Data security is an important issue in an organization, proper information security management is a continuous process of building and maintaining programs, policies and controls to protect information. Management must maintain the confidentiality, integrity and availability of patient information in accordance with ISO/IEC 27002 and HIPAA standards. However, health institutions lack processes for data security, so a simple method is needed that can be done by the Radiology installation itself.

The method used in this case is to observe the ISO/IEC 27002 and HIPAA references and then make steps that can be implemented. The Radiology Installation can create a simple protocol that can be adhered to to meet existing standards. Protocols that meet the standards that can be fulfilled by Radiology Installations are the categories of authentication, confidentiality, data integrity, non-repudiation and access control.

A simple protocol that can be created and implemented is a protocol that discusses access rights, user name, computer usage log book containing a data base, providing a strong password that only the user knows, regular data backup using password encryption, storage location. locked archives, surveillance cameras if possible and computer use for other purposes should be avoided. By creating simple security protocols at the radiology installation level, the radiology team has tried to comply with ISO 27002 and HIPPA.

Gutiérrez-martínez J, Núñez-gaona MA, Aguirre-meneses H. Business Model for the Security of a Large-Scale PACS, Compliance with ISO / 27002: 2013 Standard. Published online 2015:481-491. doi: 10.1007/s10278-014-9746-4

ISO/IEC 27002:2022. Published online 2022:1-2.

Liu BJ, Zhou Z, Huang HK. A HIPAA-compliant architecture for securing clinical images. J Digit Imaging. 2006;19(2):172-180. doi: 10.1007/s10278-005- 9248-5

McGhie LL. Health insurance portability and accountability act security rule. Inf Secur Manag Handbook, Sixth Ed. 2007;164:2703-2716. doi: 10.1201/9781439833032.ch205

Psaros VC. Information security in web-based teleradiology.

Setyawan NH, Supriatna Y. Implementation of Picture Archiving and Communication System (PACS) and Radiology Information System (RIS) at RSUP Dr. Sardjito Yogyakarta. J Radiol Indonesia. 2016;1(4):260–74.

Suandari PVL, Juliantara IPE, Rusmana ER. The Role of Implementing the Picture Archiving and Communication System in Radiology Services at Premier Bintaro Hospital. J Indonesian Health Management. 2020;8(3):161–6.