PACSMail Security Policy

Communication Using PACSMail Client for Windows

PACSMail is designed to provide a secure means of communicating confidential information between healthcare providers via the Internet. Once installed, the PACSMail client allows the secure creation and transmission of electronic medical files that may include diagnostic quality images in DICOM format.

Access to the PACSMail service is protected via username and password security. Data transmission security is assured through a combination of data encryption prior to transmission and the use of a secure transmission protocol for data transfer between the PACSMail client and PACSMail server. 

Encrypted copies of all files transmitted and received are stored for viewing and audit on the user’s local hard disk and are indexed within the client. These files can only be viewed from within the PACSMail client software. User access is further protected via both Windows log-in and specific client log-in username and password security.

Creation, modification and viewing of files is logged and an audit trail is kept within the file concerned.

Communication Using the PACSMail Cloud

PACSMail Cloud provides an alternative means of communication of patient information between registered users of the PACSMail Network.

Access to the PACSMail service is protected via username and double password security. Data security is assured through a combination of data encryption during upload and the use of a secure communications protocols to protect access to information held on the PACSMail Cloud server. Viewing of DICOM files is provided on-demand using a server side rendering engine, avoiding the need to download cases to the user's hard drive.

Data Storage - PACSMail Server

Data in Transit:

Files in transit are stored on the server and, unless users have purchased file archiving facilities, files are deleted once they have been downloaded by the destination user.

Data in transit is held in a mirrored RAID II configuration, allowing immediate switch to back-up in case of a server disk failure. A full tape back-up is carried out weekly with differential back-ups being completed daily. Tapes are held on a two weekly cycle, after which they are overwritten.

Archived Files:

Archived files are kept separate from the files in transit and are backed up as part of the back-up procedure described above.

ISO27001: PACSMail Service Security Management and Continuity Assurance

ISO27001 is an internationally recognised security standard that comprehensively defines the requirements for establishing, implementing and documenting an effective information security management system. It replaces the BS7799 information security management standard.

The PACSMail service hosting environment (Rackspace) is based in London, UK, and has been certified by Certification Europe to the ISO27001 standard (link).  All hosting staff have been sensitised to security matters and are contractually bound to follow security policies that are externally audited.

Business Continuity Plans (BCPs) are also in place to ensure that the PACSMail service remains available in the event of a disruption or disaster.

Clinical Governance

It remains the user's responsibility to ensure that use of the PACSMail network complies with local clinical governance policy.