When using the OnePacs Workstation and/or Study Retriever, OnePacs recommends the following practices to satisfy HIPAA and other regulatory requirements. Please note that this list is not intended to represent a complete checklist for regulatory compliance. Consult with the compliance officer at your organization to determine policies and procedures to ensure adherence to regulatory mandates.
- Whole Disk Encryption - The OnePacs end user license agreement requires use of disk encryption to secure any protected health information (PHI) that may reside on user's PC as a result of using the OnePacs Workstation and Study Retriever. Modern operating systems have this functionality built-it (e.g. FileVault on macOS, BitLocker on Windows). Ensure that whole disk encryption is enabled and secured by a complex encryption key.
- Operating System - The use of a supported Operating System is required. Ensure that the software is up to date and that security patches are configured to install automatically.
- User Account / Password - Each user should have an individual user account on the PC and in OnePacs. The user account should be secured by a complex password that is held privately.
- Automatic Logout/Lockout - The operating system should be configured to automatically log the user out or lock the screen after a period of inactivity.
- Firewall - A firewall on the PC should be enabled and configured to block any incoming unauthorized requests.
- Anti-Virus - Anti-virus software should be installed, have a valid license, and be configured to automatically scan and update. This functionality is built into modern versions of Microsoft Windows.
- Dedicated Use - The PC used for the OnePacs Workstation and Study Retriever should be solely used for the purpose of reviewing medical images with the OnePacs platform. The PC should not be used for personal use.
- Remote Wipe - Installation of software giving the user the ability to remotely execute a secure wipe of the hard drive(s) is recommended so that in the event of lost or stolen hardware the physical media can be secured.
- Limited Physical Access - Any hardware running the OnePacs Workstation and Study Retriever should be physically secured when not actively in use.
- Use of Secure Private Networks - Only secure private networks should be used when accessing data via the OnePacs platform.
- OnePacs Software Updates - It is recommended that users run the most recent versions of the OnePacs Workstation and Study Retriever as security patches are occasionally applied.