In keeping with the widespread advancement of Information Technology (IT) within the medical imaging industry, Canon Medical Systems USA, Inc. recognizes the importance of the protection of Patient Health Information (PHI).
PHI is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual. This can be the patient’s name, accession number, Patient ID or any discernible information that can be linked to a specific individual.
To comply with the Health Insurance Portability and Accountability Act (HIPAA), Canon Medical Systems, acting as a Business Associate¹, has an obligation and responsibility to our customers to properly dispose any media that contains PHI in a safe manner. Media can be Hard Drives (HDD), USB, CD’s, or parts that contain any PHI. If it is unknown if media contains PHI, the employee of Canon Medical Systems is to assume PHI is present and follow Canon Medical Systems policy for removal.
Canon Medical Systems is only responsible for PHI electronically stored on Canon Medical Systems diagnostic systems manufactured devices and where Canon Medical Systems is directly responsible for the service, sales presentation, or de-installation of the medical device. Canon Medical Systems guidelines will remove the patient data from the system following the guidelines of Canon Medical Systems Corporation. If desired, the facility may request the media that the PHI resided on for destruction as described below.
For some systems, Canon Medical Systems will use a mirroring program to backup the system state. This backup is used in cases where a software restoration is required such as software catastrophes. This backup may contain PHI. Canon Medical Systems will use care to store this backup in a safe location provided by your facility. If it is decided to not use this quick recovery method, please communicate to your local Canon Medical Systems customer engineer or email CanonMedicalSystemsSecurity@us.medical.canon
At any time, a Canon Medical Systems customer can request the HDD, solid state memory device (thumb drive), CD, or any media that contain PHI to be provided to them free of charge. The customer can then assume the responsibility of disposing the media that contains PHI. This can be requested for the following:
Please email CanonMedicalSystemsSecurity@us.medical.canon with any questions or concerns.