NIST Guidance Aims to Help PACS Users Enhance Data Security

The guidance has been released for public comment, with the comment period ending November 18; after that, NIST will develop final guidance.

“PACS fits within a highly complex healthcare delivery organization (HDO) environment that involves interfacing with a range of interconnected systems,” NIST notes. “This complexity may introduce or expose opportunities that allow for malicious actors to compromise the confidentiality, integrity and availability of the PACS ecosystem.”

Security challenges that providers, vendors, insurers and other stakeholders face include controlling, monitoring and auditing HDO user accounts including identifying outliers in behavior that are controlling/monitoring and auditing access and modification to radiology images; and enforcing least privilege and separation-of-duties policies for internal and external users, according to NIST.

Other challenges include ensuring data integrity as imaging moves across the enterprise and providing security, data protection and access management without impacting system performance or user productivity.

The benefits of stronger controls of a PACS includes reduced likelihood of a breach, less risk of significant data losses, timely access to images for clinicians and protection of patient privacy.

Read more at: Health Data Management