A Secure Architecture for Standard Medical Imaging Repositories

The production of medical images in digital format has been growing in the most varied healthcare providers, currently representing an essential element for supporting medical diagnosis and treatment. In this field, formats, transmission, and visualization processes are defined by the international Digital Imaging and Communications in Medicine (DICOM) standard. Traditional departmental repositories have poor access control policies and authenticated users have access to all repository resources when using standard DICOM network services. Usually, this issue is minimized in small environments because the repository is consumed by a unique frontend application that imposes additional controls. However, a vendor-neutral repository is supposed to be accessible to distinct parties through standard services. Moreover, many healthcare institutions are outsourcing their repositories to the Cloud to be shared by distinct functional domains. This article proposes and describes the implementation of an innovator ownership concept and access control mechanisms in standard medical imaging resources, particularly in the context of centralized storage services supporting multiple repositories instances. The developed accounting mechanism is capable of associate the repository resources permissions, and delegation of rights, to third entities. The solution also provides a programmatic interface, made available through web services, for management of proposed services. The concept validation was done through the integration of proposed architecture in an open-source archive.

[1]  W. Zhu,et al.  The RSNA Image Sharing Network , 2015, Journal of Digital Imaging.

[2]  Reza Safdari,et al.  Data Standards in Tele-radiology , 2015, Acta informatica medica : AIM : journal of the Society for Medical Informatics of Bosnia & Herzegovina : casopis Drustva za medicinsku informatiku BiH.

[3]  Sanjeev,et al.  Vendor neutral archive in PACS , 2012, The Indian journal of radiology & imaging.

[4]  Kamran Sartipi,et al.  An Agent-Based Infrastructure for Secure Medical Imaging System Integration , 2014, 2014 IEEE 27th International Symposium on Computer-Based Medical Systems.

[5]  Nima Jafari Navimipour,et al.  Formal verification approaches and standards in the cloud computing: A comprehensive and systematic review , 2018, Comput. Stand. Interfaces.

[6]  Scott Anderson,et al.  Cybersecurity and medical devices: Are the ISO/IEC 80001-2-2 technical controls up to the challenge? , 2018, Comput. Stand. Interfaces.

[7]  Rita Noumeir,et al.  The digital imaging and communications in medicine , 2011 .

[8]  Tiago Marques Godinho,et al.  A Community-Driven Validation Service for Standard Medical Imaging Objects , 2018, Comput. Stand. Interfaces.

[9]  Tiago Marques Godinho,et al.  A Multimodal Search Engine for Medical Imaging Studies , 2017, Journal of Digital Imaging.

[10]  P. Mildenberger,et al.  Introduction to the DICOM standard , 2002, European Radiology.

[11]  Lingyu Wang,et al.  Access Control in e-Health Portal Systems , 2007, 2007 Innovations in Information Technologies (IIT).

[12]  Tiago Marques Godinho,et al.  Anatomy of an Extensible Open Source PACS , 2016, Journal of Digital Imaging.

[13]  Chia-Chi Teng,et al.  A medical image archive solution in the cloud , 2010, 2010 IEEE International Conference on Software Engineering and Service Sciences.

[14]  Bhavani M. Thuraisingham,et al.  Data security services, solutions and standards for outsourcing , 2013, Comput. Stand. Interfaces.

[15]  Daisuke Mashima,et al.  Enhancing accountability of electronic health record usage via patient-centric monitoring , 2012, IHI '12.

[16]  B. K. Sujatha,et al.  An Approach to Protect Electronic Health Records , 2015, SocProS.

[17]  Rita Noumeir,et al.  IHE cross-enterprise document sharing for imaging: interoperability testing software , 2010, Source Code for Biology and Medicine.

[18]  José Luís Oliveira,et al.  A PACS archive architecture supported on cloud services , 2012, International Journal of Computer Assisted Radiology and Surgery.

[19]  Pekka Ruotsalainen,et al.  Privacy and security in teleradiology. , 2010, European journal of radiology.

[20]  H. K. Huang PACS-Based Multimedia Imaging Informatics: Basic Principles and Applications , 2018 .

[21]  H. Jaap van den Herik Innovation and Big Data , 2016, CISIM.

[22]  H. K. Huang,et al.  PACS and Imaging Informatics , 2009 .

[23]  Chia-Chi Teng,et al.  Secure communications for PACS in a cloud environment , 2011, 2011 Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[24]  Kamran Sartipi,et al.  Security middleware infrastructure for medical imaging system integration and monitoring , 2016, 2016 18th International Conference on Advanced Communication Technology (ICACT).

[25]  Doo-Kwon Baik,et al.  Privacy-Preserving Attribute-Based Access Control Model for XML-Based Electronic Health Record System , 2018, IEEE Access.

[26]  Daniel Haak,et al.  Electronic data capture and DICOM data management in multi-center clinical trials , 2016, SPIE Medical Imaging.

[27]  O. Dostal,et al.  Integration of Telemedicine Activities in the Czech Republic , 2007, 2007 Innovations in Information Technologies (IIT).

[28]  Samee Ullah Khan,et al.  > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1 , 2008 .

[29]  Carlos Viana-Ferreira,et al.  An Intelligent Cloud Storage Gateway for Medical Imaging , 2017, Journal of Medical Systems.

[30]  Eliot Siegel,et al.  Informatics in radiology: image exchange: IHE and the evolution of image sharing. , 2008, Radiographics : a review publication of the Radiological Society of North America, Inc.

[31]  Thomas Martin Deserno,et al.  DICOM for Clinical Research: PACS-Integrated Electronic Data Capture in Multi-Center Trials , 2015, Journal of Digital Imaging.

[32]  Heinz U Lemke,et al.  PACS developments in Europe. , 2003, Computerized medical imaging and graphics : the official journal of the Computerized Medical Imaging Society.

[33]  Pierre Parrend,et al.  Cerberus, an Access Control Scheme for Enforcing Least Privilege in Patient Cohort Study Platforms , 2017, Journal of Medical Systems.

[34]  José Luís Oliveira,et al.  Indexing and retrieving DICOM data in disperse and unstructured archives , 2008, International Journal of Computer Assisted Radiology and Surgery.

[35]  James Philbin,et al.  Will the Next Generation of PACS Be Sitting on a Cloud? , 2011, Journal of Digital Imaging.

[36]  Benjamin Fabian,et al.  Collaborative and secure sharing of healthcare data in multi-clouds , 2015, Inf. Syst..

[37]  Subhajyoti Bandyopadhyay,et al.  Cloud computing - The business perspective , 2011, Decis. Support Syst..

[38]  Kirit J. Modi,et al.  Cloud computing - concepts, architecture and challenges , 2012, 2012 International Conference on Computing, Electronics and Electrical Technologies (ICCEET).

[39]  Steven C. Horii,et al.  Review: Understanding and Using DICOM, the Data Interchange Standard for Biomedical Imaging , 1997, J. Am. Medical Informatics Assoc..