Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research
What’s Available Now Use of Secure Communications Channels –Data integrity during transit –Entity authentication –Confidentiality during transit via encryption –Secure Transport Connection Profiles TSL 1.0 (derived from SSL) ISCL Secure Use Profiles –Online Electronic Storage –Base and Bit-preserving Digital Signature (storage)
What’s Available Now Secure Media via CMS Envelopes –Data integrity checks –Confidentiality via encryption –Only targeted recipients can access –Media Storage Security Profiles Embedded Digital Signatures –Data integrity for the life of the SOP Instance –Identifies signatories, with optional timestamps –Digital Signature Profiles Base, Creator, and Authorization RSA Profiles
Profiles in DICOM? Main standard body provides the ‘hooks’ Profiles provide the particulars, e.g. –Standard selection –Algorithm selection –Parameter selection Primarily refer to existing IT standards Easy migration to new ideas Simplifies conformance claims
What’s coming Attribute Level Encryption (a.k.a. de-identification) –Teaching Files –Clinical Trials –??? Audit Log Collection –Spans multiple organizations, pushed by IHE Structured Report Digital Signature Profile
De-Identification, How? –Simply remove Data Elements that contain patient identifying information? e.g., per HIPAA’s safe harbor rules BUT –Many such Data Elements are required SO –Instead of remove, replace with a bogus value
Attribute Level Encryption Since some use cases require controlled access to the original Attribute values: –Original values can be stored in a CMS (Cryptographic Message Syntax) envelope Embedded in the Data Set Only selected recipients can open the envelope Different subsets can be held for different recipients –Full restoration of data not a goal Attribute Confidentiality Profiles
Attributes to be encrypted Item 1 (of only 1) Modified Attributes Sequence Cryptographic Message Syntaxt envelope CMS attributes Encrypted Content Transfer Syntax Encrypted Content encryptedContent Item 1 (of n) Encrypted Content Transfer Syntax Encrypted Content Item 2 (of n) CMS envelope Encrypted Content Transfer Syntax Encrypted Content Item n (of n) CMS envelope Encrypted Attributes Sequence Attributes (unencrypted) SOP Instance Attribute Encryption Diagram
IHE year 4: collection of trusted nodes Local authentication of user (Userid, Password) Authentication of the remote node (digital certificates) Local access control Audit trail Time synchronization System A Secure network Secure domain System B Secure domain
Selection of Standards Use TLS for Transport Layer Security –Basic TLS Secure Transport Connection Profile Use X.509 Certificates for node identity and keys –Basic TLS Secure Transport Connection Profile Use NTP for Time Synchronization Use ??? For Audit Trail Collection
Audit Log Collection Joint NEMA / JIRA / COCIR Security and Privacy Committee proposal –Governmental regulation –Push management responsibility to one location ASTM PS 115: Provisional Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems HL7 Common Audit Message (informative) Part of IHE Year 4 plans
Application Specific Trigger/Content Security AdminAudit Trail Mgt User Generated Events HL7 Security SIG Driven – DICOM references DICOM WG14 Security Driven – HL7 References Audit Trail Records Transfer Session and Transport : Reliable SYSLOG or ebXML ? Common DICOM/HL7 infrastructure Audit Trail Standards in Healthcare A Proposed Model
Division of Tasks IHE generating initial proposals –Reliable Delivery for Syslog (RFC 3195) –XML schema for defined content –IHE in Technical Framework : Out for Public Comment Now HL7 and DICOM WG 14 work on messaging standard ASTM and SPC work on policy issues
Signatures in SR Identified as an important use case Reference Mechanism –To other signed SOP Instances –To unsigned SOP Instances Resolve issues identified during demonstrations SR-specific Profile