Professional Documents
Culture Documents
MRI Magnetom Trio syngoMR-pages-4
MRI Magnetom Trio syngoMR-pages-4
MRI Magnetom Trio syngoMR-pages-4
0.0
The system contains a dialog box which shows you when your
system must be inspected again. A.4
0.0
As long as the display is in the green range, you can close the
window again with OK. If the bar moves into the red range, you
can only close this window again after maintenance has been
performed. A.4
➭ In that case, move the window to one side, finish off the exam-
ination, and contact Siemens Service.
➭ For further information, please contact your Siemens Service
or your system administrator.
0.0
0.0
0.0
A.4
NOTE
As long as you have assigned full access rights to service,
i.e. maintenance is in progress, you cannot continue
working with your system. A.4
C AU T I O N
Source of danger: Terminating remote service without
consultation with the service engineers. A.4
0.0
Logbook A.4
Your system has a logbook that records all system and applica-
tion-relevant events, for example error messages. A.4
You can select the type and date of the messages that you want
to display. A.4
0.0
0.0
B.1 Introduction
Terms and definitions in security ............................... B.1–5
0.0
0.0
Data and Function Based on diagnostic images and medical reports decisions are
Security B.1 made that affect the health of patients. Therefore, in modern
health care it is necessary to protect such sensitive documents
from unauthorized access and to record all actions on the
data. B.1
0.0
B.1 B.1
NOTE
Security has to be set up on every workstation except for
satellite consoles, which take the security settings from
their main console. Therefore, you cannot configure the
security system on satellite consoles. B.1
0.0
Use Cases B.1 The following use cases show you some benefits of the syngo
MR user management and security system. B.1
0.0
0.0
Access Rights B.1 In syngo MR security, rights protect the access to patient
health information (data) with group/user specific permissions.
B.1
Authentication B.1 Authentication of users who are working with syngo MR is the
underlying basis of all security measures. A user account is cre-
ated for every person who will be working with syngo MR. To
log on to the system, the user enters his/her user account and
password. By this, a user is identifiable.
B.1
Audit Trail B.1 On a secure system, all actions on data are logged. syngo uses
auditing to track which user account was used to access files or
other objects, as well as logon attempts, system shutdowns or
restarts, and similar events. B.1
0.0
Data Access and Groups B.1 The data access security check is based on groups and users:B.1
❏ Users need to have access to patient data within their sphere
of influence (for example, their ward).
❏ Users are assigned to groups that correspond with their
sphere of influence; these groups are allowed access to the
corresponding patient data.
It is easier to manage permissions for groups than for individ-
ual users.
Access to patient data is secured through the needed permis-
sions: In order to reduce complexity, only the following permis-
sion levels are implemented: B.1
❏ NO ACCESS
❏ FULL CONTROL
0.0
Everyone (Group and syngo MR security makes use of the “Everyone” group and a
Role) B.1 “Everyone” role. B.1
0.0
B.1
NOTE
Because it is not possible to deny rights, the “Everyone”
group and role have but the user shall not, we recommend
to take special care when configuring the data access
permission and the functional privileges. B.1
0.0
❏ Please take care not to configure “No Access” for all groups,
because then even fall-back data objects are can no longer
be accessed.
We recommend to allow Full Control, for example, for the
STANDARD patient group at the “Everyone” configuration
level. This would allow all users access to the “standard”
patients (for example, any patients who have not yet been
assigned to a ward).
Groups B.1 Groups are assigned to users which are members of a team or
a department. All members of a group receive the same data
access rights (permission, for example, to view or to process
data). B.1
Permissions B.1 Data access rights. The right to create, read, update, delete or
protect data is granted via permissions. The following permis-
sion levels are available: B.1
❏ NO ACCESS
❏ FULL CONTROL
0.0
Privileges B.1 The right to execute functions is granted via privileges. The
functional security check is based on roles and users: B.1
Roles B.1 Users having the same tasks are assigned a role (for example,
radiologists, administrators, or technicians). Then all users of a
role have the same right to execute functions, such as storing
data. B.1
0.0
Trusted Hosts B.1 Trusted hosts is a principle for a secure exchange of data
between systems in a network. The trusted host functionality
can be switched on in the Local Service Software. Switching
on has the following consequences: B.1
0.0
0.0
Administrator’s tasks B.2 Once the syngo MR security system has been installed,
Administrators are responsible for establishing and maintaining
competent user management, and for ensuring that the system
remains secure. This includes the following main tasks: B.2
NOTE
User management has to be set up on every computer,
except for satellite consoles, which take the security
settings from their main console. B.2
0.0
Principles of the syngo MR Patient data is sensitive information that has to be protected
User Management B.2 from unauthorized access, modification, transfer or deletion.
B.2
User Authentication B.2 A user account has to be created for every person who will be
working with syngo MR. To log on to the system, the user
enters his/her user account and password.
B.2
User Authorization B.2 The syngo MR user management and security system pro-
vides a highly configurable access control and ensures that
users obtain access only to application functions and patient
data they are authorized to work with. B.2
0.0
B.2
Grouping of Users: Roles Setting up the access rights for each user individually would
and Groups B.2 take a long time and would inevitably lead to inconsistent rights
for “similar” users. B.2
0.0
❏ You can also set up permissions and privileges for each user
individually.
0.0
Special User Accounts B.2 The syngo MR security system knows the following special
user accounts: B.2
❏ Administrator
By default, the security system is installed with a general
“Administrator” user account assigned to the groups “Admin-
istrators” and “SecurityAdmins” and having assigned a role
called “SecurityAdmins”. B.2
0.0
❏ LocalServiceUser
This account usually is set up to have restricted access to
patient data, but full functional privileges for checking and
maintaining the system. B.2
0.0
❏ RemoteServiceUser
This account is used for remote service sessions. B.2
❏ Emergency Access
To ensure emergency access to the system at all times, you
should create at least one special user account for common
emergency logon. B.2
0.0
Internal Users B.2 Internal user accounts are essential for the system. They con-
sist of built-in users of the Windows operating system and
syngo MR internal users. B.2
NOTE
Although it is possible to change the password of these
internal accounts, we strongly recommend not to modify
any of the internal users. B.2
0.0