The Information Security Needs in Radiological Information Systems—an Insight on State Hospitals of Iran, 2012

Picture Archiving and Communications System (PACS) was originally developed for radiology services over 20 years ago to capture medical images electronically. Medical diagnosis methods are based on images such as clinical radiographs, ultrasounds, CT scans, MRIs, or other imaging modalities. Information obtained from these images is correlated with patient information. So with regards to the important role of PACS in hospitals, we aimed to evaluate the PACS and survey the information security needed in the Radiological Information system. First, we surveyed the different aspects of PACS that should be in any health organizations based on Department of Health standards and prepared checklists for assessing the PACS in different hospitals. Second, we surveyed the security controls that should be implemented in PACS. Checklists reliability is affirmed by professors of Tehran Science University. Then, the final data are inputted in SPSS software and analyzed. The results indicate that PACS in hospitals can transfer patient demographic information but they do not show route of information. These systems are not open source. They don’t use XML-based standard and HL7 standard for exchanging the data. They do not use DS digital signature. They use passwords and the user can correct or change the medical information. PACS can detect alternation rendered. The survey of results demonstrates that PACS in all hospitals has the same features. These systems have the patient demographic data but they do not have suitable flexibility to interface network or taking reports. For the privacy of PACS in all hospitals, there were passwords for users and the system could show the changes that have been made; but there was no water making or digital signature for the users.