security and dicom lawrence tarbox, ph.d. chair, dicom working group 14 siemens corporate research
TRANSCRIPT
What’s Available Now
Use of Secure Communications Channels– Data integrity during transit
– Entity authentication
– Confidentiality during transit via encryption
– Secure Transport Connection Profiles• TSL 1.0 (derived from SSL)
• ISCL
Secure Use Profiles– Online Electronic Storage
– Base and Bit-preserving Digital Signature (storage)
What’s Available Now
Secure Media via CMS Envelopes– Data integrity checks
– Confidentiality via encryption
– Only targeted recipients can access
– Media Storage Security Profiles
Embedded Digital Signatures– Data integrity for the life of the SOP Instance
– Identifies signatories, with optional timestamps
– Digital Signature Profiles• Base, Creator, and Authorization RSA Profiles
Profiles in DICOM?
Main standard body provides the ‘hooks’ Profiles provide the particulars, e.g.
– Standard selection– Algorithm selection– Parameter selection
Primarily refer to existing IT standards Easy migration to new ideas Simplifies conformance claims
What’s coming
Attribute Level Encryption (a.k.a. de-identification)– Teaching Files– Clinical Trials– ???
Audit Log Collection– Spans multiple organizations, pushed by IHE
Structured Report Digital Signature Profile
De-Identification, How?
– Simply remove Data Elements that contain patient identifying information?
• e.g., per HIPAA’s safe harbor rules
BUT– Many such Data Elements are required
SO– Instead of remove, replace with a bogus value
Attribute Level Encryption
Since some use cases require controlled access to the original Attribute values:– Original values can be stored in a CMS
(Cryptographic Message Syntax) envelope• Embedded in the Data Set• Only selected recipients can open the envelope• Different subsets can be held for different recipients
– Full restoration of data not a goal Attribute Confidentiality Profiles
Attributes to be encrypted
Item 1 (of only 1)
Modified Attributes Sequence
Cryptographic MessageSyntaxt envelopeCMS attributes
Encrypted Content Transfer SyntaxEncrypted Content
encryptedContent
Item 1 (of n)
Encrypted Content Transfer SyntaxEncrypted Content
Item 2 (of n)
CMS envelope
Encrypted Content Transfer SyntaxEncrypted Content
Item n (of n)
CMS envelope
Encrypted Attributes Sequence
Attributes (unencrypted)SOP Instance
Attribute Encryption Diagram
IHE year 4: collection of trusted nodes
• Local authentication of user (Userid, Password)• Authentication of the remote node (digital certificates)• Local access control• Audit trail• Time synchronization
System A
Secure network
Secure domain
System B
Secure domain
Selection of Standards
Use TLS for Transport Layer Security– Basic TLS Secure Transport Connection Profile
Use X.509 Certificates for node identity and keys– Basic TLS Secure Transport Connection Profile
Use NTP for Time Synchronization Use ??? For Audit Trail Collection
Audit Log Collection
Joint NEMA / JIRA / COCIR Security and Privacy Committee proposal– Governmental regulation– Push management responsibility to one location
ASTM PS 115: Provisional Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems
HL7 Common Audit Message (informative) Part of IHE Year 4 plans
Application Specific Trigger/Content
Security Admin Audit Trail Mgt
User Generated Events
HL7 Security SIG Driven – DICOM references
DICOM WG14 Security Driven – HL7 References
Audit Trail Records TransferSession and Transport : Reliable SYSLOG or ebXML ?
Common DICOM/HL7 infrastructure
Audit Trail Standards in HealthcareA Proposed Model
Division of Tasks
IHE generating initial proposals– Reliable Delivery for Syslog (RFC 3195)– XML schema for defined content– IHE in Technical Framework :
Out for Public Comment Now
HL7 and DICOM WG 14 work on messaging standard
ASTM and SPC work on policy issues