- 00000018WIA30DAC770GYZ
- id_400220591.2
- May 3, 2022 2:19:40 PM
Data Privacy
Globally, laws and requirements for patient data privacy have been enacted to protect the health information of individuals against access without consent or authorization. Examples of global privacy standards are:
- Health Insurance Portability and Accountability Act (HIPAA)
- Directive 95/46/EC on Data Protection (the Data Protection Directive)
- Personal Information Protection and Electronic Documents Act (PIPEDA)
- Department of Defense Platform IT (PIT)
- EA3 (Enterprise Authentication, Authorization & Audit trail)
- Data Protection Act UK
- European Union Data Protection Direction EU
Data Privacy Controlled Access
At installation, a default account is provided. After a software load from cold, your site administrator determines an operating system password for use by the site administrator.
It is highly recommended that your site administrator creates accounts, user names, passwords and assign roles to each MR user. The administrative user can perform the following functions:
- Create a unique account for each user with unique username, password, and roles.
- Assign users to various groups, which means that they have permission for certain features.
- Delete accounts.
- Enable or disable an emergency logon feature that allows a user to log on without a password.
- Set an inactivity timeout to automatically lock the screen.
Data Privacy with EA3, HIPPA
EA3 is the global term for data privacy. HIPAA is the term used for data privacy on the MR system user interface.
The Privacy Rule establishes regulations for the use and disclosure of Protected Health Information. Your MR system's Data Privacy features help your site control access to the scanner and to patient data.
GE Medical Systems has a longstanding reputation of providing customizable, clinical solutions to protect the privacy and security of your organization’s unique clinical workflow, as well as your patient’s confidentiality.
Please recognize the intended use of the product when determining how critical any privacy risk is, relative to patient care and safety. GE is very concerned with providing the best care to the patients, and in some cases we have determined that patient care is more important than the risk to privacy. In these cases we take every precaution to minimize privacy risk.
Security and Privacy are maintained across a Healthcare system. Any product that is placed into an uncontrolled environment will not be secure and cannot protect privacy. As we design scanners, we design them to be implemented in a “Secure Environment”. A secure environment is based on multiple layers of security, a concept known as defense in depth.
Data Privacy using EA3 requires you to log on to the scanner and log off when you are done scanning for a period of time. If you do not log off, the system will log you off and you will have to log back on. Data Privacy using EA3 contains the following permissions. You can have Administrative, GE Service, Standard User or Limited User. Standard User can perform scanning functions and modify protocols. Administrator can set up and delete users. Limited users can perform all scanning functions. GE Service can do all functions. You must have Administrative permission to add or delete users.
When you are adding users for local databases, certain rules apply. You must use the following guidelines:
- Users/Groups – Lower case letters and numbers only
- Users/Groups – No limit on length
- Passwords – for details, see Password.
Data Privacy using EA3 contains the following 2 default users:
- Administrative User (admin) - can add and delete users
- GE Service (gesvc) - Limited User scanning functions
- Local Users tab
- Groups tab
- Applications tab
- Enterprise tab
Procedures
| Password | |
| EA3 (Enterprise Authentication, Authorization, and Audit trail) | |
| Local users | |
| Group | |
| Enterprise | Enterprise tab |