Page tree
Skip to end of metadata
Go to start of metadata

Case Access Links

Case access links are a feature of OnePacs that makes it easy to share cases and reports with other individuals, whether or not such individuals have a OnePacs account.

Case Link is created by right-clicking on a case and selecting the share menu option and then the “Create Case Link” option, as shown:

This will bring up a page where the characteristics of the Case Link may be specified:

Upon creation of the Case Link, a screen will appear allowing the user to copy the Case Link URL:

This link may be copied and pasted into email, the OnePacs messaging system or OnePacs notes, or distributed through another means of the user's choice. The Case Link may be opened in a web browser to bring up the OnePacs Case Link screen.

It is necessary to either assign a password to the Case Link, which should be provided to the Link recipient separately from the Link and through a secure channel, or to require that the receipient log in to a OnePacs account in order to access the information. You may select the Case Link and copy it to the clipboard after creation, or enter an email address and a message, for the Case LInk to be transmitted by email.

When accessing a Case Link, after authenticating, the user is shown a landing page containing basic options for accessing case information:

The Case Link landing page displays basic demographic information about the case (with DICOM identifier tags not shown, if this option has been selected), and offers users the option to view the case in a zero footprint HTML5-based viewer, or to view the report for the case. The report for the case will also not show DICOM identifier tags, if this option has been selected.

If the user has a OnePacs account more options will be available after login.

Case Links offer an option to not display DICOM tags that contain patient identifying information when the study is displayed. When this option is selected, OnePacs will not display patient identifying information from DICOM tags when displaying the case or report.

However, please note that patient identifying information may be present elsewhere in the study, other than in DICOM-tag sourced overlays, such as within the actual images from the study (such as in an ultrasound or dose report screen capture), or in the text of the report (if the case link allows the report to be viewed, and if the report itself provides information that may identify the patient). The OnePacs system is not able to remove or redact such information.

This feature only results in OnePacs not actively displaying patient identifying information originating from DICOM tags, and may or may not result in the case being displayed in an "Anonymized" fashion, depending on whether or not there is identifying information available otherwise in the study. This feature may be used in addition to other security measures in appropriate situations, but is not intended to guarantee anonymization of patient data and should not be relied upon to do so. A reminder of this fact is provided to users in pop-up message form when this option is selected.

When used in association with Protected Health Information, Case Links can, and should, be used in full compliance with the requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") (or other applicable local regulatory requirements, for non-US users).

Emails that are sent using the Case Link feature do not contain any protected health information ("PHI"). Rather, they contain a URLs which does not provide direct access to PHI, but rather, brings the recipient of the link to an authentication page. At this point, they must authenticate either by logging in to the OnePacs system (if they have a OnePacs account), or providing a password.

Passwords should be chosen so as to be strong, and in particular not guessable by a third party, and should be provided to the link recipient in a secure fashion.

The above considerations address the requirements of HIPAA for transmission security, authentication, and audit and access controls, and assure that it is possible to use Case Links in a fashion fully compliant with the requirements of HIPAA. Of course, compliance is ultimately dependent not only on the system's technical capabilities, but also on usage methods, and as such users of OnePacs are encouraged to consult with their HIPAA Privacy Officer to determine whether and in what fashion the use of Case Links may be appropriate for their organization.

  • No labels