Grid Based Infrastructure for Distributed Medical Imaging Carl Kesselman ISI Fellow Director, Center for Grid Technologies Information Sciences Institute Research Professor Computer Science Viterbi School of Engineering University of Southern California Joint work with Stephan G. Erberich, Ann Chervenak, Robert Schuler, Laura Pearlman, Jonathan C. Silverstein
2 Problem l How to share medical images across federated medical environment l Issues u Minimal disturbance of enterprise environment u Co-existence with existing medical imaging tools and user interfaces u Privacy/security requirements u Federation across multiple sites
3 The Medicus Solution l Medical Imaging and Computing for Unified Information Sharing (MEDICUS) l Exploit existing medical imaging standards in local enterprise l Gateway into standard Grid service for federation u Security u Data discovery u Data movement Globus MEDICUS
4 Digital Imaging and Communications in Medicine (DICOM) l Defines image format u Standard header (metadata) and image formats l Simple communication protocol for image access and publication u store, find, get, move l Used by existing medical imaging systems u Picture Archiving and Communications Systems (PACS)
5 Open Source Grid Software Data Mgmt Security Common Runtime Execution Mgmt Info Services GridFTP Authentication Authorization Reliable File Transfer Data Access & Integration Grid Resource Allocation & Management Index Community Authorization Data Replication Community Scheduling Framework Delegation Replica Location Trigger Java Runtime C Runtime Python Runtime WebMDS Workspace Management Grid Telecontrol Protocol Globus Toolkit v4 Credential Mgmt
6 Major Components of Medicus l DICOM Grid Interface Service u OGSA web service to translate between DICOM and Grid operations l OGSA-DAI u Meta-catalog l Data Replication Service (DRS) u Data replication/data discovery u Utilized RLS and GridFTP for disovery, replica management and data movement l Grid Security Infrastructure u Security, authorization
7 The Grid is the PACS l Meets image exchange needs u Not limited to research use (e.g. BIRN, caBIG) u Single architecture for Clinical and Research use u Federate image references (Meta Catalog) - IHE XDS model u X.509 authentication security model + SAML assertions u Hide Grid workflow from user if possible, e.g. DICOM workflow l Meets image storage needs u FT and DR by replicas u PACS-Grid-PACS too slow for clinical use u Integrate hospital PACS u Data integrity by CRC checksums
8 Medicus System Design
9 DGIS: Image publication DICOM C-STORE Operation Globus MEDICUS
10 DGIS: Image Discovery DICOM C-FIND Operation Globus MEDICUS
11 Meta Catalog Service for Medical Images l OGSA-DAI + Data Base (e.g. MySQL, Derby, Oracle,..) l DICOM meta data u Patient level (e.g. encrypted name, id, etc.) u Study level (e.g. date, time, protocol, etc.) u Series level (e.g. imaging type, modality, etc.) u Image level (e.g. position, level, exposure, etc.) l Keys are DICOM UIDs (Study, Series, Image) l Health meta data u Flexible Annotation, e.g. ICD-9
12 DGIS: Image Delivery DICOM C-GET/C-MOVE Operations Globus MEDICUS
13 MEDICUS Fault Tolerance and Disaster Recovery l Fault Tolerance and Disaster Recovery through replicas u OGSA compliant Replication Location Service (RLS) u Index encrypted DICOM keys (study and series UIDs) u Index which storage has physical representation of series record u Local replica index (RLS) u VO replica index (RLS master)
14 Protected Health Information l MEDICUS v1 u Single layer GSI security model u X.509 proxy certificate standards based u Typical use case: Closed VO like Healthcare provider network, Military network, research network. l MEDICUS v2 u Add second security layer based on patient identity u Patient Centric Authorization using SAML assertions u Patient advocacy – patient controlled access u Logging of “on behalf actor” at Grid Service u All patient data on the Grid u Typical use-case: SOA of third-party storage, image processing services require no-PHI access to DICOM
15 I2 Shibboleth – Identify Federation l I2 announcement 01/17/2007:.. Both the US National Science Foundation (NSF) and National Institutes of Health (NIH) are moving in this direction. The report states that "the federation model with the most momentum is Shibboleth". l GridShib using Shibboleth l OASIS standards based SAML assertions l GT4 - X.509 certificates with embedded SAML assertions
16 Patient Authorized Grid Image Workflow
17 Globus MEDICUS Use-Cases l Multi-center clinical trials u Children’s Oncology Group Phase-I 28 international medical centers (since 09/2003) u NANT Cancer Foundation 13 national medical centers (since 12/2005) l Off-site Medical Image Storage u Enterprise PACS / Grid PACS u FT and DR by replication using Globus Data Replication Service (DRS) l Medical Image Federation u Enterprise Hospital VO u Military VO u Community Practices VO u Etc.
18 MEDICUS use cases: Childrens Oncology Group and Neuroblastoma Cancer Foundation Grids
19 Summary l MEDICUS vertically integrates existing standards based GT4 components – no research specific layer l Fast and efficient DICOM off-site storage l Integrates with hospital PACS + FT and DR l Transparent image workflow for Physician l Flexible and cost efficient deployment using open- source (~ $500 per TB) l PHI protected at patient level l Single HealthGrid solution for Clinical and Research use of same images
20 Conclusion l MEDICUS present one piece to HealthGrid puzzle l Modular SOA design ideal for collaborative extension, e.g. image processing web services using DICOM image resources on the Grid l Open-source (Apache license), part of the Globus Toolkit Development release: You are invited to contribute your field of expertise dev.globus.org/wiki/Incubator/MEDICUS l Roadmap: Standards based PHR, Workstation Grid plug-in, IHE XDS/-I WebServices
21 Acknowledgment IDEA Award Winner 2007 Information Science Institute NIH/NCI Grant: UO1-BA97452 Horizon Award Winner 2007