1. EVALUATION OF HIPAA SECURITY REQUIREMENTS ON ENCRYPTION FOR RADIOLOGY THROUGHPUT RATES Spencer B. Gay, M.D., Andrew M. Snyder, M.S., Alfred C. Weaver, Ph.D., Matthew J. Bassignani, M.D., Samuel J. Dwyer, III, Ph.D. University of Virginia Health System, Charlottesville, VA As expected, DES was fastest because it has the shortest key and is therefore the least secure. Predictably, the RSA public key algorithm was slowest because it was never meant to be used with large files such as images. The significance of Table 7 is that it reveals for the first time (in a.NET environment) what computational price is being paid for the superior protection of the new AES-256 encryption algorithm. AES is many orders of magnitude more secure than the other techniques, and we have shown that its use entails acceptable computational costs. Applying the data flow model as shown in Figure 1, we were able to predict the radiology department’s expected throughput when images were and were not encrypted and decrypted upon storage and transmission (Table 8). BACKGROUND Almost a decade after the passage of the Health Insurance Portability and Accountability Act of 1996 [1], HIPAA will require compliance with its Security Standards (Section 164, 68 Fed. Reg. 8333) by April 20, 2005, for all entities covered by these rules (except small health plans which have an additional year). The Security Standards guard electronic Protected Health Information (PHI), which includes any health care or health payment information that identifies or could be used to identify the individual to whom it pertains and that is stored or transmitted using electronic media. The structure of the security rule is based upon three standards: 1. Administrative safeguards (section 164.308) 2. Physical safeguards (section 164.310) 3. Technical safeguards (section 164.312) and two administrative standards: 1. Organizational requirements (section 164.314) 2. Policies and procedures and documentation requirements (section 164.316). The HIPAA security matrix (Appendix A, 45 CFR Part 164, Subpart C, Security Standards for the Protection of Electronic Protected Health Information, published Feb. 20, 2003, 68 Fed. Reg. 8334) identifies the standards, the sections, and the implementation specifications which are either required (R) or addressable (A). Under the technical safeguard section, encryption and decryption (section 164.312 (a)(1)) and transmission security (section 164.312 (e)(1)) are both marked as “addressable.” A number of security protection schemes which proclaim HIPAA compliance are currently in use. Passwords and biometric devices provide limited authentication; firewalls are often employed for intra-hospital security; digital signatures are used to prove message integrity. Modern data encryption and decryption algorithms are powerful techniques for data security, but their impact on throughput is not yet known. This study provides an estimate of the performance impact of data encryption/decryption when applied to PACS throughput. EVALUATION METHODS The metric selected for this study is “throughput.” To determine the “addressable” implementation specifications of encryption on access control and transmission security, we conducted testbed experiments to evaluate the effect of several popular methods on radiology workflow. The methods we evaluated are shown in Table 1. MethodComments Data Encryption Standard (DES)Twenty years of use Triple DES (3-DES)Successor to DES Advanced Encryption Standard (AES)Newest technique approved by the National Institute of Standards and Technology (NIST) Rivest, Shamir, and Adleman (RSA)The most popular public key cryptosystem Table 1 ENCRYPTION METHODS SELECTED FOR EVALUATION Table 3 shows the resources utilized in a typical patient encounter. STEPR1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R7R7 R8R8 R9R9 R 10 R 11 R 12 Time A100000000000T1T1 B110010000000T2T2 C001110000000T3T3 D011010000100T4T4 E001001100000T5T5 F000000100000T6T6 G000001110000T7T7 H000001011000T8T8 I000001010100T9T9 J000001000110T 10 K000000000001T 11 L001010000001T 12 M011010000000T 13 B1B1 B2B2 B3B3 B4B4 B5B5 B6B6 B7B7 B8B8 B9B9 B 10 B 11 B 12 RADIOLOGY DEPARTMENT WORKFLOW MODEL The use of a radiology workflow model details how the department operates and how data flows throughout the department (Figure 1). Models are valuable performance prediction tools, because modification of an operational PACS would disrupt the daily work of the department. The selected workflow model is a resource allocation table for estimating throughput and identifying bottlenecks. The resource allocation table (Table 2) is constructed with columns labeled for each of the particular resources (HIS, RIS, Networks, PACS Archive, etc.). The successive rows of the table represent the successive steps of a job or process. The right-most column of a row identifies the average time needed for the step. The matrix entries are Boolean, with a one signifying that the resource is used in the step and a zero signifying that it is not. The “bottleneck” of a job is identified by inspecting each column in the table and determining the average limitation of the resource throughput for each resource (the reciprocal of the sum of the execution times of the resources involved). Table 2 RESOURCE ALLOCATION TABLE R 1 =Hospital registration system R 2 =HIS (hospital information system) R 3 =RIS (radiology information system) R 4 =Examination schedule system R 5 =HL7 communications for text data R 6 =DICOM communications for image data R 7 =Image modality unit R 8 =DICOM gateway R 9 =Relational database R 10 =PACS archive R 11 =Workstation R 12 =Reporting system Steps A.Patient registration by hospital registration system B.Notify HIS of patient and data using HL7 C.Schedule exam and notify RIS D.Patient data to RIS and to PACS archive E.DICOM worklist to image modality F.Conduct patient exam G.Patient image data to gateway using DICOM H.Relational data to gateway (required prior images) I.DICOM image data from gateway to PACS archive J.DICOM image data to workstation from PACS archive K.Patient report generated in reporting system L.Patient report sent to RIS from reporting system M.Patient report sent from RIS to HIS Table 4 STEPS IN WORKFLOW MODEL Table 3 RESOURCES TO BE MODELED T 1 =15 min (900 sec) – Patient registration by hospital registration system T 2 =5 sec – Notify HIS of patient and data using HL7 T 3 =30 sec – Schedule exam and notify RIS T 4 =10 sec – Patient data to RIS and to PACS archive T 5 =10 sec – DICOM worklist to image modality T 6 =20 min (1200 sec) – Conduct patient exam T 7 =3 min (180 sec) – Patient image data to gateway via DICOM T 8 =3 min (180 sec) – Relational database image data to gateway (prior exam) T 9 =3 min (180 sec) – Image data from gateway to PACS archiving T 10 =2 min (120 sec) – Image data to workstation T 11 =2 min (120 sec) – Patient report generated in reporting system T 12 =30 sec – Patient report to RIS from reporting system T 13 =30 sec – Patient report sent from RIS to HIS Table 5 ESTIMATED TIMES FOR COMPLETION OF THE STEPS PER JOB B 1 =1/(T 1 + T 2 ) B 2 =1/(T 2 + T 4 + T 13 ) B 3 =1/(T 3 + T 4 + T 5 + T 12 + T 13 ) B 4 =1/(T 3 ) B 5 =1/(T 2 + T 3 + T 4 + T 12 + T 13 ) B 6 =1/(T 5 + T 7 + T 8 + T 9 + T 10 ) B 7 =1/(T 5 + T 6 + T 7 ) B 8 =1/(T 7 + T 8 + T 9 ) B 9 =1/(T 8 ) B 10 =1/(T 4 + T 9 + T 10 ) B 11 =1/(T 10 ) B 12 =1/(T 11 + T 12 ) Table 6 RESOURCE BOTTLENECKS EncryptionMB/sPercent of Fastest Algorithm DecryptionMB/sPercent of Fastest Algorithm DES 56-bit8.51100.00%DES 56-bit7.68100.100% 3-DES 112-bit7.2384.90%AES 128-bit6.9690.61% AES 128-bit7.1984.50%3-DES 112-bit6.5685.42% 3-DES 168-bit7.1684.12%3-DES 168-bit6.4583.88% AES 192-bit6.6377.93%AES 192-bit6.4183.42% AES 256-bit6.2463.36%AES 256-bit5.9577.40% RSA 512-bit0.9010.53%RSA 512-bit0.111.38% RSA 1024-bit0.627.34%RSA 1024-bit0.040.47% Table 7 THROUGHPUT OF ENCRYPTION AND DECRYPTION ON 3 GHz PENTIUM 4 TimeAverage time without Encryption Average time with Encryption Short Description T1T1 900 seconds Patient registration T2T2 5 seconds Notify HIS of patient T3T3 30 seconds Schedule exam T4T4 10 seconds11 secondsPatient data to RIS and PACS T5T5 10 seconds Worklist to image modality T6T6 1200 seconds Conduct patient exam T7T7 180 seconds240 secondsPatient image data to gateway T8T8 180 seconds240 secondsRelational DB images to gateway T9T9 180 seconds240 secondsImage data from gateway to PACS T 10 120 seconds180 secondsImage data to workstation T 11 120 seconds Patient report generation T 12 30 seconds Patient report to RIS T 13 30 seconds Patient report from RIS to HIS Table 8 AVERAGE TIMES FOR EACH STEP IN THE SYSTEM CONCLUSION Our study shows that when using the Department of Radiology dataflow model (Figure 1), a resource allocation table (Table 2) analysis, and using symmetric key encryption on all patient data and images, throughput would be reduced 5-7%. Knowing that the impact of encryption is small, a department could embrace it without fearing disastrous consequences. Alternatively, if encryption were applied only to the patient data and not to the images, then the impact of encryption would be negligible. Either way, we have demonstrated that symmetric key encryption, especially the new AES algorithm with 256-bit keys, is a highly secure technique that achieves HIPAA’s goals with minimal disturbance to the radiology department’s throughput. TESTING THE PERFORMANCE OF THE ENCRYPTION ALGORITHMS Each encryption technique shown in Table 1 was tested using four file sizes. The first file size was one byte— the smallest possible file, and thus the one that will provide a lower bound on the overhead associated with invoking each algorithm. The second file was 1 MB, which represents a single, compressed, 2000x1500x16 screen image. The third file size was 3 MB, which represents an uncompressed 4000x3000x16 image. The fourth file was a 500 image MRI set, each image being 256x256x16, yielding a total file size of 68 MB. Each file size was processed using DES with its 56-bit key, 3-DES using 128- and 192-bit keys, AES using 128-, 192-, and 256-bit keys, and RSA with key sizes of 512 and 1024 bits. Each experiment performed 100 encryptions and decryptions on a given file size using a particular technique and key size, and then averaged the results. The throughput of each algorithm was calculated from the resulting data logs. Figure 2 shows the results for the three symmetric key algorithms while Table 7 shows the results for all experiments, sorted by throughput. Figure 2 The encryption step is included in T4 (patient data to RIS and PACS archive) and the decryption step is included in T10 (image data to workstation). Table 5 shows the expected average times for completion of each step of the job. These mean values were measured from an operational PACS. Thirteen steps in a typical information flow are shown in Table 4. The bottleneck(s) can also be obtained from the resource allocation table, and that calculation is shown in Table 6. The smallest value of B i identifies the bottleneck because resource i is operating at full capacity and therefore step i is the rate- limiting procedure. THE COMPUTING ENVIRONMENT Our experiments were performed using the Microsoft.NET framework and our test scenarios were developed in C# using Visual Studio.NET. By using a web services approach, we ensured that we are moving along a language-neutral, platform- independent path. The testbed consisted of a network of 3 GHz Pentium 4 computers with 1 GB RAM each, connected via 100 Mbps Ethernet. Figure 1 MODEL FOR DATA FLOW ABOUT DEPARTMENT REFERENCES: 1.Public Law 104-191, “Health Insurance Portability and Accountability Act of 1996.” http://aspe.hhs.gov/admnsimp/pl104191.htm http://aspe.hhs.gov/admnsimp/pl104191.htm 2.“Standards for Electronic Transactions.” Federal Registry, Volume 65, Number 160, August 17, 2000, http://aspe.hhs.gov/admnsimp/final/txfin00.htm http://aspe.hhs.gov/admnsimp/final/txfin00.htm 3.Stallings W. “Cryptography and Network Security.” Prentice Hall, 1999. 4.King CM, Dalton CE, Osmanoglu TE. “Security Architecture.” Osborne/McGraw-Hill, New York, 2001. 5.Wagner N. “The Laws of Cryptography: The RSA Cryptosystem.” http://www.cs.utsa.edu/~wagner/laws/ 6.Andriole KP, Arvin DE, Yin L, Gould RG, Arenson RL. “PACS database and enrichment of the folder manager concept.” J Digital Imaging 2000; 13:3-12. 7.Stuck BW, Arthurs E. “A Computer and Communication Network Performance Analysis Primer.” Prentice-Hall Inc., Englewood Cliffs, NJ, 1985. 8.Gay SB, Sobel AH, Young LQ, Dwyer SJ III. “Processes involved in reading imaging studies: workflow analysis and implications for workstation development.” J Digital Imaging 2002; 15(3):171-177.