This Article Full Text Full Text (PDF) All Versions of this Article: M1404v1 12/1/84    most recent Submit a response Alert me when this article is cited Alert me when eLetters are posted Alert me if a correction is posted Services Similar articles in this journal Similar articles in PubMed Alert me to new issues of the journal Download to citation manager Citing Articles Citing Articles via Google Scholar Google Scholar Articles by Collmann, J. Articles by Lindisch, D. Search for Related Content PubMed PubMed Citation Articles by Collmann, J. Articles by Lindisch, D.

Safe Teleradiology: Information Assurance as Project Planning Methodology

Affiliation of the authors: ISIS Center, Department of Radiology, Georgetown University, Washington, DC.

Correspondence and reprints: Jeff Collmann, PhD, ISIS Center, Box 571479, Washington, DC 20057-1479; e-mail: <collmanj{at}georgetown.edu>.

Received for publication: 05/30/03; accepted for publication: 09/21/04.

The Georgetown University Medical Center Department of Radiology used a tailored version of OCTAVE^SM, a self-directed information security risk assessment method, to design a teleradiology system that complied with the regulation implementing the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The system addressed threats to and vulnerabilities in the privacy and security of protected health information. By using OCTAVE^SM, Georgetown identified the teleradiology program's critical assets, described threats to the assurance of those assets, developed and ran vulnerability scans of a system pilot, evaluated the consequences of security breaches, and developed a risk management plan to mitigate threats to program assets, thereby implementing good information assurance practices. This case study illustrates the basic point that prospective, comprehensive planning to protect the privacy and security of an information system strategically benefits program management as well as system security.