Top

Journal of Imaging Informatics in Medicine

Published in:

01-08-2015

Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard

Authors: Josefina Gutiérrez-Martínez, Marco Antonio Núñez-Gaona, Heriberto Aguirre-Meneses

Published in: Journal of Imaging Informatics in Medicine | Issue 4/2015

Abstract

Data security is a critical issue in an organization; a proper information security management (ISM) is an ongoing process that seeks to build and maintain programs, policies, and controls for protecting information. A hospital is one of the most complex organizations, where patient information has not only legal and economic implications but, more importantly, an impact on the patient’s health. Imaging studies include medical images, patient identification data, and proprietary information of the study; these data are contained in the storage device of a PACS. This system must preserve the confidentiality, integrity, and availability of patient information. There are techniques such as firewalls, encryption, and data encapsulation that contribute to the protection of information. In addition, the Digital Imaging and Communications in Medicine (DICOM) standard and the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regulations are also used to protect the patient clinical data. However, these techniques are not systematically applied to the picture and archiving and communication system (PACS) in most cases and are not sufficient to ensure the integrity of the images and associated data during transmission. The ISO/IEC 27001:2013 standard has been developed to improve the ISM. Currently, health institutions lack effective ISM processes that enable reliable interorganizational activities. In this paper, we present a business model that accomplishes the controls of ISO/IEC 27002:2013 standard and criteria of security and privacy from DICOM and HIPAA to improve the ISM of a large-scale PACS. The methodology associated with the model can monitor the flow of data in a PACS, facilitating the detection of unauthorized access to images and other abnormal activities.

Huang, HK: PACS and Imaging Informatics. Basic Principles and Applications, New Jersey: Wiley Blackwell 2nd Edition, 2010

Pianykh, O: Digital Imaging and Communications in Medicine (DICOM) Cap 11. DICOM Media and Security, Springer 2^nd Edition, 2012

Fernando J, Dawson L: The health information system security threat lifecycle: An informatics theory. Int J Med Inform 78:815–826, 2009PubMedCrossRef

Lim, E: Data Security and Protection for Medical Images In: Biomedical Information Technology by Dagan Feng, Elsevier, 2008

Mouraditis H, Giorgini H, Manson G: Integrating Security and 85 Systems Engineering: Towards the modeling of secure information systems. Lect Notes Comput Sci. Adv Inform Syst Eng 2681:63–78, 2003CrossRef

Alotaibi Y, Fei L: A novel framework to model a secure information systems. Int Conference Inf Comput Appl 24:84–89, 2012

Jadidoleslamy H: Weakness, vulnerabilities and elusion strategies against intrusion detection systems. Int J Comput Science & Engineering Survey 3(4):15–25, 2012CrossRef

Farhadi A, Ahmadi M: The Information Security Needs in Radiological Information Systems—an Insight on State Hospitals of Iran, 2012 J Digit Imaging 26:1040–1044, 2013

Cao F, Huang HK, Zhou XQ: Medical image security in a HIPAA mandated PACS environment. Comput Med Imag Grap 27(2–3):185–96, 2003CrossRef

10.

Mansoori B, Rosipko B, Erhard K, Sunshine J: Design and Implementation of Disaster Recovery and Business Continuity Solution for Radiology PACS. J Digit Imaging 27:19–25, 2014PubMedCentralPubMedCrossRef

11.

Liang Q, Ma J, Ma Z, Li G: A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems. J Med Syst 37:9897, 2013CrossRef

12.

Krens, R, Spruit, M, Urbanus, N: Evaluating Information Security Effectiveness with Health Professionals, Springer, 2013

13.

Guidance on Risk Analysis Requirements under the HIPAA Security Rule. Available at http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/rafinalguidancepdf.pdf. Accessed 27 January 2015

14.

Zhou Z, Liu B: HIPAA compliant auditing system for medical images. Comput Med Imag Grap 29:235–241, 2005CrossRef

15.

Lien CY, Yang TL, Hsiao CH, Kao T: Realizing Digital Signatures for Medical Imaging and Reporting in a PACS Environment. J Med Syst 37:9924, 2013PubMedCrossRef

16.

Oh G, Lee YB, Yeom S: Security Mechanism for Medical Image Information on PACS Using Invisible Watermark. Lect Notes Comput Sci 3402:315–324, 2005CrossRef

17.

ISO/IEC 27002:2013 Control objectives and controls IN: International Standard ISO/IEC27001:2013 Information technology - Security techniques - Information security management systems – Requirements. Second Edition 2013-10-01.

18.

Allweyer T. BPMN 2.0 Introduction to the Standard for Business Process Modeling. Urheberrechtlich geschütztes Material 2^nd Edition 2010.

19.

BizAgi Process Modeler V.1.5.0.1. Available at http://www.bizagi.com. Accessed 20 January 2014.

20.

Gutiérrez J, Núñez MA, Aguirre H, Delgado R: A software and hardware Architecture for a High-Availability PACS. J Digit Imaging 25(4):471–9, 2012CrossRef

21.

Fujifilm Medical Systems Synapse (Product Data). Available at http://www.fujifilmusa.com/shared/bin/server-interface.pdf. Accessed 20 October 2014.

22.

Payment Card Industry Data Security Standard (PCI DSS). Available at https://www.pcisecuritystandards.org/documents/pci_dss_pa_dss_Feedback_Summary.pdf. Accessed 20 October 2014.

23.

The EMC² Business Continuity Solution For GE HealthCare Centricity PACS-IW. Available at http://www.emc.com/collateral/software/solution-overview/h8680-ge-pacs.pdf. Accessed 20 October 2014.

24.

Agfa HealthCare Global Policy (Information Security and Privacy). Available at http://www.agfahealthcare.com/he/global/en/binaries/Global_Policy-Information_ Security_and_Privacy_tcm541-91738.pdf. Accessed 20 October 2014.

25.

IntelliSpace PACS iVault 4.4. Available at http://www.healthcare.philips.com/ main/products/healthcare_informatics/products/enterprise_imaging_informatics/isite_pacs/ivault/. Accessed 20 October 2014.

26.

Image Sharing & Archiving. Available at http://usa.healthcare.siemens.com/ siemens_hwem-hwem_ssxa_websites-context-root/wcm/idc/groups/public/@us/@ healthit/documents/download/mdaw/mzi2/~edisp/final-isa_flyer-032012-00284737.pdf Accessed 20 October 2014.

Title: Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard
Authors: Josefina Gutiérrez-Martínez
Marco Antonio Núñez-Gaona
Heriberto Aguirre-Meneses
Publication date: 01-08-2015
Publisher: Springer US
Published in: Journal of Imaging Informatics in Medicine / Issue 4/2015
Print ISSN: 2948-2925
Electronic ISSN: 2948-2933
DOI: https://doi.org/10.1007/s10278-014-9746-4

At a glance: The ONWARDS insulin icodec trials

Springer Medicine

Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard

Abstract

At a glance: The ONWARDS insulin icodec trials

Springer Medicine

Abstract

Please log in to get access to this content

Other articles of this Issue 4/2015

A Feasibility Study of Real-Time Remote CT Reading for Suspected Acute Appendicitis Using an iPhone

A Query Tool for Investigator Access to the Data and Images of the National Lung Screening Trial

Unsupervised Segmentation of Head Tissues from Multi-modal MR Images for EEG Source Localization

Strategies for Medical Data Extraction and Presentation Part 3: Automated Context- and User-Specific Data Extraction

Ruler Based Automatic C-Arm Image Stitching Without Overlapping Constraint

Detection and Correction of Laterality Errors in Radiology Reports