90 likes | 208 Views
Secure Email Teleradiology. Nick Collett Brookside Consulting. nco1@ntlworld.com. Traditional Techniques Issues with Traditional Techniques NHS requirements for Secure Email DICOM Supplement 54 An implementation of Secure Email Teleradiology. Introduction. Establish TCP/IP link Logon
E N D
Secure Email Teleradiology Nick Collett Brookside Consulting nco1@ntlworld.com
Traditional Techniques Issues with Traditional Techniques NHS requirements for Secure Email DICOM Supplement 54 An implementation of Secure Email Teleradiology Introduction
Establish TCP/IP link Logon Select or Browse to required data Traditional Methods • Some issues • Fixed bandwidth often thin and FOREVER • Transfer of laptop between Radiologists • Logon and connection problems • Difficult to setup
DICOM NHS IT Standards Handbook Part 2 Chapter 615 Public Key Infrastructure S/Mime Version 3 (IETF RFC 2630, 2631, 2632, 2633) RSA 1024 NHS preferred encryption algorithm Secure Sockets Layer (SSL) NHS Requirements
NHS IT Standards Handbook Part 2 Chapter 615 E-mail: The agreement between the British Medical Association (BMA), the professions and the Department of Health is that patient identifiable information should be encrypted before being communicated over any network. The new Cryptography Support Service arrangements will provide the infrastructure to achieve this consistently throughout the NHS and with its information partners. Most NHS organisations currently use the X400 messaging standard currently applied within NHSnet for their NHS e-mail services. Whilst few potentially applicable X400 encryption tools have been identified, details of one product may be requested from the NHS Information Authority. Many NHS organisations will now be considering or may already be using SMTP e-mail services and these will form the future core e-mail standard within the NHS. In such cases, the implementation of S/Mime Version 3 compliant security products should be considered. NHS Requirements
Note: The present Application Profile does not include any specific mechanism regarding privacy. However it is highly recommended to use secure mechanisms (e.g. S/MIME) when using STD-GEN-MIME Application Profile over networks that are not otherwise secured. Dicom Supplement 54- 2002DICOM MIME Type This Supplement describes the DICOM MIME Type. MIME (Multipurpose Internet Mail Extension) describes how to include attached files as “parts” into internet mail, these may be sent by protocols such as SMTP (Simple Mail Transfer Protocol).
How does it work? Hospital Internet Application Server Secure Server Firewall Imaging sources PACS Remote Reporting Workstation Application Dicom
Security PKI Public Key Infrastructure for Digital Certification and finger printing of applications SSL (Secure Socket Layer) Pukka-J Intelligent Data Encryption Password protected – each study Anonymised patient details NHSIA Security Standards X509 Version 3, X509 Version 2, 3-DES, RSA 1024, DSA, RSA 2048, MD-5, SHA-1, IP-SEC, SSL V3/TLS v1.0
Conforms to NHSia IT standards Utilises all available bandwidth Hardware independent Receiver flexibility No receiver setup or upgrades required Advantages