1 / 14

Security and DICOM

Security and DICOM. Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research. What’s Available Now. Use of Secure Communications Channels Data integrity during transit Entity authentication Confidentiality during transit via encryption

jaegar
Download Presentation

Security and DICOM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and DICOM Lawrence Tarbox, Ph.D.Chair, DICOM Working Group 14Siemens Corporate Research

  2. What’s Available Now • Use of Secure Communications Channels • Data integrity during transit • Entity authentication • Confidentiality during transit via encryption • Secure Transport Connection Profiles • TSL 1.0 (derived from SSL) • ISCL • Secure Use Profiles • Online Electronic Storage • Base and Bit-preserving Digital Signature (storage)

  3. What’s Available Now • Secure Media via CMS Envelopes • Data integrity checks • Confidentiality via encryption • Only targeted recipients can access • Media Storage Security Profiles • Embedded Digital Signatures • Data integrity for the life of the SOP Instance • Identifies signatories, with optional timestamps • Digital Signature Profiles • Base, Creator, and Authorization RSA Profiles

  4. Profiles in DICOM? • Main standard body provides the ‘hooks’ • Profiles provide the particulars, e.g. • Standard selection • Algorithm selection • Parameter selection • Primarily refer to existing IT standards • Easy migration to new ideas • Simplifies conformance claims

  5. What’s coming • Attribute Level Encryption (a.k.a. de-identification) • Teaching Files • Clinical Trials • ??? • Audit Log Collection • Spans multiple organizations, pushed by IHE • Structured Report Digital Signature Profile

  6. De-Identification, How? • Simply remove Data Elements that contain patient identifying information? • e.g., per HIPAA’s safe harbor rules BUT • Many such Data Elements are required SO • Instead of remove, replace with a bogus value

  7. Attribute Level Encryption • Since some use cases require controlled access to the original Attribute values: • Original values can be stored in a CMS (Cryptographic Message Syntax) envelope • Embedded in the Data Set • Only selected recipients can open the envelope • Different subsets can be held for different recipients • Full restoration of data not a goal • Attribute Confidentiality Profiles

  8. Attribute Encryption Diagram SOP Instance Attributes (unencrypted) Encrypted Attributes Sequence Item 1 (of n) Encrypted Content Transfer Syntax Encrypted Content Cryptographic Message Syntaxt envelope CMS attributes encryptedContent Modified Attributes Sequence Item 1 (of only 1) Attributes to be encrypted Item 2 (of n) Encrypted Content Transfer Syntax Encrypted Content CMS envelope Item n (of n) Encrypted Content Transfer Syntax Encrypted Content CMS envelope

  9. IHE year 4: collection of trusted nodes • Local authentication of user (Userid, Password) • Authentication of the remote node (digital certificates) • Local access control • Audit trail • Time synchronization System B System A Secure network Secure domain Secure domain

  10. Selection of Standards • Use TLS for Transport Layer Security • Basic TLS Secure Transport Connection Profile • Use X.509 Certificates for node identity and keys • Basic TLS Secure Transport Connection Profile • Use NTP for Time Synchronization • Use ??? For Audit Trail Collection

  11. Audit Log Collection • Joint NEMA / JIRA / COCIR Security and Privacy Committee proposal • Governmental regulation • Push management responsibility to one location • ASTM PS 115: Provisional Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems • HL7 Common Audit Message (informative) • Part of IHE Year 4 plans

  12. Application Specific Trigger/Content Security Admin Audit Trail Mgt User Generated Events Audit Trail Records TransferSession and Transport : Reliable SYSLOG or ebXML ? HL7 Security SIG Driven – DICOM references DICOM WG14 Security Driven – HL7 References Common DICOM/HL7 infrastructure Audit Trail Standards in HealthcareA Proposed Model

  13. Division of Tasks • IHE generating initial proposals • Reliable Delivery for Syslog (RFC 3195) • XML schema for defined content • IHE in Technical Framework : Out for Public Comment Now • HL7 and DICOM WG 14 work on messaging standard • ASTM and SPC work on policy issues

  14. Signatures in SR • Identified as an important use case • Reference Mechanism • To other signed SOP Instances • To unsigned SOP Instances • Resolve issues identified during demonstrations • SR-specific Profile

More Related