FAQs

What is Product Security?

Product Security is a combination of technical product features, administrative policies, and physical safeguards used to ensure safe and effective use of medical devices as well as to ensure the confidentiality, availability, and integrity of the information created, maintained, and transmitted by medical devices.

Can customers download security patches or third-party software to their Philips devices?

ONLY Philips-authorized changes may be made to Philips Healthcare products, either by Philips personnel, or under Philips explicit,  published direction.  Philips subjects all patches and software to rigorous testing to ensure patient and operator safety standards are not compromised before authorizing any software - including anti-virus software - or patches for download, by either its customers or authorized Philips personnel. Unauthorized alteration of any medical device, including downloading non-validated or unauthorized patches, may void or breach existing service agreements and warranties. For additional information, contact your Philips service representative.

What is a security breach?

A security breach is one or both of the following:

• Philips software, or data that is managed by a Philips Healthcare product, is suspected of being maliciously altered, misused, or lost, including viruses, worms, hackers, etc.
• A Philips system or component has a customer-reported security vulnerability or breach that could result in alteration, misuse, or loss of patient data.

Generally, an event begins as a security breach that is then examined by a security expert to determine if this event is an applicable vulnerability or an actual breach of a product's confidentiality, integrity, or availability.  The terms security breach, security event, and security incident can be used interchangeably.

If you suspect a security breach, contact your local Philips Field Service representative as soon as possible.

What are Philips' policies regarding Product Security?

For detailed information regarding Philips' Product Security, please refer to Philips' Product Security Policy Statement. 

What is HIPAA?

HIPAA is a US legislative part of product security that stands for the Health Insurance Portability and Accountability Act.  The Act was designed to protect the privacy and security of an individual’s healthcare information against unauthorized access.

What is the Electronic Transactions & Code Sets Rule?

The Electronic Transactions and Code Sets Rule (TCS) established a standardized format for exchanging electronic data between Covered Entities to improve efficiency in the healthcare industry.

What is the HIPAA Privacy Rule?

The HIPAA Privacy Rule created standards and requirements specific to procedural policies that Covered Entities must follow to ensure the privacy of PHI, such as:

• Notifying patients about their privacy rights and how their information can be used.
• Adopting and implementing privacy procedures.
• Training employees to understand privacy procedures.
• Securing patient records.

What is the HIPAA Security Rule?

The Security Rule was developed specific to technical procedures so Covered Entities would ensure the confidentiality, integrity, and availability of all electronic PHI they create, maintain, receive, or transmit.  To meet these requirements, Covered Entities must implement administrative, physical, and technical safeguards.  This Rule applies only to information in electronic form.

What is a Covered Entity?

Covered Entities are organizations subject to the HIPAA Privacy Rule.  They are:  Health Plans, Healthcare Providers, and Healthcare Clearinghouses.  Covered Entities are allowed to disclose PHI to other organizations or individuals to perform functions on their behalf.

What is a Business Associate?

Under the HIPAA rules, Business Associates are defined as companies or persons contracted to perform certain functions on behalf of Covered Entities involving the use or disclosure of PHI.

Is Philips a Business Associate?

At times, Philips could be considered a Business Associate.  Service and support activities of a medical device manufacturer, such as Philips Healthcare, may create a Business Associate relationship and may require a Business Associate Agreement as determined by a Covered Entity.

What is PHI?

PHI, protected health information, refers to any individually identifiable health information, including demographic data, that is transmitted or maintained in electronic form, or in any other form or medium.

What is ePHI?

Electronic, protected health information.