Furthermore, CoActiv EXAM-PACS is FDA 510(k) listed and meets complete conformance with DICOM 3.0 Standards for the creation, movement, storage and retrieval of diagnostic radiological images and exams.

An example of some of the tools and procedures that CoActiv provides to it’s HIPAA covered client include the following:

• Access and usage logs of all image creation, use, distribution and storage.
• Separate User Login IDs, Passwords and User Rights and Privileges.
• CoActiv strongly encourages all users to keep all access information in secure locations and we further recommend that users do not share any access information with any other party.
• Hierarchical User Access Rights & Privileges based on a strict need-to-know and right-to-know classification. Only patient medical treatment concerns can over-ride User Privilege classifications.
• Ability to limit access to specific patient images and information to Users based on both User Class as well as Individual Rights & Privileges within the system.
• Ability to limit access to patient’s images and information to only those physicians, practice medical staff and administrative staff with a legal and/or medical right to such images and information.
• All access to PACS images and information across the Internet is via Department of Defense 128-bit encryption and is limited to authorized Users only with appropriate User IDs and Passwords and all users are exposed to appropriate HIPAA warnings and are required to acknowledge such warnings before being allowed access to patient images or other patient information.
• Ability for the imaging entity to require varying levels of access information to different classes of remote users.
• Ability to organize and structure image and information archives into specific entity, practice or departmental groupings.
• Automated redundant backup of all patient image and related information on secure HIPAA audited on-line multiple remote archive sites as well as on the imaging center site. All images and information are also copied to archival removable electronic media for storage in offsite secure vaults.
• Archive redundancy includes: redundant hard drives; redundant RAID arrays; redundant servers with redundant power supplies, redundant cooling fans and redundant network interface cards; redundant archive centers with redundant Internet connections and redundant power sources, residing on divergent power grids and Internet peering points.
• All exams, images and information reside on: 1. Local Redundant On-Line RAID equipped Exam Server; 2. Remote Archive Site #1 with On-Line Redundant RAID devices; 3. Remote Archive Site #2 with On-Line Redundant RAID devices; 4. Archival removable electronic media stored in secure climate and access controlled vault storage.
• Biometric Access Control to primary archive center.
• Ability to produce “anonymized” exam copies for teaching or clinical review purposes.
• Automatic Log-off of any and all unattended workstations and servers with PACS access.
• Ability for authorized Users of the PACS to manually enter PACS orders and patient demographic information in the event of HIS/RIS failure.
• CoActiv also can automatically populate all connected modalities with patient exam orders and demographic via a self contained DICOM Modality Worklist in the event of a HIS/RIS failure.
• Department of Defense 128-bit encryption of all transmitted images and exams to and from Secure Socket Level Internet based access devices.
• Use of secure client server technology to eliminate less secure “browser based” remote access protocols.
• CoActiv supplied user training in proper HIPAA compliant practices and procedures when accessing and handling all patient related images and information in the PACS system.
• Classes in HIPAA practices and procedures are also made available on an as requested basis for any and all members of the entity PACS community, including physicians, medical staff, administrative staff, support staff and off-site PACS users such as referring and consulting physicians and their practice staff.
• All CoActiv employees are required to execute appropriate confidentiality agreements and all new employees are vetted by background checks with appropriate authorities.

To receive more detailed or specific information regarding CoActiv Medical Business Solutions HIPAA practices, procedures or policies please contact us at info@coactiv.com or in writing to: CoActiv, LLC, Department of Regulatory Control, 900 Ethan Allen Highway, Ridgefield, CT 06877, or by phone at: 877-COACTIV (262-2848).

Information regarding CoActiv FDA and DICOM regulatory compliance is also available elsewhere on this website.

Additional Information regarding HIPAA may be found at the following Internet locations:

1. US Dept of Health and Human Services - www.aspe.hhs.gov/admnsimp
2. US Office of Civil Rights (OCR) - www.hhs.gov/ocr/hipaa/
3. American College of Radiology - www.acr.org
4. AHIMA - www.ahima.org/hot.topics