l

Shared Roles for System and Data Security

4535 616 08142 Rev B

August 2013

© 2013 Koninklijke Philips N.V. All rights reserved. Published in USA.

 Philips Ultrasound
22100 Bothell-Everett Highway
Bothell, WA 98021-8431
USA
Telephone +1 425-487-7000 or 800-426-2670
Fax +1 425-485-6080
www.healthcare.philips.com/ultrasound

This document and the information contained in it is proprietary and confidential information of Philips Healthcare (“Philips”) and may not be re-
produced, copied in whole or in part, adapted, modified, disclosed to others, or disseminated without the prior written permission of the Philips
Legal Department. This document is intended to be used by customers and is licensed to them as part of their Philips equipment purchase. Use of
this document by unauthorized persons is strictly prohibited.
Philips provides this document without warranty of any kind, implied or expressed, including, but not limited to, the implied warranties of mer-
chantability and fitness for a particular purpose.
Philips has taken care to ensure the accuracy of this document. However, Philips assumes no liability for errors or omissions and reserves the right
to make changes without further notice to any products herein to improve reliability, function, or design. Philips may make improvements or
changes in the products or programs described in this document at any time.
Unauthorized copying of this document, in addition to infringing copyright, might reduce the ability of Philips to provide accurate and current in-
formation to users.
“QLAB” is a trademark of Koninklijke Philips N.V.
Non-Philips product names may be trademarks of their respective owners.

Philips Healthcare

2 Shared Roles for System and Data Security 4535 616 08142
 Contents

Contents
Introduction ............................................................................................................................................. 5
General Information ................................................................................................................................. 5
Control of Security Vulnerabilities on Philips Ultrasound Systems ............................................................. 6
Strategy for Defense-in-Depth Security ........................................................................................................ 6
Regulatory Environment ............................................................................................................................... 6
Role of Philips in the Product Security Partnership ...................................................................................... 8
Role of Customers in the Product Security Partnership ................................................................................ 9
Security Issues and Guidelines ................................................................................................................... 10
Information-Maintenance Example ........................................................................................................ 13
Assumptions About the Environment ......................................................................................................... 13
Information Zones ...................................................................................................................................... 13
Security Protection Software .................................................................................................................. 15
Operating System Security Updates ........................................................................................................... 15
Antivirus Scanning and Updates ................................................................................................................. 16
Backups and Archives ............................................................................................................................. 16
Backup Procedure ....................................................................................................................................... 16
Disaster Recovery Plans .............................................................................................................................. 17
Data Security for Off-Cart Workflows ...................................................................................................... 17
User Authentication .................................................................................................................................... 17
Operating System ....................................................................................................................................... 18
Network Configuration ............................................................................................................................... 18
Virus Protection .......................................................................................................................................... 18
System Patching .......................................................................................................................................... 19
Remote Administration .............................................................................................................................. 19
Protecting Patient Data ............................................................................................................................... 19
Exporting Data from QLAB and Q-Station Software ................................................................................. 20
Philips Healthcare

Exporting Images ........................................................................................................................................ 20

Exporting Quantification Results ................................................................................................................ 20

Shared Roles for System and Data Security 4535 616 08142 3
Contents

Philips Healthcare

4 Shared Roles for System and Data Security 4535 616 08142
 Introduction
These guidelines are designed to help healthcare facilities understand how the security of Philips
ultrasound systems, software products, and patient data can be compromised, and to highlight Philips
efforts to ensure that safeguards are in place to help prevent security breaches.
This document discusses security on ultrasound systems and QLAB and Q-Station software on host
computers. Where Philips ultrasound systems are delivered as complete systems, with restrictions on
what is authorized and available, QLAB and Q-Station host computers are acquired, configured, and
maintained by the healthcare facility or individuals.
For ultrasound-system security resources, such as security bulletins, FAQs, and vulnerability information,
see the Philips Product Security website:
www.philips.com/productsecurity

General Information
The following general information applies to the security of Philips ultrasound systems, QLAB software,
Q-Station, and patient data.
• Philips ultrasound systems do not support multiple-user-session operations. They are designed as
single-user devices. Clinical-use access over a network is unsupported, except through Philips-
authorized service applications.
• Ultrasound systems and the QLAB and Q-Station software products are not long-term storage devices.
Persistent patient data must be archived to a PACS or stored temporarily on removable media (see
“Removable and Portable Media” on page 12).
• Ultrasound systems automatically boot into a custom shell through the use of an XP Embedded or
Windows Embedded Standard 7 capability. This satisfies the safety requirements for medical devices,
which require ultrasound systems to be operational as soon as possible after startup. Access to the
Philips Healthcare

operating system is restricted to authorized Philips personnel.

• QLAB and Q-Station software boot to a desktop, and then the user starts the application.
• The system does not synchronize with customer central user-account administration systems (for
example, LDAP, Active Directory).

Shared Roles for System and Data Security 4535 616 08142 5
 Control of Security Vulnerabilities on Philips Ultrasound
Systems
Philips is dedicated to helping all customers maintain the confidentiality, integrity, and availability of
patient data while ensuring that their ultrasound systems continue to generate and manage this
information with complete security. Ultrasound systems may become vulnerable to security breaches
when they are connected to a network or accept removable media.

Strategy for Defense-in-Depth Security

Within the healthcare facility, maintaining the security of patient data and Philips products requires a
defense-in-depth security strategy, one that is comprehensive and multilayered (including policies,
processes, and technologies) for protecting information and systems from internal and external threats.
For specific information about security within your facility, consult with the security specialists in the
following offices or those with similar responsibilities:
• Chief information security officer
• Chief information officer
• HIPAA privacy or security officer (in the United States)
• Safety officer
To learn about general security issues or specific vulnerabilities of your ultrasound system, contact your
Philips service representative.

Regulatory Environment
The development and manufacture of medical devices is tightly regulated, as is the security and privacy of
patient information held by health care providers. This creates challenges for both healthcare providers
and manufacturers in responding quickly to new threats to the security of patient data stored on medical
Philips Healthcare
devices.

6 Shared Roles for System and Data Security 4535 616 08142
 Protection of Electronic Patient Health Information
One of the most important assets to protect with security measures is patient health information. As an
example, the following regulations require patient health information to remain confidential, and they
specify security measures to guard patient information:
• Health Insurance Portability and Accountability Act (HIPAA), United States of America
(www.hhs.gov/ocr/privacy/)
• European Medical Device Directive 93/42/EEC
• Japan’s HPB517
• HIPAA-related portions of the U.S. federal economic-stimulus act (or HITECH), formally known as the
American Recovery and Reinvestment Act of 2009

CAUTION
The internal electronic log files generated by the system as part of its normal operation contain the
names of storage folders and therefore will include any patient, clinician, or other personal identifying
information used in such folder names. In the course of maintenance, monitoring, or repair of the
system, or of related development and other system-related activities, Philips may access, store, or
otherwise use these log files.

Prevention of Unauthorized Modifications

Government regulations require Philips and all other manufacturers of ultrasound systems to follow
specified quality assurance procedures that verify and validate all modifications of their systems. To
ensure system performance, operators and owners of these systems should allow only those
modifications that are authorized by Philips.

WARNING
Do not alter the configuration settings of the ultrasound system unless instructed to do so by an
Philips Healthcare

authorized Philips service representative. Altering system settings, such as the DICOM configuration, is
permitted only under strict guidelines. Unauthorized modifications can cause the system to
malfunction, which may lead to misdiagnosis.

Shared Roles for System and Data Security 4535 616 08142 7
 CAUTION
Philips delivers and sets up some of its ultrasound systems in the “secure by default” state. If a user
weakens the security configuration, Philips does not assume further responsibility for ensuring safe and
effective operation of the system.

CAUTION
Do not install software on the ultrasound system without authorization from Philips. Installation of
unauthorized software on such systems can cause the system to malfunction.

Role of Philips in the Product Security Partnership

Philips operates under a global Product Security Policy that governs design-for-security in product
creation, risk assessment, and incident-response activities for vulnerabilities identified in existing
products. Philips has instituted a global problem-tracking and escalation process that provides visibility to
security issues involving Philips systems.
Response to Vulnerabilities
Product engineering groups within Philips monitor continuously for new security vulnerabilities of our
systems, including those identified by third-party-software and operating-system vendors and those
reported from individual healthcare facilities.
A global network of response teams dedicated to product-security incidents collects and manages
information and addresses the vulnerabilities that affect Philips products and solutions. The response
teams continue to expand their activities toward global coverage of all systems.
The goal is for the appropriate response team to evaluate each real and potential breach of security with
an explicit assessment of the risk, threat, or vulnerability and to develop, as required, a vulnerability-
response plan that includes qualification and communication procedures. This means that Philips intends
to simultaneously inform customers of system vulnerabilities while proceeding with development and
deployment of risk-mitigation efforts. For more information about system vulnerabilities, see this website: Philips Healthcare

www.philips.com/productsecurity

8 Shared Roles for System and Data Security 4535 616 08142
 Design Improvements
Philips actively conducts internal product security assessments to identify potential security weaknesses.
With that information, Philips engineering teams often define configuration changes and re-engineering
efforts that harden the system against outside threats. The same information also drives security design
requirements for new products. The Philips Product Security Policy requires design-for-security objectives
as part of all new product-creation efforts.

Role of Customers in the Product Security Partnership

The practical implementation of technical security elements varies by site and may employ a number of
technologies, including firewalls, virus-scanning software, authentication technologies, and so on. As with
any computer-based system, ultrasound systems require the level of protection typically provided by
firewalls and other security devices between the medical system and any externally accessible systems.
The U.S. Veterans Administration has developed a widely used isolation architecture for this purpose. Such
perimeter and network defenses are an essential element of good security practices. The Department of
Veterans Affairs Medical Device Isolation Architecture Guide is on this website:
www.himss.org/files/HIMSSorg/content/files/MedicalDeviceIsolationArchitectureGuidev2.pdf
General Case
Philips does not support the installation of third-party software on ultrasound systems by a healthcare
facility (for example, virus scanners, office-productivity tools, system patches, on-platform firewalls, and
so on) without prior Philips authorization. Unauthorized modifications to a Philips system void the
warranty and may cause the system to malfunction. Any service requirements caused by these actions are
not covered under Philips service agreements. Because such modifications can affect system performance
and safety in unpredictable ways, Philips is not responsible for the behavior of equipment that has been
modified without authorization.
Response to Product-Security Incidents and Malware Detection
In the event of a product-security incident, or if you detect malware (malicious software) on the system,
Philips Healthcare

immediately disconnect the system from the network and report the incident to your Philips service
representative. Alternatively, report the incident by sending e-mail to productsecurity@philips.com.

Shared Roles for System and Data Security 4535 616 08142 9
 If you detect malware on the system, do not install or run third-party software, such as virus scanners, on
the system to detect and remove the malware. If malware is detected on the system, the only safe
recovery is for your Philips service representative to reimage the system.

Security Issues and Guidelines

The following guidelines provide concrete examples of system and data vulnerabilities and methods for
providing protection.
Network Security
Any networked ultrasound system must be connected to a secure local area network, one that provides
protection against computer viruses and other harmful code or traffic. Ensure the local area network uses
appropriate protection, such as only using secure wireless technologies, firewalls, intrusion detection and
prevention systems, and vulnerability scanners.
Remote Service Network
Philips has created a global, Internet-based network for connecting its ultrasound systems and certain
software products to advanced Philips service resources. The Philips Remote Services Network (RSN)
provides a secure communication infrastructure that allows either of these communication connections:
• Internet-based Secure Sockets Layer Link (iSSLLink)
• Virtual Private Network (VPN)
Sophisticated security features optimize protection for networks, medical systems, and patient privacy.
The RSN uses explicit authorization and authentication control and data-encryption technologies. Philips
encrypts all data transmissions to and from its customer sites, deploying 3DES (Triple Data Encryption
Standard) and AES (Advanced Encryption Standard) encryption protocols. 3DES and AES comply with the
U.S. federal standard for encrypted data transmissions.
Philips Remote Services are designed to maintain strong protection for confidential healthcare
information. In most cases, Philips service representatives can complete service tasks by examining Philips Healthcare
technical data from the affected system with no access to personal data. In the rare cases that the analysis
and repair cannot be completed without accessing personal data, access is limited to trained and
authorized Philips personnel.

10 Shared Roles for System and Data Security 4535 616 08142
 For more information, download the Philips Remote Services Security brochure from the Remote Services
Security website:
www.healthcare.philips.com/main/support/equipment-performance/remote-services/security.wpd
Antivirus Updates
Antivirus software introduces a safety and performance risk in Philips ultrasound systems, with little value
added. Alternatively, Philips provides secure virus-resistant system configurations that use a pre-installed
software firewall or that minimize network port and services exposure. Also, an Internet browser is
neither accessible nor required for the intended uses of Philips ultrasound systems.
Those mitigations greatly reduce the virus threat. When they are combined with an effective network-
security policy for your network, your Philips system’s risk of virus infection is minimized (see “Antivirus
Scanning and Updates” on page 16).
Physical Access Control
Each healthcare facility should limit physical access to the ultrasound systems for the prevention of
accidental, casual, or deliberate contact by unauthorized individuals. Access to the room containing the
ultrasound system should be controlled by policy and procedures that identify who is authorized to occupy
specific areas. The facility safety or security office can provide more information about what measures are
in place or how to implement room-access controls.
Position of Display Monitors
Unauthorized visual access to protected information can be minimized by positioning the system’s monitor
to prevent viewing from doorways, hallways, and other traffic areas.
Philips continues to improve its product security, including the introduction of controls to enable a screen
saver to protect information from casual viewing when users need to be away from the system.
Initiate screen blanking by logging off the system or manually clearing the display before leaving the unit
unattended for any amount of time.
Philips Healthcare

User Login and Logout Protections

Philips ultrasound systems that are based on Windows XP Embedded do not employ Windows Logon
technology. Access is provided through a custom shell with the use of an XP Embedded or Windows

Shared Roles for System and Data Security 4535 616 08142 11
 Embedded Standard 7 capability. A password protects saved protected health information (PHI) from
unauthorized access, while meeting safety requirements for the device to be operational as soon as
possible.
For systems with login capabilities, a consistent user login process, including user names and passwords,
provides good security for protecting information. In both cases the healthcare facility must control access
to the system.
Protective login and password practices include these:
• Implement strong passwords. This is the easiest and most-effective method to increase security.
Strong passwords consist of at least eight alphanumeric, mixed-case characters, digits, and special
characters, for example “@” or “*.” Never use words that can be found in a dictionary.
• Never post or share user names and passwords.
• Change passwords periodically.
Train system operators to log off of the system immediately after completing their work.
Removable and Portable Media
Philips ultrasound systems can export clinical studies to removable media, including CDs, DVDs, and USB
devices. Removable or portable media are easily lost or damaged and are at risk of technology
obsolescence. Philips recommends that you do not use removable or portable media for long-term
storage of patient data. Rather, store patient data on a PACS or other long-term storage media. Follow
your IT department’s recommended practices for intended use of removable or portable media.

CAUTION
Before inserting media into the ultrasound system or workstation, a good practice is to use media only
from trusted sources and to perform a virus scan to ensure that the media has not been exposed to
viruses, worms, or trojans that infect desktop PCs. For information about software security, see
“Security Protection Software” on page 15.
Philips Healthcare

CAUTION
Removable media that contains images or other medical information must be stored in a secure area
that is not accessible by unauthorized individuals.

12 Shared Roles for System and Data Security 4535 616 08142
 CAUTION
It is impossible to disable removable-media interfaces on the system.

NOTE
Some ultrasound systems include a setting that disables exports to removable media.

When using removable media (flash memory, CD-ROMs, DVDs, USB storage devices, and magneto-optical
discs) be aware of these security issues:
• Ultrasound systems may become vulnerable to security breaches when they accept removable media.
Inserting removable media in the system may introduce viruses. Philips recommends that you use the
system to format USB storage devices before working with them.
• Removing media that contains patient data may allow access to the data by unauthorized individuals.
• Destroying or disabling discarded media is necessary to prevent further access to data.
• The system does not encrypt personal data that is stored on the system hard drive or exported to
removable media.

Information-Maintenance Example
This example of how to maintain information security uses a zone model of information flow.

Assumptions About the Environment

The ultrasound system relies on the healthcare facility to maintain a secure environment, with protection
mechanisms for network access, encryption, intrusion detection, and vulnerability scanning. Maintaining
a secure ultrasound system within a secure environment further requires that any updates to the system
software must be added by a Philips-authorized representative, unless Philips instructs otherwise.
Philips Healthcare

Information Zones
The information-flow model is commonly incorporated into security standards. An easy way to visualize
this model is to diagram a healthcare facility as divided into three zones (see figure), with each zone having

Shared Roles for System and Data Security 4535 616 08142 13
 a different priority and level of use for the information. Some facilities decide not to extend their
information to the farthest zone because they cannot guarantee its protection and integrity.

Zone 3 Firewall with IPSec

Firewall
Zone 2

Zone 1

Security Solutions Between Zones

Zone 1: The Ultrasound Department

Most image transfer is performed within Zone 1. Backups, copies, and discs of DICOM images must be
carefully managed by department staff.
Zone 2: The Rest of the Healthcare Facility
Zone 2 includes clinics outside the department that have access to the system and, in some cases, the
Internet. Proper authorization for access and use of audit trails is critically important.
Zone 3: The Internet
Zone 3 is used for remote service connectivity.
Security Between the Zones
Security between the zones should be managed by standard IT security solutions. Managers must be Philips Healthcare
aware of the expected level of data traffic to choose a solution that is secure, yet does not act as a
bottleneck in the information flow. Image distribution requires a high-bandwidth network.

14 Shared Roles for System and Data Security 4535 616 08142
 Security Within the Zones
The security within the zones should be managed by a combination of standard IT security solutions and
the security functions of the ultrasound system.

Security Protection Software

This section provides information about security and third-party software for Philips ultrasound systems.
Philips provides validated software updates for operating-system security and, in some cases, antivirus
protection. These updates provide ongoing protection of ultrasound system performance and safety from
security threats.

NOTE
Updates are provided through regular releases and the Philips Field Change Order process.

Operating System Security Updates

Philips identifies and validates operating system updates that can protect against security vulnerabilities
and includes them in new releases of Philips ultrasound system software. As required between regularly
scheduled releases, corrective software versions (operating system updates) are made available to address
known vulnerabilities. Only an authorized Philips service representative should install those releases. For
some systems, it may be possible for you to install updated software provided by, and as directed by, an
authorized Philips service representative. If you have an applicable Philips service agreement, Philips may
also remotely provide updated software directly to the ultrasound system.
Due to the extended life cycle of Philips ultrasound systems, it is possible for the operating system of the
ultrasound system to reach a Microsoft End of Support condition before the planned End of Support date
of the ultrasound system. To provide continuing protection for your system, Philips maintains extended
support contracts with Microsoft, to prolong the supportability of the operating system. To ensure the
Philips Healthcare

continuing security of Philips products, Philips incorporates many security measures, as described in this
document and in product-specific documents. When combined with an effective network security policy,
this creates a defense strategy that may significantly increase the longevity and supportability of your
Philips ultrasound system, while minimizing risks to data integrity and customer networks.

Shared Roles for System and Data Security 4535 616 08142 15
 Antivirus Scanning and Updates
Philips ultrasound systems differ in their degree of exposure to and protection from the threat of software
virus infection. In all cases, the best protection against viruses is for a healthcare facility to establish an
effective network-security policy.
Philips works to create secure system configurations in different ways for different systems. For some
systems, Philips authorizes the installation of antivirus software. For other systems, Philips may include a
software firewall or limit network-port and services exposure as part of the security architecture. Also, to
address known vulnerabilities, Philips tests, qualifies, and installs revisions to the ultrasound system
software. When those measures are combined with an effective network-security policy within a
healthcare facility, the risk of software virus infection on those systems is greatly reduced.
If you detect malware on your system, immediately contact your authorized Philips service representative.

Backups and Archives

Backup Procedure
Ultrasound systems are not intended to be used for permanent storage of sensitive personal information.
Export such information to a storage device as soon as possible.
You cannot back up the entire ultrasound system. To ensure that patient records and system configuration
information is maintained and stored safely and efficiently, connect to other systems (such as a PACS or a
PIC station) for data storage and duplication.
Ultrasound systems are designed to maintain information only as necessary to produce external
documentation for medical records (such as films, traces, and printed records). If additional backup is
necessary, establish an administrative protocol to archive all clinical studies before deletion.
Regularly create file backups of QLAB and Q-Station results and exported images, and keep safe copies of
the backups off site. Philips Healthcare

For complete information on connecting to external systems and backing up system files, consult the user
information for your ultrasound system.

16 Shared Roles for System and Data Security 4535 616 08142
 Disaster Recovery Plans
It is your responsibility to ensure you have a disaster recovery plan that includes regular and complete
patient data backup. Ultrasound systems are intermittent storage devices; patient data must be exported
from the ultrasound system. Ensure you also create backups of the system-specific settings. For more
information on exporting patient data and creating system-setting backups, see your ultrasound system
user information. Use data backup software to create backups of patient data exported from QLAB and
Q-Station software.

Data Security for Off-Cart Workflows

Data may be exported from an ultrasound system for archiving, quantification, or distribution. Each
healthcare facility is responsible for ensuring the patient information is fully protected against
unauthorized access.
Patient data can be exported using a number of methods, including the ultrasound system's archive
mechanism, DICOM export, image export, or report export.
Data can be moved using a network or removable media, such as CDs, DVDs, and USB drives.
QLAB and Q-Station patient information and images are unencrypted and accessible through the Windows
operating system software. Ensure you maintain proper security policies and configurations for QLAB and
Q-Station host PCs and their environment, including readable media, network, third-party applications,
backup files, and physical breach.

User Authentication
Ensure that QLAB and Q-Station host PCs are configured for user authentication and that the individuals
using QLAB and Q-Station host PCs have a user name and password. You can use this information to
protect the data in the folders and individual files.
Philips Healthcare

Use strong passwords for access to QLAB and Q-Station host PCs and data. For more information on
passwords, see “User Login and Logout Protections” on page 11.

Shared Roles for System and Data Security 4535 616 08142 17
 Operating System
Ensure that the operating system and applications on QLAB and Q-Station host PCs are kept current with
patches, updates, and upgrades.

Network Configuration
If the QLAB or Q-Station host PC is connected to a local area network, the network should be securely
configured, providing protection against computer viruses and other harmful code or traffic. Ensure the
local area network uses appropriate protection, such as using only secure wireless technologies, firewalls,
intrusion-detection systems, and virus scanners.
File Access Controls
Use the operating system’s file security properties to control access to files containing patient data on
QLAB and Q-Station host PCs.
Shared Folder Security
The default security setting for a shared folder allows all users to view and change the folder contents.
When sharing folders that contain patient data, ensure the appropriate security settings are in place. You
can assign permissions to individual users or groups of users.

NOTE
Transfers of non-DICOM images from a SONOS ultrasound system to a PACS require an open-share-folder
security setting.

Virus Protection
Use up-to-date antivirus and host-intrusion-prevention systems to ensure that QLAB and Q-Station host
PCs, associated networks, and any removable media are protected from viruses and similar programmed
threats. Philips Healthcare

For more information on using removable and portable media to share information, see “Removable and
Portable Media” on page 12.

18 Shared Roles for System and Data Security 4535 616 08142
 System Patching
The ultrasound architecture does not support system patching with Internet-downloadable software.
Philips manages field updates with validated security improvements through Philips-authorized software
releases.

Remote Administration
If remote administration is used on a QLAB or Q-Station host PC, ensure it is configured for secure remote
administration.

Protecting Patient Data

Moving patient data between the ultrasound system and a QLAB or Q-Station host PC may result in some
risk of disclosure of patient data. Ensure that the data remains secure during a transfer.
One route for safe transport is the QLAB DICOM server. For information on the QLAB DICOM server
application, see the QLAB User Manual.
After you export data from QLAB Q-Apps (plug-ins), open the Q-App folder (found in the QLAB installation
folder Philips\QLAB\Results), and set the security permissions to restrict access to the files and folders
based on user authentication.
DICOM Data Transfers
Standard DICOM is unencrypted, but reading the patient data encoded in a DICOM file requires a DICOM-
aware software application. However, after you export data from Q-Station, take appropriate steps to
restrict access to the data.
Hiding Patient Data in the QLAB File Viewers
To prevent the display of patient data in the File Open window, use the List format for viewing, and shrink
the relevant patient data columns to hide the contents. For more information on using the QLAB File Open
Philips Healthcare

window, see your QLAB user information.

Shared Roles for System and Data Security 4535 616 08142 19
 Exporting Data from QLAB and Q-Station Software
Use appropriate security measures to protect data exported from QLAB and Q-Station software.
Q-Station has an “anonymization” feature, which, if used when exporting patient data to a CD, DVD, or
Windows folder, replaces certain patient attributes with anonymous values.

CAUTION
Exported data is not anonymized by default. If data is exported to a system or storage device that is not
protected by password or another method, it is accessible by all clinical users. It is your responsibility to
ensure that patient privacy is not compromised at the export location.

Exporting Images
QLAB software exports images only if you have selected the QLAB Hide Patient Data preference.

Exporting Quantification Results

Before exporting quantification results from QLAB software, ensure the Hide Patient Data preference is
selected. This selection prevents the display of confidential patient data in the results file.
The data values in the files exported from QLAB and Q-Station software are not locked against changes. To
protect the data, use the file security properties to prevent write access.

Philips Healthcare

20 Shared Roles for System and Data Security 4535 616 08142