1 / 10

Cor Loef Philips Medical Systems IHE Planning and Technical Committee

IHE Year 4, the basis for a security solution. Cor Loef Philips Medical Systems IHE Planning and Technical Committee. Overview. Why Information Security in Radiology? Requirements Proposed solution in IHE Year 4 Is the a reasonable solution?. IHE year 4: collection of trusted nodes.

gouellette
Download Presentation

Cor Loef Philips Medical Systems IHE Planning and Technical Committee

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IHE Year 4,the basis for a security solution Cor Loef Philips Medical Systems IHE Planning and Technical Committee HIMSS / RSNA

  2. Overview • Why Information Security in Radiology? • Requirements • Proposed solution in IHE Year 4 • Is the a reasonable solution? HIMSS / RSNA

  3. IHE year 4: collection of trusted nodes • Local authentication of user (Userid, Password) • Authentication of the remote node (digital certificates) • Local access control • Audit trail • Time synchronization System B System A Secure network Secure domain Secure domain HIMSS / RSNA

  4. Selection of standards • X.509 certificates for node identity and keys • TCP/IP Transport Layer Security Protocol (TLS) for node authentication, and optional encryption • Reliable Delivery for Syslog (RFC 3195) • Network Time Protocol ( NTP) for time synchronization HIMSS / RSNA

  5. Selection of standards • Audit trail open issue: events and content • HL7 Security and Accountability SIG:Common Audit Message (informative document) • ASTM PS 115: Provisional Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems • IHE in Technical Framework : Use XML and vendor DTD for defined content HIMSS / RSNA

  6. Next level of security • Full user authentication between nodes, key management • Much more functionality and detail in authorization ( role based, patient related ), using central directory service • Encryption • Digital signatures (Reporting function) • De-identification • Support for Secure media • Intrusion Detection Systems HIMSS / RSNA

  7. Background on RFC-3195 • Reliable replacement for BSD Syslog • Provides BEEP message structure, store and forward transport, common mandatory fields, and an XML payload. • Options for encryption and signatures. HIMSS / RSNA

  8. Audit Trail • RFC - Basic information fields. • HL7 Security SIG - Information content recommendations for audit trails. • Missing component - a DTD HIMSS / RSNA

  9. DTD • Joint or separate HL7 and DICOM DTDs? • There will be variety vendor DTDs in any real network • Audit management will be prepared for multiple DTDs • It makes sense for WG 14 to define DICOM transaction related DTD HIMSS / RSNA

  10. What level of detail to describe? • IHE is recommending routine audit at the patient level • C2, CAPP (DoD) require adjustable detail level • normally high level surveillance • very detailed for high risk items and for suspect users • Is it reasonable to define messages at the levels: • patient, study, series, instance, DIMSE • DTD is prepared for the future beyond IHE basic support. HIMSS / RSNA

More Related