Medical Image Security:
Assurance of image/data security is a crucial issue when medical images and pertinent patient information are stored in the archive or transmitted through communication networks.
Security Assurance in image/data can be characterized in three terms:
1) Privacy: refers to the denial of access to information by unauthorized individuals.
2) Authenticity: validates the source of the image/data.
3) Integrity: assures that the data have not been modified or deleted.
Conventional Internet security methods including network firewall, data encryption, and data embedding can only guarantee that each data packet of the image/data sent has not been compromised during data transmission, but there is no knowledge of whether the image/data sent or received is actually the genuine (original) data. Therefore these methods only provide solutions for privacy and authenticity, but not for image integrity. The medical imaging community has deferred to these security methods in the hope that they would solve the requirements and needs of our applications, and therefore has not studied them properly and systematically. The recent HIPAA mandate for health data security (Health Insurance Portability and Accountability Act) in April 2004 is a wake up call for the community to address this issue seriously and systematically.
At IPI Lab, we have developed a lossless image signature embedding (LDSE) method, and an auditing monitoring control which can track the image movements in an imaging information system after its generation. We are in the process of continuing our research in four areas:
Continue LDSE and audit monitoring research,
Develop a testbed with three sites,
Evaluate and validate the technology, and
Integrate the LDSE and auditing methods with DICOM, IHE, and HIPAA image/data assurance requirements.
This research will establish a new method to assure the integrity of the image throughout its entire lifetime which could contribute substantially to the medical image community.
Figure 1 Using random pixel LDSE method to embed the digital signature of the image in an US image.
Figure 2 Using LDSERS method to embed the digital signature of the image in an MR image.
Figure 3 Using 3D LDSERS method to embed the digital signature of the volume in a 3D CT volume with n images.
HIPAA Compliant Auditing System
As an official regulation for healthcare privacy and security, Health Insurance Portability and Accountability Act (HIPAA) mandate requires health institutions to protect health information against unauthorized use or disclosure. One such method proposed by HIPAA Security Standards is audit trail, which records and examines health information access activities. Healthcare providers are required to have the ability to generate on demand audit trails upon data access activities for any specific patient. We have developed a HIPAA compliant auditing system (HCAS) for this purpose. The HCAS can audit the image data flow of imaging systems such as PACS and generate n demand HIPAA compliant audit trails of the image data.
Figure 4 Components of the HIPAA compliant auditing system (HCAS).