ResolutionMD uses a customer provided and managed user management system like Active Directory or LDAP for the authentication of all user access to Patient information. The customer is responsible for configuring and providing access to ResolutionMD for relevant users using those systems.
The ResolutionMD product can further be configured using the Restricted URL launch mode and Mandated Access rules such that access to Patient information can be restricted to only information for which the logged on user is authorized to access. For example, the product can be launched such that a user can see only the studies for which they are listed as the Referring Physician, or the Product can be launched in context from an EMR/PACS/Portal and the user only has access to that one specific study and no other studies or Patients.
The procedure for configuring Mandated Access and Restricted URL launch mode is fully detailed in the service manual and questions can be raised to our support team during site configurations/installations.
In order for the Product to function in this way, a number of other systems need to be in place, for example, a user management system (for example Active Directory) and a system of identifying which user has access to which Patients or Studies (for example, an EMR or Registry).
EU GDPR 2016/679 compliance will be the responsibility of the installer and customer to confirm following suitable configuration and testing of the product and integration with the other required components.
Confidential health information is further controlled within WI-14 DICOM PHI Handling Instruction.
