Security and DICOM

1
Security and DICOM

• Lawrence Tarbox, Ph.D.Chair, DICOM Working Group
  14Siemens Corporate Research

2
Whats Available Now

• Use of Secure Communications Channels
• Data integrity during transit
• Entity authentication
• Confidentiality during transit via encryption
• Secure Transport Connection Profiles
• TSL 1.0 (derived from SSL)
• ISCL
• Secure Use Profiles
• Online Electronic Storage
• Base and Bit-preserving Digital Signature
  (storage)

3
Whats Available Now

• Secure Media via CMS Envelopes
• Data integrity checks
• Confidentiality via encryption
• Only targeted recipients can access
• Media Storage Security Profiles
• Embedded Digital Signatures
• Data integrity for the life of the SOP Instance
• Identifies signatories, with optional timestamps
• Digital Signature Profiles
• Base, Creator, and Authorization RSA Profiles

4
Profiles in DICOM?

• Main standard body provides the hooks
• Profiles provide the particulars, e.g.
• Standard selection
• Algorithm selection
• Parameter selection
• Primarily refer to existing IT standards
• Easy migration to new ideas
• Simplifies conformance claims

5
Whats coming

• Attribute Level Encryption (a.k.a.
  de-identification)
• Teaching Files
• Clinical Trials
• ???
• Audit Log Collection
• Spans multiple organizations, pushed by IHE
• Structured Report Digital Signature Profile

6
De-Identification, How?

• Simply remove Data Elements that contain patient
  identifying information?
• e.g., per HIPAAs safe harbor rules
• BUT
• Many such Data Elements are required
• SO
• Instead of remove, replace with a bogus value

7
Attribute Level Encryption

• Since some use cases require controlled access to
  the original Attribute values
• Original values can be stored in a CMS
  (Cryptographic Message Syntax) envelope
• Embedded in the Data Set
• Only selected recipients can open the envelope
• Different subsets can be held for different
  recipients
• Full restoration of data not a goal
• Attribute Confidentiality Profiles

8
SOP Instance
Attributes (unencrypted)
Encrypted Attributes Sequence
Item 1 (of n)
Encrypted Content Transfer Syntax Encrypted
Content
Cryptographic Message Syntaxt envelope
CMS attributes
encryptedContent
Modified Attributes Sequence
Item 1 (of only 1)
Attributes to be encrypted
Item 2 (of n)
Encrypted Content Transfer Syntax Encrypted
Content
CMS envelope
Item n (of n)
Encrypted Content Transfer Syntax Encrypted
Content
CMS envelope
9
IHE year 4 collection of trusted nodes

• Local authentication of user (Userid, Password)
• Authentication of the remote node (digital
  certificates)
• Local access control
• Audit trail
• Time synchronization

System B
System A
Secure network
Secure domain
Secure domain
10
Selection of Standards

• Use TLS for Transport Layer Security
• Basic TLS Secure Transport Connection Profile
• Use X.509 Certificates for node identity and keys
• Basic TLS Secure Transport Connection Profile
• Use NTP for Time Synchronization
• Use ??? For Audit Trail Collection

11
Audit Log Collection

• Joint NEMA / JIRA / COCIR Security and Privacy
  Committee proposal
• Governmental regulation
• Push management responsibility to one location
• ASTM PS 115 Provisional Standard Specification
  for Audit and Disclosure Logs for Use in Health
  Information Systems
• HL7 Common Audit Message (informative)
• Part of IHE Year 4 plans

12
(No Transcript)
13
Division of Tasks

• IHE generating initial proposals
• Reliable Delivery for Syslog (RFC 3195)
• XML schema for defined content
• IHE in Technical Framework Out for Public
  Comment Now
• HL7 and DICOM WG 14 work on messaging standard
• ASTM and SPC work on policy issues

14
Signatures in SR

• Identified as an important use case
• Reference Mechanism
• To other signed SOP Instances
• To unsigned SOP Instances
• Resolve issues identified during demonstrations
• SR-specific Profile