Medical image security in a HIPAA mandated PACS environment.

Medical image security is an important issue when digital images and their pertinent patient information are transmitted across public networks. Mandates for ensuring health data security have been issued by the federal government such as Health Insurance Portability and Accountability Act (HIPAA), where healthcare institutions are obliged to take appropriate measures to ensure that patient information is only provided to people who have a professional need. Guidelines, such as digital imaging and communication in medicine (DICOM) standards that deal with security issues, continue to be published by organizing bodies in healthcare. However, there are many differences in implementation especially for an integrated system like picture archiving and communication system (PACS), and the infrastructure to deploy these security standards is often lacking. Over the past 6 years, members in the Image Processing and Informatics Laboratory, Childrens Hospital, Los Angeles/University of Southern California, have actively researched image security issues related to PACS and teleradiology. The paper summarizes our previous work and presents an approach to further research on the digital envelope (DE) concept that provides image integrity and security assurance in addition to conventional network security protection. The DE, including the digital signature (DS) of the image as well as encrypted patient information from the DICOM image header, can be embedded in the background area of the image as an invisible permanent watermark. The paper outlines the systematic development, evaluation and deployment of the DE method in a PACS environment. We have also proposed a dedicated PACS security server that will act as an image authority to check and certify the image origin and integrity upon request by a user, and meanwhile act also as a secure DICOM gateway to the outside connections and a PACS operation monitor for HIPAA supporting information.

[1]  T D Cradduck,et al.  National electrical manufacturers association , 1983, Journal of the A.I.E.E..

[2]  Ewa Pietka Image standardization in PACS , 2000 .

[3]  H. K. Huang,et al.  Authenticity and integrity of digital mammography images , 2001, IEEE Transactions on Medical Imaging.

[4]  Xiaoyan Zhang,et al.  Automatic monitoring system for PACS management and operation , 2002, SPIE Medical Imaging.

[5]  Jun Wang,et al.  Full-field direct digital telemammography: technical components, study protocols, and preliminary results , 1997, IEEE Transactions on Information Technology in Biomedicine.

[6]  H. K. Huang,et al.  Fault-tolerant PACS server , 2002, SPIE Medical Imaging.

[7]  H. K. Huang,et al.  Teleconferencing with dynamic medical images , 2000, IEEE Transactions on Information Technology in Biomedicine.

[8]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[9]  S B Berger,et al.  Medical-legal issues in teleradiology. , 1996, AJR. American journal of roentgenology.

[10]  H. K. Huang,et al.  Some connectivity and security issues of NGI in medical imaging applications , 2000, J. High Speed Networks.

[11]  H. K. Huang,et al.  Real-time teleconsultation with high-resolution and large-volume medical images for collaborative healthcare , 2000, IEEE Transactions on Information Technology in Biomedicine.

[12]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[13]  H. K. Huang,et al.  Teleradiology technologies and some service models. , 1996, Computerized medical imaging and graphics : the official journal of the Computerized Medical Imaging Society.

[14]  H. K. Huang,et al.  Automatic background recognition and removal (ABRR) in computed radiography images , 1997, IEEE Transactions on Medical Imaging.

[15]  Marc Boisseau,et al.  High-speed networks , 1994, Wiley series in communication and distributed systems.

[16]  G H Kamp,et al.  Medical-legal issues in teleradiology: a commentary. , 1996, AJR. American journal of roentgenology.

[17]  Susan W. Berson HIPAA , 2003 .

[18]  H. K. Huang,et al.  Authenticity and integrity of digital mammographic images , 1999, Medical Imaging.

[19]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[20]  Simson L. Garfinkel,et al.  Practical UNIX and Internet Security , 1996 .

[21]  Stephen T. C. Wong,et al.  Authenticity techniques for PACS images and records , 1995, Medical Imaging.

[22]  H. K. Huang,et al.  Secure method for sectional image archiving and transmission , 2000, Medical Imaging.

[23]  H K Huang,et al.  Performance of asynchronous transfer mode (ATM) local area and wide area networks for medical imaging transmission in clinical environment. , 1997, Computerized medical imaging and graphics : the official journal of the Computerized Medical Imaging Society.

[24]  L. Berlin,et al.  Malpractice issues in radiology. Teleradiology. , 1998, AJR. American journal of roentgenology.

[25]  J N Stahl,et al.  A new approach to teleconferencing with intravascular US and cardiac angiography in a low-bandwidth environment. , 2000, Radiographics : a review publication of the Radiological Society of North America, Inc.