Presentation is loading. Please wait.

Presentation is loading. Please wait.

Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.

Published byDale Park Modified over 8 years ago

Similar presentations

Presentation on theme: "Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee."— Presentation transcript:

1 Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee

2 HIMSS/RSNAApril 2003 Workshop IHE Integration profiles Patient Informa- tion Reconci- liation Access to Radiology Information Consistent Presentation of Images Scheduled Workflow Basic Security - Evidence Documents Key Image Notes Simple Image and Numeric Reports Presentation of Grouped Procedures Post- Processing Workflow Reporting Workflow Charge Posting

3 HIMSS/RSNAApril 2003 Workshop Overview Security Requirements Actors and Transactions

4 HIMSS/RSNAApril 2003 Workshop Security requirements Reasons: Clinical Use and Privacy – authorized persons must have access to medical data of patients, and the information must not be disclosed otherwise. By means of procedures and security mechanisms, guarantee: – Confidentiality – Integrity – Availability – Authenticity

5 HIMSS/RSNAApril 2003 Workshop Security measures Authentication: Establish the user and/or system identity, answers question: “Who are you?” Authorization and Access control Establish user’s ability to perform an action, e.g. access to data, answers question: “Now that I know who you are, what can you do?”

6 HIMSS/RSNAApril 2003 Workshop Security measures Accountability and Audit trail Establish historical record of user’s or system actions over period of time, answers question: “What have you done?”

7 HIMSS/RSNAApril 2003 Workshop IHE is establishing the first level of enterprise-wide security infrastructure for meeting privacy requirements (HIPAA, and like regulations world-wide). IHE Goal

8 HIMSS/RSNAApril 2003 Workshop IHE makes cross-node security management easy: – Only a simple manual certificate installation is needed. – Healthcare professionals are not hindered by ”complex” role based access control. However, policies may restrict them to ‘need to know information’. – Enforcement driven by ‘a posteriori audits’ and real-time visibility. IHE Goal

9 HIMSS/RSNAApril 2003 Workshop Integrating trusted nodes System A System B Secured System Secure network Strong authentication of remote node (digital certificates) network traffic encryption is not required Secured System Local access control (authentication of user) Audit trail with: Real-time access Time synchronization Central Audit Trail Repository

10 HIMSS/RSNAApril 2003 Workshop Secured Domain: integrating trusted nodes Secured Node Actor Other Actors Secured Node Actor Other Actors Secured Node Actor Other Actors Secured Node Actor Other Actors Time Server Central Audit Trail Repository

11 HIMSS/RSNAApril 2003 Workshop Secured Domain: Limited Administration Audit Trail/Time Server + CA for certificates to each node Secured Node Actor Other Actors Secured Node Actor Other Actors Secured Node Actor Other Actors Secured Node Actor Other Actors Time Server Central Audit Trail Repository

12 HIMSS/RSNAApril 2003 Workshop IHE Audit Trail Events 20 Non-Transaction Related

13 HIMSS/RSNAApril 2003 Workshop IHE Audit Trail Events 20 Non-Transaction Related

14 HIMSS/RSNAApril 2003 Workshop IHE Audit Trail Events 20 Non-Transaction Related

15 HIMSS/RSNAApril 2003 Workshop IHE Audit Trail Events 20 Non-Transaction Related

16 HIMSS/RSNAApril 2003 Workshop IHE Audit Trail Events, 18 Transaction Related

17 HIMSS/RSNAApril 2003 Workshop IHE Audit Trail Events, 18 Transaction Related

18 HIMSS/RSNAApril 2003 Workshop IHE Audit Trail Events, 18 Transaction Related

19 HIMSS/RSNAApril 2003 Workshop IHE Audit Trail Events, 18 Transaction Related

20 HIMSS/RSNAApril 2003 Workshop Example Audit Record for Patient-record-event

21 HIMSS/RSNAApril 2003 Workshop Example Audit Record for Patient-record-event

22 HIMSS/RSNAApril 2003 Workshop Example Audit Record for Instances-used

23 HIMSS/RSNAApril 2003 Workshop Basic Security Integration Profile Actor and Transaction diagram All existing IHE actors need to be grouped with a Secure Node actor. Secure Node Audit Record Repository “Any” IHE actor Record Audit Event Time Server Secure Node Authenticate Node Maintain Time

24 HIMSS/RSNAApril 2003 Workshop Basic Security Integration Profile Actor grouping rules If an actor wants to support the Basic Security Profile, this actor shall be grouped with a secure Node actor. All actors grouped with a Secure Node actor in an implementation must support the Basic Security Profile. At least one other IHE profile shall be supported by the actor

25 HIMSS/RSNAApril 2003 Workshop Authenticate Node transaction X.509 certificates for node identity and keys TCP/IP Transport Layer Security Protocol (TLS) for node authentication, and optional encryption Secure handshake protocol of both parties during Association establishment: – Identify encryption protocol – Exchange session keys Actor must be able to configure certificate list of authorized nodes.

26 HIMSS/RSNAApril 2003 Workshop Authenticate Node transaction TLS_RSA_WITH_NULL_SHA cyphersuite shall be supported for authentication If the optional encryption is selected, the TLS_RSA_WITH_3DES_SHA cyphersuite shall be supported. The well-known port 2762" as specified by DICOM shall be supported.

27 HIMSS/RSNAApril 2003 Workshop Record Audit Event transaction The BSD Syslog protocol (RFC 3164) for Audit Records Audit trail events and content, no standard available at the time of writing. IHE in Technical Framework : Use IHE defined XML Schema for defined content in payload of Syslog message

28 HIMSS/RSNAApril 2003 Workshop The Basic Security Integration Profile specifies the use of Syslog as the mechanism for logging audit record messages to the central audit record repository. Two improvements may be expected in the near future: 1.Syslog will be replaced by Reliable Syslog 2.The XML Schema will become an RFC standard as a result of an HL7/DICOM/IETF collaboration For both improvements a smooth evolution can be expected.

29 HIMSS/RSNAApril 2003 Workshop Maintain Time transaction Network Time Protocol ( NTP) version 3 (RFC 1305) for time synchronization Actor must support manual configuration Required accuracy: 1 second Optionally Secure NTP may be used

30 HIMSS/RSNAApril 2003 Workshop Questions? Documents Available On the Web at: www.rsna.org/IHEwww.rsna.org/IHE

Download ppt "Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee."

Similar presentations

Audit Trail and Node Authentication Audit Trail and Node Authentication Robert Horn Agfa Healthcare.

Audit Trail and Node Authentication Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
Audit Trail and Node Authentication / Consistent Time

Audit Trail and Node Authentication / Consistent Time
IHE Profile Proposal: Dynamic Configuration Management October, 2013.

IHE Profile Proposal: Dynamic Configuration Management October, 2013.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,
Overview of IHE IT Infrastructure Integration Profiles IHE IT Infrastructure Technical Committee Charles Parisot, GE Medical Systems Information Technologies.

Overview of IHE IT Infrastructure Integration Profiles IHE IT Infrastructure Technical Committee Charles Parisot, GE Medical Systems Information Technologies.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.

DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.
THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.

THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
September, 2005What IHE Delivers 1 Portable Data for Imaging - PDI IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.

September, 2005What IHE Delivers 1 Portable Data for Imaging - PDI IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.

Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.
1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.

1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.
Initial slides for Layered Service Architecture

Initial slides for Layered Service Architecture
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
Integrating the Healthcare Enterprise

Integrating the Healthcare Enterprise
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.

7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

Similar presentations

Ads by Google