As a governmental regulation, Health Insurance Portability and Accountability Act (HIPAA) was issued to protect the
privacy of health information that identifies individuals who are living or deceased. HIPAA requires security services
supporting implementation features: Access control; Audit controls; Authorization control; Data authentication; and
Entity authentication. These controls, which proposed in HIPAA Security Standards, are Audit trails here. Audit trails
can be used for surveillance purposes, to detect when interesting events might be happening that warrant further
investigation. Or they can be used forensically, after the detection of a security breach, to determine what went wrong
and who or what was at fault. In order to provide security control services and to achieve the high and continuous
availability, we design the HIPAA-Compliant Automatic Monitoring System for RIS-Integrated PACS operation. The
system consists of two parts: monitoring agents running in each PACS component computer and a Monitor Server
running in a remote computer. Monitoring agents are deployed on all computer nodes in RIS-Integrated PACS system to
collect the Audit trail messages defined by the Supplement 95 of the DICOM standard: Audit Trail Messages. Then the
Monitor Server gathers all audit messages and processes them to provide security information in three levels: system
resources, PACS/RIS applications, and users/patients data accessing. Now the RIS-Integrated PACS managers can
monitor and control the entire RIS-Integrated PACS operation through web service provided by the Monitor Server.
This paper presents the design of a HIPAA-compliant automatic monitoring system for RIS-Integrated PACS Operation,
and gives the preliminary results performed by this monitoring system on a clinical RIS-integrated PACS.