Skip to main content

Security Options

How secure is the stored patient information on a mobile device?

Patient information (PHI) is safe in the Vscan Air app and during export.

Secured data at rest

The mobile device must be protected with User Authentication (facial recognition, fingerprint, or PIN) otherwise Vscan Air App cannot be opened Patient data is only accessible with use of a user selectable PIN and exam data is automatically erased after 10 incorrect PIN attempts.

Your institution’s mobile device manager controls the content on the device.

Patient data and images are encrypted and stored separately from other applications, ensuring patient data cannot be shared with other applications (in compliance with U.S. government’s Federal Information Processing Standard (140-2) for encryption of sensitive data (AES-256-bit encryption).

Secured data on the move

DICOM® TLS 1.3 with private Client & Server certificate support (the most secure method currently available to send patient data over a wireless network to for review and storage)

Patient data remains within your network and your control – no need to send data to the Cloud.d

App cannot access other information on the mobile device or tablet.d

Only anonymized images can be shared with other apps for collaboration or presentation.

Support of enterprise-grade wireless encryption standards including EAP and WPA2 (PSK).

Configurable time period for image removal on the device after export to a DICOM® PACS server.

What happens when the lock/password on the mobile device is removed?

You need a lock/password to access the app. If it is removed, you will be informed when opening the app that it will be locked until a new lock/password is enabled. Images will not be deleted from the app when this happens.

How is GDPR compliance addressed?

GE Healthcare does not transfer any exam or patient information to our backend or the Cloud.

Exam data stored on the mobile device is encrypted and only accessible through the Vscan Air app. Sharing of this data is under user control and discretion.

The healthcare institution will need to set up its own policies for GDPR compliance – for example, whether or not it permits users to use their personal mobile devices, whether it mandates data upload to its PACS, whether it mandates that data is wiped after it is uploaded, etc. Vscan Air ensures that any sensitive data it stores on the mobile device is secured and that user authentication is required before access is granted.

What is the process to respond to individual local country questions with regards to data protection?

Data is secure on the mobile device, we do not automatically export it anywhere, the user controls export destination, timing, and deletion from the mobile device.

Can the use of private mobile devices be restricted in public institutions?

There is currently no mechanism to prevent this. The healthcare institution and individual users will need to develop their policy.