Patient data security
The user must ensure that the patients’ legal requirements are met and that
the security of the patient data is guarded.
The user must define who can access patient data in which situations.
The user must have a strategy available on what to do with patient data in
case of a disaster.
Requirements on the operating environment
These operating environment requirements for information security and
privacy (ISP), set in compliance with point 17(4) and 18(8) of Annex I of the
EU Medical Device Regulation 2017/745, must be implemented and used in
connection with the use of the Agfa medical device by the Customer (User).
These are minimum requirements and designed to protect against
unauthorised access that could hamper the device from functioning as
intended.
Although Agfa has defined these ISP Operating Environment Requirements
for implementation by the Customer, Agfa makes no warranties, expressed or
implied regarding those ISP Operating Environment Requirements.
Agfa disclaims all liability if a security incident would occur despite the
implementation of these ISP Operating Environment Requirements by the
Customer.
Agfa reserves the right to revise these ISP Operating Environment
Requirements and to make changes to them at any time. Possible revisions of
the ISP Operating Environment Requirements will only be available in an
electronic form, on request, via our website, by using the user documentation
request form
http://www.agfahealthcare.com/global/en/library/index.jsp
.
The information presented herein is sensitive and is company confidential.
Without written authority from Agfa, further distribution outside the
company is not allowed.
• Perimeter firewalls shall be in place and appropriately configured in order
to ensure that communications between medical devices and external
resources are either denied or restricted to just the communications that
are essential for the medical devices to properly function.
• Network Intrusion Detection/Prevention Systems (NIDS/NIPS) shall be in
place at the perimeter and appropriately configured, in order to provide
early warning of an attack attempt or successful compromise of a medical
device as well as to attempt to prevent compromise of medical devices.
• A Network Time Protocol Server shall be configured in the medical devices
in order to synchronize the time in the audit logs with the time on the NTP
server.
32
| DR Generator Sync Box, DR Retrofit Solution | Introduction
0319D EN 20191031 1011