HIPAA Compliance sending DICOM

[Troy Berg]

I fell into being a PACS admin a year ago. Since then I have talked with many small clinics who are setup to send US DICOM files over the internet with no VPN. Is doing this HIPAA compliant?  I spoke with another PACS admin who argued it was. His rationale is that HIPAA forbids sending "clear text" and DICOM images are not. Thanks In Advance. 

[Damien Evans]

They should be encrypted.  The most common ways are with DICOM-TLS or a VPN.  DICOM files are not clear "text", but they are clear data.  Would you send a MS Excel file or a PDF file containing patient information over the internet?  Those file formats are not clear "text" either, but they are viewable with freely available and easily obtained programs.  This other PACS admin is flat out wrong.

 -- Damien

On Wed, Oct 23, 2013 at 1:40 PM, Troy Berg <t...@livingstory.com> wrote:

I fell into being a PACS admin a year ago. Since then I have talked with many small clinics who are setup to send US DICOM files over the internet with no VPN. Is doing this HIPAA compliant?  I spoke with another PACS admin who argued it was. His rationale is that HIPAA forbids sending "clear text" and DICOM images are not. Thanks In Advance. 

--
You received this message because you are subscribed to the Google Groups "dcm4che" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.
To post to this group, send email to dcm...@googlegroups.com.
Visit this group at http://groups.google.com/group/dcm4che.
For more options, visit https://groups.google.com/groups/opt_out.

[Pablo]

You can use DICOM TLS  to send encrypted DICOM data without need of VPN.

[Troy Berg]

Thanks!

[Troy Berg]

Does anyone know if most Ultrasound machines have the ability to send TLS? We are going to loose a major client because their mobile sonographers simply plug their machines into the wall when they get home. 

[Damien Evans]

I do not know, but in my experience, a lot of modalities do not have the ability to send TLS.  I would check the manufacturer specs and/or DICOM conformance statement. 

On Wed, Oct 23, 2013 at 2:28 PM, Troy Berg <t...@livingstory.com> wrote:

Does anyone know if most Ultrasound machines have the ability to send TLS? We are going to loose a major client because their mobile sonographers simply plug their machines into the wall when they get home. 

[Damien Evans]

Another option is to set up a dcm4chee "gateway" (aka as edge or proxy server) which accepts regular DICOM from the modality and forwards it to the central server over the internet via DICOM-TLS. 

[Arnold Maderthaner]

I would go with either this (local cache archive as it can also transmit the data depending on timeframes and so on) or with a VPN solution. DICOM-tls is mostly not supported.