Security

Table of contents

Ikonopedia Takes Security Seriously!

At Ikonopedia, we take data security and privacy very seriously and are committed to ensuring that our customers’ sensitive information is protected. To demonstrate our dedication to maintaining the highest standards of security, we participate in SOC2 Type 2 audits. This rigorous evaluation assesses the effectiveness of our controls related to security, availability, processing integrity, confidentiality, and privacy. By undergoing these audits, we can assure our customers that we meet or exceed industry-recognized security standards and are continually monitoring and improving our practices to ensure the safety and security of their data.

Requirements

Application Requirements

Ikonopedia is a web application and requires internet access. Below are system requirements:

  • Network download speed of 3Mbps or higher (minimum of 1.5Mbps), as measured by http://speedtest.net.
  • Network “ping” time of 30ms or lower (maximum of 50ms), as measured by http://speedtest.net.
  • Supported web browsers: latest Chrome™, Firefox®, Safari®, Mobile Safari®(iPad®), Microsoft Edge™.
  • Web browser must have cookies and Javascript enabled.
  • Screen resolution of 1368×768 or higher.
  • 2GB RAM minimum.

Interface Requirements

If Ikonopedia will be interfacing with your existing system, we will provide you with our secure Java-based Ikonopedia HIP (Hybrid Intelligent Proxy) to be installed on a server within your firewall with the following system requirements:

  • Network download speed of 3Mbps or higher (minimum of 1.5Mbps), as measured by http://speedtest.net.
  • Network “ping” time of 30ms or lower (maximum of 50ms), as measured by http://speedtest.net.
  • Dedicated, monitored server expected to be up 24×7 to run HIP Java 8 or higher run-time.
  • Any modern web browser —Chrome™, Firefox®, Safari®, Mobile Safari®(iPad®), Microsoft Edge™ — with Javascript enabled.
  • Server running HIP must be reachable via HTTP from all computers running Ikonopedia Web Application.

Security White Paper

Ikonopedia takes security very seriously and has implemented several measures to safeguard patient data. We follow HIPAA guidelines and industry best practices to protect against accidental loss, as well as malicious attacks or theft.

To further enhance security, we have implemented advanced measures such as encryption of all personal health information (PHI) within Ikonopedia and storing data in separate databases for each customer to isolate potential threats or attacks.

To secure access to the Ikonopedia application, all passwords for user accounts are salted and hashed using strong encryption. Additionally, Ikonopedia Advanced Security can authenticate to your own Identity Provider (IdP) and enforce multi-factor authentication.

Our servers are professionally managed within high-availability environments. We regularly install security updates to servers and firewalls and monitor them for attacks or intrusions. Additionally, backups are securely stored in a separate environment.

All communication between your organization and Ikonopedia over the public internet is exclusively conducted using standard Hypertext Transfer Protocol (HTTP) and encrypted using current industry standard Transport Layer Security (TLS) technology. These measures ensure the confidentiality, integrity, and availability of patient data always.

We are happy to share our Security White Paper with you upon request.

EQUIP Support

Ikonopedia has introduced EQUIP support in response to the new FDA-mandated image quality requirements. This new system provides an array of efficient tools and reports to help your facility comply with these new requirements.

What are EQUIP Requirements?

To implement EQUIP, the FDA will add the following questions to the quality assurance components of its facility inspections to assess compliance with image quality requirements:

  1. Does the facility have procedures for corrective action (CA) when clinical images are of poor quality?
  2. Does the facility have procedures to ensure that clinical images continue to comply with the clinical image quality standards established by its accreditation body?
  3. Does the facility have a procedure for Lead Interpreting Physician (LIP) oversight of QA/QC records and corrective actions?

Ikonopedia helps you meet EQUIP requirements with a set of processes and reports that are naturally inherent in the design of our system.

Flagging for Corrective Action

Radiologists can flag images for corrective action using our built-in technical-repeat feature that is part of our screening modality. The radiologist can specify as little or as much detail as needed when flagging images for corrective action.

Automated EQUIP Reviews

Ikonopedia automatically initiates periodic FDA-mandated image quality-reviews, for both interpreting physicians and radiology technologists.

The reviewer can grade an auto-generated sample of exams, document deficiencies and indicate required corrective action as indicated.

Each exam is graded on the eight standard image quality measures. Grading criteria can be customized as needed and the reviewer’s feedback is included in quality-review reports.

Ongoing EQUIP Oversight

Ongoing oversight of QA/QC records and corrective action is managed through Ikonopedia Analytics. A variety of reports specifically designed to address the EQUIP initiative are available. User access to view EQUIP reports is fully configurable.

MQSA and BI-RADS® Compliant

Ikonopedia helps maintain a quality mammography facility by ensuring compliance with FDA MQSA, and ACR BI-RADS®requirements. Ikonopedia facilitates this by monitoring pertinent system data in the background and producing an on-demand MQSA audit report as well as a very useful dashboard of your operation.

ACR BI-RADS® Atlas 5th Edition has been integrated into Ikonopedia as part of report generation.

Patient Notification Letters

Ikonopedia takes the complexity out of patient and physician communication. We currently provide letters in fourteen languages that automatically adjust according to patient history and clinical data. We are continually adding languages based upon customer request.

Patient Questionaire

We also provide the same fourteen languages in our patient questionnaire. Previous language choices are automatically pulled forward for subsequent exams.

Breast Density Law

We can also include government-mandated breast density language in the letters for states that have that requirement.

Notice of Privacy (HIPAA)

Effective date of notice: February 4, 2013

Purpose of this Notice

Ikonopedia respects the privacy of protected health information and understands the importance of keeping this information confidential and secure. This Notice describes how we protect the confidentiality of the protected health information we receive.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Ikonopedia maintains a comprehensive system to ensure compliance with applicable provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Since our goal is to provide the highest level of service to our customers and business partners, we want you to know how Ikonopedia complies with the HIPAA directives. Our HIPAA Privacy Policy contains procedures addressing the protection, use and disclosure of protected health information (“PHI”), accounting of disclosures, access by individuals and third parties to PHI, protection of PHI by contractors, business associate agreements and training of employees.

How We Protect Personal Information

We treat personal information securely and confidentially. We limit access to personal information to only those persons who need to know that information to provide support services to our customers. These persons are trained on the importance of safeguarding this information and must comply with our procedures and applicable laws. We employ strict physical, electronic and procedural security standards (fully encrypted PHI) to protect personal information and maintain internal procedures to promote the integrity and accuracy of that information.

Disclosure of Personal Information

We may use or disclose protected health information to the Food and Drug Administration (“FDA”) in connection with the reporting of adverse events, product defects or problems, product tracking or for other purposes as required by the FDA. We may use or disclose de-identified protected health information during the course of clinical research activities. We may also disclose personal information as required by law.

Individual Rights to Access and Correct Personal Information

We have procedures in place for individuals to have access to protected health information, and procedures in place to ensure the integrity of our information and for the timely correction of incorrect information. You may contact our HIPAA privacy officer (listed below) to access to your protected health information.

We Want to Hear From You

Call for a demo or request more information.

Demo Request Form

Name(Required)
Join the Ikonopedia email newsletter list