How a digital pathology solution secures patient data

Dutch tech company Philips recently announced that its digital pathology solutions have been certified for compliance with the U.S. Department of Defense (DoD) security requirements.

“Stringent security and privacy requirements apply to all IT systems that operate on a DoD network. The DIACAP certification and Authorization to Operate (ATO) allows the Philips IntelliSite pathology solution, including the Image Management System, Pathologist Suite and Ultra-Fast Scanner, to be deployed across DoD sites globally, and further underscores Philips’ commitment to ensuring DoD’s health care information is secure and safe by continuously updating its products security,” the press release said.

The release didn’t include many more details, but given the fact that the solution allows collaboration and sharing of sensitive health data with other health experts that aren’t directly involved with the patients, we wanted to know more.

We got in touch with Russell Granzow, General Manager of Philips Digital Pathology Solutions, to find out what security safeguards the system has in place to prevent unauthorized access and ensure the privacy and security of electronic protected health information data (both in transit and at rest).

“Protection against unauthorized access is a major design principle for Philips Digital Pathology Solutions products. Physical access to the systems is restricted to authorized personnel. Electronic access over the network is protected using DoD PKI services for authentication and authorization,” Granzow told us.

“Philips applications are using roles based access controls to ensure authorizations are correctly managed. Information in transit and at rest is encrypted with DoD grade encryption to ensure ePHI data confidentiality. Philips is actively monitoring industry and vendor notifications for common vulnerabilities and regularly issues updates to its products to mitigate these.”

There are several levels of protection to safeguard the system and the data against intentional malicious actions and unintentional mistakes, Granzow noted. After all, humans are often the weakest link in the security chain.

“Philips has a long and successful history on product usability design and has designed the end-users applications to be very easy to use and understand. Product training is mandatory for our products to guarantee that end-users understand the application and know how to use it. Via roles based access we ensure that each user has a role assigned providing them the functional access rights in line with their authorization level. Auditing is implemented to ensure that user activities in the application are logged for forensic analysis. In cooperation with the DoD Systems Manager we have defined a backup and recovery model to ensure data can be recovered if data is lost ensuring system and data availability.”

These digital pathology solutions are usually installed on commodity Intel based server hardware and a scalable and flexible storage array handling the day to day workload of a pathology lab. Product interoperability design ensures that they can be integrated in the workflow of any pathology lab.

“The integration with the Laboratory Information System (LIS) allows the customer to optimize the workflow by securely exchanging messages between systems. All interfaces between systems are secured and controlled and both Philips and the customers take responsibility of security during integration,” he pointed out.

“The tools Philips integrates into the platform are assessed for security weaknesses via a risk based approach resulting in security mitigations where needed and as far as possible. De-identification of data is implemented in the products to ensure data privacy if data needs to be shared with partners.”

And, if you’re wondering how challenging is the process to get equipment certified for compliance with the U.S. Department of Defense, the answer is “very.”

“Achieving compliance for U.S. Department of Defense requires a team of talented engineers with a drive for product security and privacy. With this team we were able to manage the large number of requirements as specified in the Security Technical Implementation Guides (STIGs) issued by DISA,” says Granzow.

“By following the DIACAP processes a number of system security documents need to be prepared for an audit event in which the products and documentation are reviewed by the Cybersecurity/Information Assurance department. The intention of this audit is to identify any open items which need to be managed during the accreditation period. The challenges are the volume of requirements that need to be managed and the required accuracy of the submitted documentation. Not forgetting the continuous effort that is needed to maintain the compliance as requirements are updated frequently.”