A PACS (Picture Archiving and Communications System) medical system is a computer system used by healthcare providers. A Picture Archiving and Communication System captures, stores, distributes, and then displays medical images.

The medical system also digitally transmits electronic images and reports. The medical images include (among others) X-rays, CT scans, and MRI scans. 

What Does a Picture Archiving and Communication System Consist of?

A PACS system consists of four main components:

  • An imaging modality (type of imaging). Imaging modalities include, for example,  magnetic resonance imaging (MRI), ultrasound, x-rays, and computed tomography (CT) scanners. 
  • A secure network, through which to transmit patient information.
  • Workstations through which images can be interpreted and reviewed.
  • Archives to store and retrieve images and reports.

The PACS system allows for sharing of the images. Under the HIPAA Privacy Rule, images can be shared among providers, or within a healthcare organization, for treatment purposes. Since a PACS system acts as a digital storage medium, the need to manually file, retrieve, access, or transport film jackets containing images in the form of physical documents, is eliminated.

How Are a Picture Archiving and Communication System (PACS) and HIPAA Related?

Medical images such as X-rays, CT scans, and MRI scans constitute electronic protected health information (ePHI); as such, covered entities that use Picture Archiving and Communication System technology are subject to the requirements of the HIPAA Security Rule

The HIPAA Security Rule requires covered entities to:

  • Ensure the confidentiality, integrity, and availability of all ePHI they create, receive, maintain, or transmit;
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information;
  • Protect against impermissible uses or disclosures of ePHI that are reasonably anticipated; and
  • Ensure compliance by their workforce.

To satisfy the Security Rule requirements, covered entities must develop administrative, technical, and physical safeguards to ensure the confidentiality, integrity, and availability of ePHI.

Technical safeguards play a particularly important role in ensuring PACS data and its transmission is kept secure. Technical safeguards include, among other items:

  • Access Controls: Implementing technical policies and procedures that allow only authorized persons to access ePHI.
  • Transmission Security: Implementing technical security measures that guard against unauthorized access to ePHI that is transmitted over an electronic network.

Having proper access controls can ensure that PACS-equipped workstations are not accessed by unauthorized persons. Having proper transmission security can ensure patient information is transmitted over a secure network that is protected from unauthorized access to ePHI.

Are you using HIPAA compliant tools?

Make sure you’re following all of the HIPAA rules.