Skip to content

Frequently Asked Questions (FAQ)

Jump to bottom
Jacob Silterra edited this page Mar 15, 2024 · 1 revision

Could we observe real-time utilization of sybil to gain an intuitive understanding to assist during discussions with hospital IT?

The integration of Sybil varies from hospital to hospital. Some have developed a UI application to use Sybil; some use the terminal to evaluate their scans. Therefore, there is no single example of Sybil's real-time utilization. However, there are tutorials for setting up Sybil, which can be found here: https://github.com/reginabarzilaygroup/Sybil/wiki

What security events are logged for access and for data modifications? Can this information be provided in an audit trail report?

Sybil does not log any security events for access or data modifications. To keep track of data access, we suggest running it in parallel to clinical operations. However, one can easily extend the base model to log arbitrary interactions by cloning the repository and changing the codebase: https://github.com/reginabarzilaygroup/Sybil

Do you have a network diagram showing the software/hardware components, architecture, communication, and data flow?

Sybil is only a software tool. The setup varies from hospital to hospital. In general, my suggestion is to set it up in parallel to the clinical production by pulling data from the radiology server. This can be done by setting the computer Sybil is installed on as a node on the PACS vs. transferring DICOM images to Sybil via external drives

Does the software or data need to be backed up or retained for compliance?

Sybil is open source, and all previous versions are archived publicly at https://github.com/reginabarzilaygroup/Sybil. Compliance regulations may depend on the local setup for Sybil the hospital decides to use.

How are users’ access permissions assigned and controlled? (Is users’ access to the software role-based.)

This also depends on the specifics of the machine Sybil is running on.

Is any data stored locally on the users’ devices?

No, no data is permanently stored locally.

Is any data stored or processed outside of Hospital networks?

No. Sybil runs on a local computer and does not communicate to any outside system.

How is the software patched/updated for vulnerabilities?

The software is open source and published as it is. It is infrequently updated at https://github.com/reginabarzilaygroup/Sybil

Does the software: process(send/receive), store, access, or display ePHI (patient data) or other data subject to regulation?

The local Sybil model needs access to the scans in DICOM format to process them. This might include ePHI unless systems are put in place to de-identify the DICOM images provided to Sybil. However, no data leaves the local instance on which Sybil is running.

If the software does not store patient data, how would we link each data set (CT scan and sybil out)?

Suggest a study ID. The study ID would be linked to MRN, date, name etc. in a key sheet that is maintained separately

Clone this wiki locally