security Protection Software .......................................................................................................................... 15 Antivirus Scanning and Updates ........................................................................................................ 15 Backups and Archives ..................................................................................................................................... 16 Backup Procedure.............................................................................................................................. 16 Disaster Recovery Plans..................................................................................................................... 16 Philips Healthcare 4535 618 28131_A/795 * NOV 2015 Role of Customers in the Product Security Partnership.................................................................................... 9 Lumify Ultrasound System 3 Philips Healthcare 4535 618 28131_A/795 * NOV 2015 Contents 4 Lumify Ultrasound System Introduction 1 Introduction This document discusses security on the Lumify Ultrasound System. Where other Philips ultrasound systems are delivered as complete systems, with restrictions on what is authorized and available for the system, Lumify host devices are acquired, configured, and maintained by the healthcare facility or individuals. These guidelines are designed to help healthcare facilities understand how the security of the Philips Lumify app and patient data can be compromised, and to highlight Philips efforts to ensure that safeguards are in place to help prevent security breaches. 4535 618 28131_A/795 * NOV 2015 For ultrasound-system security resources, such as security bulletins, FAQs, and vulnerability information, see the Philips Product Security website: www.philips.com/productsecurity For information about the Lumify Ultrasound System, visit the Lumify portal: www.philips.com/lumify This document and the information contained in it is proprietary and confidential information of Philips Healthcare ("Philips") and may not be reproduced, copied in whole or in part, adapted, modified, disclosed to others, or disseminated without the prior written permission of the Philips Legal Department. This document is intended to be used either by customers, and is licensed to them as part of their Philips equipment purchase, or to meet regulatory commitments as required by the FDA under 21 CFR 1020.30 (and any amendments to it) and other local regulatory requirements. Use of this document by unauthorized persons is strictly prohibited. Philips Healthcare Philips provides this document without warranty of any kind, implied or expressed, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Philips has taken care to ensure the accuracy of this document. However, Philips assumes no liability for errors or omissions and reserves the right to make changes without further notice to any products herein to improve reliability, function, or design. Philips may make improvements or changes in the products or programs described in this document at any time. Lumify Ultrasound System 5 Introduction General Information Unauthorized copying of this document, in addition to infringing copyright, might reduce the ability of Philips to provide accurate and current information to users. Non-Philips product names may be trademarks of their respective owners. General Information The following general information applies to the security of Philips ultrasound software and patient data. Philips Healthcare • Ultrasound systems are not long-term storage devices. Persistent patient data must be archived to a DICOM PACS, network share, or on a local repository. 4535 618 28131_A/795 * NOV 2015 • Philips ultrasound systems do not support multiple-user-session operations. They are designed as single-user devices. Clinical-use access over a network is unsupported. 6 Lumify Ultrasound System Strategy for Defense-in-Depth Security Control of Security Vulnerabilities on Philips Ultrasound Products 2 Control of Security Vulnerabilities on Philips Ultrasound Products Philips is dedicated to helping all customers maintain the confidentiality, integrity, and availability of patient data while ensuring that their ultrasound systems continue to generate and manage this information with complete security. Ultrasound systems may become vulnerable to security breaches when they are connected to a network. 4535 618 28131_A/795 * NOV 2015 Strategy for Defense-in-Depth Security Within the healthcare facility, maintaining the security of patient data and Philips products requires a defense-in-depth security strategy, one that is comprehensive and multilayered (including policies, processes, and technologies) for protecting information and systems from internal and external threats. For specific information about security within your facility, consult with the security specialists in the following offices or those with similar responsibilities: • Chief information security officer • Chief information officer • HIPAA privacy or security officer (in the United States) • Safety officer Philips Healthcare To learn about general security issues or specific vulnerabilities of your ultrasound system, contact your Philips representative. Lumify Ultrasound System 7 Control of Security Vulnerabilities on Philips Ultrasound Products Regulatory Environment Regulatory Environment The development and manufacture of medical devices is tightly regulated, as is the security and privacy of patient information held by healthcare providers. This creates challenges for both healthcare providers and manufacturers in responding quickly to new threats to the security of patient data stored on medical devices. Protection of Electronic Patient Health Information • Health Insurance Portability and Accountability Act (HIPAA), United States of America (www.hhs.gov/ocr/privacy/) • European Medical Device Directive 93/42/EEC • Japan’s HPB517 • HIPAA-related portions of the U.S. federal economic-stimulus act (or HITECH), formally known as the American Recovery and Reinvestment Act of 2009 4535 618 28131_A/795 * NOV 2015 One of the most important assets to protect with security measures is patient health information. As an example, the following regulations require patient health information to remain confidential, and they specify security measures to guard patient information: Role of Philips in the Product Security Partnership Philips operates under a global Product Security Policy that governs design-for-security in product creation, risk assessment, and incident-response activities for vulnerabilities identified in existing products. Philips has instituted a global problem-tracking and escalation process that provides visibility to security issues involving Philips systems. Product engineering groups within Philips monitor continuously for new security vulnerabilities of our systems, including those identified by third-party-software and operating-system vendors and those reported from individual healthcare facilities. 8 Lumify Ultrasound System Philips Healthcare Response to Vulnerabilities Role of Customers in the Product Security Partnership Control of Security Vulnerabilities on Philips Ultrasound Products A global network of response teams dedicated to product-security incidents collects and manages information and addresses the vulnerabilities that affect Philips products and solutions. The response teams continue to expand their activities toward global coverage of all systems. The goal is for the appropriate response team to evaluate each real and potential breach of security with an explicit assessment of the risk, threat, or vulnerability and to develop, as required, a vulnerability response plan that includes qualification and communication procedures. This means that Philips intends to simultaneously inform customers of system vulnerabilities while proceeding with development and deployment of risk-mitigation efforts. For more information about system vulnerabilities, see this website: 4535 618 28131_A/795 * NOV 2015 www.philips.com/productsecurity Design Improvements Philips actively conducts internal product security assessments to identify potential security weaknesses. With that information, Philips engineering teams often define configuration changes and re-engineering efforts that harden the system against outside threats. The same information also drives security design requirements for new products. The Philips Product Security Policy requires design-for-security objectives as part of all new product-creation efforts. Role of Customers in the Product Security Partnership WARNING Philips Healthcare Unauthorized modifications to your Android device ("rooting" or "jailbreaking") can cause the ultrasound system to malfunction, which may lead to misdiagnosis. Lumify Ultrasound System 9 Control of Security Vulnerabilities on Philips Ultrasound Products Security Issues and Guidelines CAUTION Android devices have many applications available for installation through the Google Play store. However, to minimize the risk to patient data security, Philips recommends that you install applications only from trusted sources and that you limit their use to business needs. The practical implementation of technical security elements varies by site and may employ a number of technologies, including firewalls, virus-scanning software, authentication technologies, and so on. As with any computer-based system, ultrasound systems require the level of protection typically provided by firewalls and other security devices between the medical system and any externally accessible systems. The U.S. Department of Veterans Affairs has developed a widely used isolation architecture for this purpose. Such perimeter and network defenses are an essential element of good security practices. The Department of Veterans Affairs Medical Device Isolation Architecture Guide is on this website: http://www.himss.org/ResourceLibrary/ResourceDetail.aspx?ItemNumber=7236 4535 618 28131_A/795 * NOV 2015 Because you use your own device with the Lumify app and transducers, it is your responsibility to ensure the security of your device and of patient data to meet your local security policies and regulatory requirements. Consult your Healthcare IT Security department to ensure that your device is implemented in accordance with your specific requirements for information security. Response to Product-Security Incidents and Malware Detection Security Issues and Guidelines The following guidelines provide concrete examples of system and data vulnerabilities and methods for providing protection. 10 Lumify Ultrasound System Philips Healthcare In the event of a product-security incident, or if you detect malware (malicious software) on the system, immediately disconnect the system from the network and report the incident to your Healthcare IT Security department. Alternatively, report the incident by sending e-mail to‑ productsecurity@philips.com. Security Issues and Guidelines Control of Security Vulnerabilities on Philips Ultrasound Products NOTE Tools for central management of mobile devices are available to help facilitate the guidelines in this document and to help ease deployment, configuration, and security issues. Consult your institution's healthcare IT security department. 4535 618 28131_A/795 * NOV 2015 Device Requirements Philips Ultrasound recommends starting with a device that meets or exceeds the minimum requirements of the Lumify app, as well as the needs for security within your particular environment. The next step is to ensure the appropriate level of security controls are implemented in a manner that meets your local security policies as well as any applicable regulatory obligations. Device Hardening Similar in principle to OS hardening strategies utilized on desktop or laptops, device hardening involves the identification of all unnecessary functions and applications that are included within your device and disabling those functions or applications not required for your use. Depending on the device, this may also include disabling the ability of applications to perform background functionality that may impact the performance of your device while Lumify is in use. Device hardening reduces the attack surface of your device by eliminating those services that may become vulnerable over time. Encryption Philips Healthcare A key security control available on most Android devices is encryption. Encryption helps ensure that data stored on the system is protected and increases the strength of your access-control policies by rendering the data unrecoverable. Lumify Ultrasound System 11 Control of Security Vulnerabilities on Philips Ultrasound Products Security Issues and Guidelines Network Security Any networked ultrasound system must be connected to a secure local area network, one that provides protection against computer viruses and other harmful code or traffic. Ensure the local area network uses appropriate protection, such as only using secure wireless technologies, firewalls, intrusion detection and prevention systems, and vulnerability scanners. Physical Access Control Each healthcare facility should limit physical access to the ultrasound systems for the prevention of accidental, casual, or deliberate contact by unauthorized individuals. The facility safety or security office can provide more information about what measures are in place. Unauthorized visual access to protected information can be minimized by positioning the device to prevent viewing from doorways, hallways, and other traffic areas. Initiate screen blanking by logging off the system or manually clearing the display before leaving the device unattended for any amount of time. User Login and Logout Protections A password protects saved protected health information (PHI) from unauthorized access, while meeting safety requirements for the device to be operational as soon as possible. 4535 618 28131_A/795 * NOV 2015 Position of Device For devices with login capabilities, a consistent user login process, including user names and passwords, provides good security for protecting information. In all cases, the healthcare facility must control access to the system. Protective login and password practices include these: 12 Lumify Ultrasound System Philips Healthcare Taking into account the size and portability of tablet devices, implementing a password or passcode is critical to reduce the potential for exposing personal information if the system is misplaced or stolen. With some devices, additional controls may be implemented to wipe all data from the device if the password or passcode is entered incorrectly after a specified number of times. Those controls help enhance the standard access control model and help reduce the potential for exposing personal information. Information-Maintenance Example Control of Security Vulnerabilities on Philips Ultrasound Products • Implement strong passwords. This is the easiest and most-effective method to increase security. Strong passwords consist of at least eight alphanumeric, mixed-case characters and special characters, for example “@” or “*.” Never use words that can be found in a dictionary. • Never post or share user names and passwords. • Change passwords periodically. Train system operators to log off of the system immediately after completing their work. 4535 618 28131_A/795 * NOV 2015 Information-Maintenance Example This example of how to maintain information security uses a zone model of information flow. Assumptions About the Environment The ultrasound system relies on the healthcare facility to maintain a secure environment, with protection mechanisms for network access, encryption, and intrusion detection. Information Zones Philips Healthcare The information-flow model is commonly incorporated into security standards. An easy way to visualize this model is to diagram a healthcare facility as divided into three zones (see figure), with each zone having a different priority and level of use for the information. Some facilities decide not to extend their information to the farthest zone because they cannot guarantee its protection and integrity. Lumify Ultrasound System 13 Information-Maintenance Example 4535 618 28131_A/795 * NOV 2015 Control of Security Vulnerabilities on Philips Ultrasound Products Security Solutions Between Zones 1 Zone 1: The ultrasound department 2 Zone 2: The rest of the healthcare facility 3 Zone 3: The Internet 4 Firewall 5 Firewall with IPSec Zone 1: The Ultrasound Department Most image transfer is performed within Zone 1. Backups, copies, and media containing ultrasound images must be carefully managed by department staff. Zone 2 includes clinics outside the department that have access to the system and, in some cases, the Internet. Proper authorization for access and use of audit trails is critically important. 14 Lumify Ultrasound System Philips Healthcare Zone 2: The Rest of the Healthcare Facility Security Protection Software Control of Security Vulnerabilities on Philips Ultrasound Products Zone 3: The Internet Zone 3 is used for connectivity to a HIPAA-compliant cloud-storage provider. Security Between the Zones Security between the zones should be managed by standard IT security solutions. Managers must be aware of the expected level of data traffic to choose a solution that is secure, yet does not act as a bottleneck in the information flow. Image distribution requires a high-bandwidth network. 4535 618 28131_A/795 * NOV 2015 Security Within the Zones The security within the zones should be managed by a combination of standard IT security solutions and the security functions of the ultrasound system. Security Protection Software Lumify app updates are provided through regular releases and the Philips Field Change Order process. Antivirus Scanning and Updates Philips Healthcare The best protection against viruses is for a healthcare facility to establish an effective networksecurity policy. Malware is responsible for many of the breaches that are making the headlines today. Traditional methods of malware protection include Anti-Virus (AV). Philips Ultrasound recommends choosing a reputable software package capable of meeting your malware protection needs. Additional steps can be taken to limit the potential for malware on your systems. This includes ensuring that any additional applications added to your device are from a reputable source. While applications may include malware, only installing applications necessary for the functionality of your device will help limit your risk of infection or breach. Lumify Ultrasound System 15 Control of Security Vulnerabilities on Philips Ultrasound Products Backups and Archives Backups and Archives CAUTION The chosen export destination and mechanism must be in accordance with your local healthcare IT security policies. Backup Procedure Ultrasound systems are designed to maintain information only as necessary to produce external documentation for medical records (such as films, traces, and printed records). If additional backup is necessary, establish an administrative protocol to archive all clinical studies before deletion. 4535 618 28131_A/795 * NOV 2015 You can export exams and images from the Lumify ultrasound system to a DICOM PACS, to a network share, or to a local repository. You can also send images by e-mail. Supported e-mail applications include Gmail, K-9 Mail, Yahoo, Outlook, and Inbox. Disaster Recovery Plans Philips Healthcare It is your responsibility to ensure you have a disaster recovery plan that includes regular and complete patient data backup. Ultrasound systems are intermittent storage devices; patient data must be exported from the ultrasound system. For more information on exporting patient data, see your ultrasound system user information. 16 Lumify Ultrasound System Philips Healthcare is part of Royal Philips www.philips.com/healthcare healthcare@philips.com Manufacturer’s address Philips Ultrasound 22100 Bothell-Everett Highway Bothell, WA 98021-8431 USA European Union Authorized Representative Philips Medical Systems Nederland B.V. Veenpluis 4-6 5684 PC Best The Netherlands 0086 © 2015 Koninklijke Philips N.V. All rights are reserved. Reproduction or transmission in whole or in part, in any form or by any means, electronic, mechanical or otherwise, is prohibited without the prior written consent of the copyright owner. Published in USA 4535 618 28131_A/795 * NOV 2015 - en-US
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.7 Linearized : No Create Date : 2015:10:05 18:26:24+01:00 Creator : AH XSL Formatter V6.0 MR2 for Windows (x64) : 6.0.2.5372 (2012/05/16 18:26JST) Modify Date : 2015:10:08 08:50:02-07:00 Has XFA : No Language : EN-US XMP Toolkit : Adobe XMP Core 5.4-c005 78.147326, 2012/08/23-13:03:03 Creator Tool : AH XSL Formatter V6.0 MR2 for Windows (x64) : 6.0.2.5372 (2012/05/16 18:26JST) Metadata Date : 2015:10:08 08:50:02-07:00 Producer : Antenna House PDF Output Library 2.6.0 (Windows (x64)) Trapped : False Format : application/pdf Title : RM-US-0091-01A Document ID : uuid:eb56e241-ff8a-4ba9-b4c2-065c1868cb68 Instance ID : uuid:c5fb472a-d7da-4291-aeef-8e9435ad9649 Page Mode : UseOutlines Page Count : 18EXIF Metadata provided by EXIF.tools