Professional Documents
Culture Documents
2096198-008 RevD CardioSoft Privacy and Security Manual V7.0
2096198-008 RevD CardioSoft Privacy and Security Manual V7.0
2096198-008 RevD CardioSoft Privacy and Security Manual V7.0
CardioSoft™ V7.0
Privacy and Security Manual
Software Version 7.0
2096198-008D
CardioSoft™ V7.0
Privacy and Security Manual
English
© 2018 General Electric Company
All Rights Reserved.
Publication Information
This document describes version 7.0 of CardioSoft V7.0, also referred to as the “product”. It does not apply to earlier product versions. Due
to continuing product innovation, specifications in this document are subject to change without notice.
MUSE, MARS, CASE and CardioSoft are trademarks owned by GE Medical Systems Information Technologies, Inc., a General Electric
Company going to market as GE Healthcare. All other trademarks contained herein are the property of their respective owners.
Date of first CE mark-1997
NOTE:
Illustrations in this document are provided as examples only. Depending on system configuration, screens in the document may differ
from the screens on your system. Patient names and data are fictitious. Any similarity to actual persons is coincidental.
The document part number and revision are on each page of the document. The revision identifies the document’s update level. The
revision history of this document is summarized in the following table.
Language Information
WARNING If a customer's service provider requires a language other than English, it is the customer's
(EN) responsibility to provide translation services.
ПРЕДУПРЕЖДЕНИЕ Ако доставчикът на услугата на клиента изиска друг език, задължение на клиента е да
(BG) осигури превод.
VAROVÁNÍ Vpřípadě, že externí služba zákazníkům potřebuje návod vjiném jazyce, je zajištění
(CS) překladu doodpovídajícího jazyka úkolem zákazníka.
ADVARSEL Hvis en kundes tekniker har brug for et andet sprog end engelsk, er det kundens ansvar at
(DA) sørge for oversættelse.
WARNUNG Falls der Kundendienst eine andere Sprache benötigt, muss er für eine entsprechende
(DE) Übersetzung sorgen.
ΠΡΟΕΙΔΟΠΟΙΗΣΗ Εάν το άτομο παροχής σέρβις ενός πελάτη απαιτεί το παρόν εγχειρίδιο σε γλώσσα εκτός
(EL) των αγγλικών, αποτελεί ευθύνη του πελάτη να παρέχει υπηρεσίες μετάφρασης.
HOIATUS Kui klienditeeninduse osutaja nõuab juhendit inglise keelest erinevas keeles, vastutab
(ET) klient tõlketeenuse osutamise eest.
ATTENTION Si un service technique client souhaite obtenir ce manuel dans une autre langue que
(FR) l'anglais, il devra prendre en charge la traduction et la responsabilité du contenu.
UPOZORENJE Ukoliko korisnički servis zahtijeva neki drugi jezik, korisnikova je odgovornost osigurati
(HR) odgovarajući prijevod.
FIGYELMEZTETÉS Ha a vevő szerviz ellátója angoltól eltérő nyelvre tart igényt, akkor a vevő felelőssége a
(HU) fordítás elkészíttetése.
PERINGATAN Jika penyedia jasa servis pelanggan memerlukan bahasa lain selain dari Bahasa Inggris,
(ID) merupakan tanggung jawab dari penyedia jasa servis tersebut untuk menyediakan
terjemahannya.
AVVERTENZA Se un addetto alla manutenzione richiede il manuale in una lingua diversa, il cliente è
(IT) tenuto a provvedere direttamente alla traduzione.
警告 サービスを担当される業者が英語以外の言語を要求される場合、翻訳作業はその業
(JA) 者の責任で行うものとさせていただきます。
ЕСКЕРТУ Тұтынушының қызмет провайдері ағылшын тілінен басқа тілдегі нұсқаны талап етсе,
(KK) аудару бойынша қызметтерімен қамтамасыз ету тұтынушы жауапкершілігінде болуы
тиіс.
ĮSPĖJIMAS Jei kliento paslaugų tiekėjas reikalauja vadovo kita kalba - ne anglų, numatyti vertimo
(LT) paslaugas yra kliento atsakomybė.
BRĪDINĀJUMS Ja apkalpošanas sniedzējam nepieciešama informācija citā, nevis angļu, valodā, klienta
(LV) pienākums ir nodrošināt tās tulkošanu.
WAARSCHUWING Indien het onderhoudspersoneel een andere taal nodig heeft, dan is de klant
(NL) verantwoordelijk voor de vertaling ervan.
ADVARSEL Hvis kundens serviceleverandør trenger et annet språk, er det kundens ansvar å sørge for
(NO) oversettelse.
OSTRZEŻENIE Jeśli dostawca usług klienta wymaga języka innego niż angielski, zapewnienie usługi
(PL) tłumaczenia jest obowiązkiem klienta.
AVISO Se o serviço de assistência técnica do cliente não for GE, e precisar de outro idioma, será
(PT-BR) da responsabilidade do cliente fornecer os serviços de tradução.
AVERTISMENT Dacă un furnizor de servicii pentru clienţi necesită o altă limbă decât cea engleză, este de
(RO) datoria clientului să furnizeze o traducere.
VAROVANIE Ak zákazníkov poskytovateľ služieb vyžaduje iný jazyk ako angličtinu, poskytnutie
(SK) prekladateľských služieb je zodpovednosťou zákazníka.
OPOZORILO Če ponudnik storitve stranke potrebuje priročnik v drugem jeziku, mora stranka zagotoviti
(SL) prevod.
UPOZORENJE Ako klijentov serviser zahteva neki drugi jezik, klijent je dužan da obezbedi prevodilačke
(SR) usluge.
VARNING Om en kunds servicetekniker har behov av ett annat språk än engelska ansvarar kunden
(SV) för att tillhandahålla översättningstjänster.
UYARI Eğer müşteri teknisyeni bu klavuzu İngilizce dşnda bir başka lisandan talep ederse, bunu
(TR) tercüme ettirmek müşteriye düşer.
ЗАСТЕРЕЖЕННЯ Якщо сервісний інженер потребує керівництво іншою мовою, користувач зобов'язаний
(UK) забезпечити послуги перекладача.
CẢNH BÁO Nếu các đơn vị cung cấp dịch vụ cho khách hàng yêu cầu một ngôn ngữ nào khác tiếng
(VI) Anh, thì khách hàng sẽ có trách nhiệm cung cấp các dịch vụ dịch thuật.
警告 如果维修服务提供商需要非英文版本,客户需自行提供翻译服务。
(ZH-CN)
警告 如果客戶的維修人員有英語以外的其他語言版本需求,則由該客戶負責 提供翻譯服
(ZH-TW) 務。
Publication Information....................................................................... 2
Language Information............................................................................................. 3
1: Introduction........................................................................................................... 7
4: Information Protection......................................................................................14
Network Security................................................................................................................................................. 14
Firewall Configuration........................................................................................................................... 14
Network Infrastructure......................................................................................................................... 15
System Interconnections..................................................................................................................... 15
Network Requirements.........................................................................................................................15
Network Protocols...................................................................................................................................15
Removable Media Security............................................................................................................................. 16
Data Destruction for Portable Media............................................................................................ 16
Stored Data Security..........................................................................................................................................16
System Data Security............................................................................................................................16
Backup.......................................................................................................................................................... 16
External Data Flows...............................................................................................................................17
Stored Data................................................................................................................................................ 17
Business Continuity............................................................................................................................................ 17
5: System Protection..............................................................................................18
Protection from Malicious Software...........................................................................................................18
Security Vulnerability Scanning........................................................................................................19
Workstation Security......................................................................................................................................... 19
Product Change Management..................................................................................................................... 20
Operating System................................................................................................................................... 20
Security Updates / Patches................................................................................................................20
Potential Hazardous Situations from IT Network Failures...............................................................20
1
Introduction
This manual describes the intended use, privacy and security capabilities, and how
they are configured and used appropriately for the CardioSoft Diagnostic Workstation
(referred to as the "device" throughout this document).
This manual assumes that the reader understands the concepts of privacy
and security. Privacy is the property of protecting the personal private interests
of patients. Security protects both the system and information from risks to
confidentiality, integrity, and availability. Security protects privacy but also protects
more broadly against these risks. Privacy requires security. In Healthcare, one must
balance privacy, security, and safety. Most of the time, there is no conflict between
these three domains of risk. The healthcare provider organization is encouraged to
use risk management procedures to assess and prioritize privacy, security, and safety
risks. Through the use of risk management, one can determine how to best leverage
the capabilities provided in the device.
2
Privacy and Security Environment
The Diagnostic Workstation has been designed for an intended use with the following
expectations of Privacy and Security protections included in the environment where
this product will be used:
• It is intended to be used by trained operators under the direct supervision of a
licensed healthcare practitioner on adult and pediatric patients.
• It is designed to acquire, process, record, archive, analyze and output (12 and 15
lead) ECG data during a period of physiologic stress or during a resting ECG test,
acquire data from ancillary devices (such as Spirometry and Ambulatory Blood
Pressure), provide median morphology recordings and record ECG in real-time,
with or without arrhythmia detection.
• The arrhythmia detection of the Diagnostic Workstation is provided to the user
for the convenience of automatic detection of arrhythmia but does not provide
alarms.
• It provides the control of an external device (typically a treadmill or Ergometer) and
communicates with centralized electronic/digital storage systems via a network.
• It provides a user-selectable option for printouts of prognostic scores on select
reports. Vector loops are also available.
• It can be configured in a network environment for multiple CardioSoft work
stations allowing the user to create a central database of patient demographics
and collected patient physiological data.
• It is intended to be used primarily in the hospital but can be used in clinics,
physician offices, outreach centers or wherever exercise, stress testing, ECG,
spirometry or ambulatory blood pressure testing is performed.
• It offers no diagnostic opinion to the user. Instead it provides interpretation
statements of morphology, rhythm, and conduction for which the physician
renders own medical opinion.
• It should be connected to a secured network, not open to unintended users.
• The system should be physically secured in a way that it is not accessible for
unintended users.
3
Privacy and Security Capabilities
This device incorporates a broad assortment of capabilities to enable privacy and
security. This section describes the privacy and security capabilities.
Access Controls
The access control features may be used to help control access to sensitive
information. Access control includes user account creation and assigning privileges.
Identity Provisioning
The provisioning of user accounts includes account creation, maintenance, and
suspension of the account when it is no longer needed. A user account is created
for a specific individual. This user account is associated with access rights, and is
recorded in security audit logging.
This device supports the following types of Windows Configured accounts:
• Local user accounts: These user accounts must be managed on the device.
Management of User Accounts
CardioSoft is delivered with the pre-defined Supervisor user account. This user
belongs to the Technician group and has the following privileges:
• Edit Data
• System Configuration
• Setup
The Supervisor user can enable user authentication for the application and create
additional local user accounts.
The Supervisor user can also assign users to groups and grant required privileges to
each user.
A user can be assigned any of the following privileges:
When receiving the device, it is recommended that the customer selects one of the
following approaches to ensure customer control of the user accounts:
• Manage local user accounts
a. Create and maintain user accounts for each user of the device.
b. Assign each user the appropriate privileges.
NOTE:
• Make sure to give administrative rights only to users intended to perform
administrative tasks on the device (this should be a limited number of
users).
• It is recommended to create individual users for each person who will use
the device. This is required to associate actions performed on the device
with individual persons in the audit logs.
• It is recommended to establish routines to remove or disable user accounts
which are no longer in use.
Password Policy
It is recommended to establish operational procedures to implement password
policies. Follow the guidelines to set or change the password for a local user account:
• The password must contain at least 6 characters.
• It is recommended to set a password with at least one occurrence of each of the
following characters:
• Uppercase letter (A-Z)
• Lowercase letter (a-z)
• Number (0-9)
• Special character (!,@,#,$,%,^,&,*)
User Authentication
User authentication ensures that the user attempting to use the application is the
user associated with the account.
• Setup Editing
• Procedure Creation
• Procedure Deletion
• Procedure Sent or Print
• Procedure Review
The following information is logged in the Windows application log for each audit
event:
• Log Name
• Source
• Event ID
• Level
• User
• Time stamp in local time
• Task Category
• Computer
• General Description
4
Information Protection
This section focuses on Privacy and Security operations, and contains information to
guide in the preparation of a secure environment for the device.
Security operations are best implemented as part of an overall “defense in depth”
information assurance strategy, implemented via an Information Technology
system that addresses personnel and physical security and technology. The layered
approach of "defense in depth" limits the risk that the failure of a single security
safeguard will allow compromise of the system.
Network Security
GE Healthcare strongly recommends that medical information systems are operated
in a secure network environment that is protected from unauthorized intrusion.
There are many effective techniques for isolating and protecting medical information
systems, including implementing firewall protection, demilitarized zones (DMZs), and
Virtual Local Area Networks (VLANs).
To assist in secure network design, the following network profile outlines the required
network services for the device.
The device is supported with an internal firewall. The following two sections describe:
• Configuration of the firewall
• Guidance for configuring the IT infrastructure where it is connected.
Firewall Configuration
All inbound and outbound connections are blocked by the internal firewall of the
device. When the user configures any settings related to NTP, DCP communication,
MUSE system, shared network folder, or remote application access, the device allows
only configured connections. The firewall configuration utility in service can provide
options to customize the network firewall as per the site's network requirements. This
configuration is accessible to a user with service privileges.
Network Infrastructure
The infrastructure of the network where the device is connected must be configured
to allow traffic as per the site's requirements. All other traffic to and from the device is
blocked in the network infrastructure to prevent unintended access.
System Interconnections
The system interconnections are described in the following table:
DCP Incoming/ Sending Resting ECG and Exercise test records to the MUSE
Outgoing system or EMR or HIS
Receiving the ECG records from Carts.
Windows Shared Incoming/ Sending/Receiving the ECG records to/from MUSE system or
Folder Outgoing HIS
Receiving the ECG records from Carts.
USB/External Media Incoming/ Exporting Resting ECG and Exercise test records, exporting
storage device Outgoing log files, exporting/importing configuration settings, and
performing software upgrade
Network Protocols
Internet Protocols Version
The following internet protocol versions are supported:
• Internet Protocol version 4 (IPv4)
• Internet Protocol version 6 (IPv6)
Ethernet Interface
The following ethernet interfaces are supported:
• LAN
• WAN
• WLAN
The removable media used for the backup must be secured to ensure the security of
the backed up data from the device.
External Data Flows
The device supports interconnections to external storage systems. This includes
shared folders on the network for software updates, or communication with the
MUSE system. The security of data stored on the interconnected system must be
secured on the external storage system (outside the scope of this device).
Stored Data
Data on the device, such as patient information in the database, patient reports, and
audit logs, is stored as binary on the file system.
Event logs are not encrypted, but contain only debug information. They do not
contain PI/PHI.
The directories potentially containing PI on the host computer are listed in the
following table:
Data Description
Audit log Readable audit log containing personal information (PI) such as Patient ID
Business Continuity
This device is not intended to be a long-term storage archive. This device can
transmit unencrypted patient reports to the MUSE system or a USB drive. After
transmitting patient reports to any of these destinations, customers are responsible
for their own archive solution. To ensure business continuity, the target for the patient
data archive must be chosen carefully to ensure safe storage of the data.
In the event of power failure or other cases requiring restarting of the device, patient
reports saved on the device are not lost. A patient report that was not accepted and
saved before the event occurred will be lost.
If the hard disk gets replaced, the patient data stored on the device is lost. Backup the
data before you replace the hard disk.
5
System Protection
The system must be configured and maintained in a way that continually protects
privacy and security.
• The USB drives mounted on the device are provided read-write access, but cannot
executed.
• The software must be digitally signed before it can be installed.
• You must have the software update privilege to install the software.
• The network firewall blocks inbound transfers.
Workstation Security
This device can be configured by customer to improve operational security such as:
• Manual and automatic standby
• Manual and automatic lock
• Manual and automatic shutdown
• Firewall considerations
• Network digital certificate management
• Considerations for workstation removable media such as USB interface.
Features Description
GE Healthcare Service mode access on the device can be controlled by individual user
service access authentication privileges. By default, GE Healthcare field engineers do not have
access to the device ensuring that no unauthorized users can gain access. A local
administrator can enable the local Service User account as necessary. To modify
device information, a service engineer needs to log in using the Service User
account and a device-specific password. To perform any other service tasks, a
service engineer can log in using the Service User account or a user account with
sufficient service access privileges.
Automatic If user authentication is enabled, the device can be locked and Automatic
screen lock Screen Lock can also be enabled. The inactivity timeout duration after which the
screen automatically locks is configurable. When the screen is locked, no patient
information is visible on the screen. To unlock the screen, the user must enter the
password of the current logged in user of the system or log in as another user.
Logging in as another user logs out the currently logged in user.
6
Personal Information Collected by the
Product
This device collects patient demographic information and personal or protected
health information for use within the system.
Information regarding the users defined on the system is also collected. The following
types of information are collected for the purposes of patient medical diagnosis, user
management, audit logging, and event logging:
• Patient and test demographics
• Patient reports
• Facility information
• Provider information
• Device data
If the device is connected to external systems, patient information and reports will
be communicated to/from the external systems. The data collected by the device is
protected on the system. The PI collected on the device includes:
• Patient ID
• Patient first name
• Patient last name
• Patient gender
• Patient date of birth
• Patient age
• Patient height and weight
• Patient race
• Secondary PID
• Referring MD
• Ordering MD
• Attending MD
• Order number
• Order date and time
• Order status
• Order type
• Visit number
• Technician
• Location Number
• Location abbreviation
• Room number
• Medical history
• Medications
• Blood pressure
• Heart rate
• Extra questions
• Serial number
• IP address
• Device ID
• User role
• Reason for the test
• Comment
• Test type
A
Abbreviations and Definitions
Table 4: Abbreviations
ID Identity
AD Active Directory
Table 5: Definitions
GE Medical Systems Information Technologies, Inc., a General Electric Company, going to market as GE Healthcare.
www.gehealthcare.com