Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

WG-14-present

advertisement 
IHE Year 4,
the basis for a security solution
Cor Loef
Philips Medical Systems
IHE Planning and Technical Committee
November 2001
IHE InfoRad Theater Session
1
HIMSS / RSNA
Overview
• Why Information Security in Radiology?
• Requirements
• Proposed solution in IHE Year 4
• Is the a reasonable solution?
November 2001
IHE InfoRad Theater Session
2
HIMSS / RSNA
IHE year 4: collection of trusted nodes
•
•
•
•
•
Local authentication of user (Userid, Password)
Authentication of the remote node (digital certificates)
Local access control
Audit trail
Time synchronization
Secure network
System B
System A
Secure domain
Secure domain
November 2001
IHE InfoRad Theater Session
3
HIMSS / RSNA
Selection of standards
• X.509 certificates for node identity and keys
• TCP/IP Transport Layer Security Protocol
(TLS) for node authentication, and optional
encryption
• Reliable Delivery for Syslog (RFC 3195)
• Network Time Protocol ( NTP) for time
synchronization
November 2001
IHE InfoRad Theater Session
4
HIMSS / RSNA
Selection of standards
• Audit trail open issue: events and content
• HL7 Security and Accountability SIG:
Common Audit Message (informative document)
• ASTM PS 115: Provisional Standard Specification
for Audit and Disclosure Logs for Use in Health
Information Systems
• IHE in Technical Framework : Use XML and
vendor DTD for defined content
November 2001
IHE InfoRad Theater Session
5
HIMSS / RSNA
Next level of security
• Full user authentication between nodes, key
management
• Much more functionality and detail in authorization (
role based, patient related ), using central directory
service
• Encryption
• Digital signatures (Reporting function)
• De-identification
• Support for Secure media
• Intrusion Detection Systems
November 2001
IHE InfoRad Theater Session
6
HIMSS / RSNA
Background on RFC-3195
• Reliable replacement for BSD Syslog
• Provides BEEP message structure,
store and forward transport, common
mandatory fields, and an XML payload.
• Options for encryption and signatures.
November 2001
IHE InfoRad Theater Session
7
HIMSS / RSNA
Audit Trail
• RFC - Basic information fields.
• HL7 Security SIG - Information content
recommendations for audit trails.
• Missing component - a DTD
November 2001
IHE InfoRad Theater Session
8
HIMSS / RSNA
DTD
• Joint or separate HL7 and DICOM
DTDs?
• There will be variety vendor DTDs in any real
network
• Audit management will be prepared for multiple
DTDs
• It makes sense for WG 14 to define
DICOM transaction related DTD
November 2001
IHE InfoRad Theater Session
9
HIMSS / RSNA
What level of detail to
describe?
• IHE is recommending routine audit at the
patient level
• C2, CAPP (DoD) require adjustable detail level
» normally high level surveillance
» very detailed for high risk items and for suspect
users
• Is it reasonable to define messages at the
levels:
» patient, study, series, instance, DIMSE
• DTD is prepared for the future beyond IHE
basic support.
November 2001
IHE InfoRad Theater Session
10
HIMSS / RSNA
Related documents
Counselor Power Point Presentation
Counselor Power Point Presentation
State of the Art in Germany
State of the Art in Germany
The IHE Committee most likely to be made up of only physicists and
The IHE Committee most likely to be made up of only physicists and
Improving Imaging Quality and Safety with e
Improving Imaging Quality and Safety with e
Assessment Roles & Tools in Today`s Schools
Assessment Roles & Tools in Today`s Schools
CIO/CCIO Exchange - HIMSS UK Executive leadership summit
CIO/CCIO Exchange - HIMSS UK Executive leadership summit
BocaArrow_AIP_2011_02_25
BocaArrow_AIP_2011_02_25
2015 Proposal Pages Template - University of Wisconsin System
2015 Proposal Pages Template - University of Wisconsin System
Download
advertisement