Brent J. Liu,Zheng Zhou,H. K. Huang

DOI: https://doi.org/10.1007/s10278-005-9248-5

IF: 4.903

2005-01-01

Journal of Digital Imaging

Abstract:The Health Insurance Portability and Accountability Act (HIPAA, instituted April 2003) Security Standards mandate health institutions to protect health information against unauthorized use or disclosure. One approach to addressing this mandate is by utilizing user access control and generating audit trails of the various authorized as well as unauthorized user access of health data. Although most current clinical image systems [e.g., picture archiving and communication system (PACS)] have components that generate log files for application debugging purposes, there is a lack of methodology to obtain and synthesize the pertinent data from the large volumes of log data generated by these multiple components within a PACS. We have designed a HIPAA-compliant architecture specifically for tracking and auditing the image workflow of clinical imaging systems such as PACS. As an initial first step, we developed HIPAA-compliant auditing system (H-CAS) based on parts of this HIPAA-compliant architecture. H-CAS was implemented within a test-bed PACS simulator located in the Image Processing and Informatics lab at the University of Southern California. Evaluation scenarios were developed where different user types performed legal and illegal access of PACS image data within each of the different components in the PACS simulator. Results were based on whether the scenarios of unauthorized access were correctly identified and documented as well as on normal operational activity. Integration and implementation pitfalls were also noted and included.

CHENG Meng-yun,ZHU Jun,NING Jiao-xian,CHEN Xiang-rong,Hu Jian

DOI: https://doi.org/10.3969/j.issn.0490-6756.2006.03.026

2006-01-01

Abstract:The archives management and transmission of medical images which are the key technologies of PACS are studied.Based on the DICOM standard,a three-tier medical image database system is builded.The system realized effective query,on-line display and long-range transmission of medical images with FTP transport protocols.The research work offered a technical support for telemedicine and had certain value on the constructing of modern digital hospital.

R L Arenson,K P Andriole,D E Avrin,R G Gould

DOI: https://doi.org/10.1007/BF03168389

Abstract:Early picture archiving and communication systems (PACS) were characterized by the use of very expensive hardware devices, cumbersome display stations, duplication of database content, lack of interfaces to other clinical information systems, and immaturity in their understanding of the folder manager concepts and workflow reengineering. They were implemented historically at large academic medical centers by biomedical engineers and imaging informaticists. PACS were nonstandard, home-grown projects with mixed clinical acceptance. However, they clearly showed the great potential for PACS and filmless medical imaging. Filmless radiology is a reality today. The advent of efficient softcopy display of images provides a means for dealing with the ever-increasing number of studies and number of images per study. Computer power has increased, and archival storage cost has decreased to the extent that the economics of PACS is justifiable with respect to film. Network bandwidths have increased to allow large studies of many megabytes to arrive at display stations within seconds of examination completion. PACS vendors have recognized the need for efficient workflow and have built systems with intelligence in the management of patient data. Close integration with the hospital information system (HIS)-radiology information system (RIS) is critical for system functionality. Successful implementation of PACS requires integration or interoperation with hospital and radiology information systems. Besides the economic advantages, secure rapid access to all clinical information on patients, including imaging studies, anytime and anywhere, enhances the quality of patient care, although it is difficult to quantify. Medical image management systems are maturing, providing access outside of the radiology department to images and clinical information throughout the hospital or the enterprise via the Internet. Small and medium-sized community hospitals, private practices, and outpatient centers in rural areas will begin realizing the benefits of PACS already realized by the large tertiary care academic medical centers and research institutions. Hand-held devices and the Worldwide Web are going to change the way people communicate and do business. The impact on health care will be huge, including radiology. Computer-aided diagnosis, decision support tools, virtual imaging, and guidance systems will transform our practice as value-added applications utilizing the technologies pushed by PACS development efforts. Outcomes data and the electronic medical record (EMR) will drive our interactions with referring physicians and we expect the radiologist to become the informaticist, a new version of the medical management consultant.

JG Zhang,XM Chen,J Zhuang,JR Jiang,XY Zhang,DQ Wu,HK Huang

DOI: https://doi.org/10.1117/12.480651

2003-01-01

Abstract:In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare providers. CA component keeps the information of user personnel identification, accessing rights, and their administration levels, and the DSPR component manages the All the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

Jiang Bian,Umit Topaloglu,Cheryl Lane

DOI: https://doi.org/10.1109/iembs.2009.5332428

2009-01-01

Abstract:The enormous number of studies performed at the Nuclear Medicine Department of University of Arkansas for Medical Sciences (UAMS) generates a huge amount PET/CT images daily. A DICOM workstation had been used as "mini-PACS" to route all studies, which is historically proven to be slow due to various reasons. However, replacing the workstation with a commercial PACS server is not only cost inefficient; and more often, the PACS vendors are reluctant to take responsibility for the final integration of these components. Therefore, in this paper, we propose an alternative imaging archiving and communication system called Enterprise Imaging Repository (EIR). EIR consists of two distinguished components: an image processing daemon and a user friendly web interface. EIR not only reduces the overall waiting time of transferring a study from the modalities to radiologists' workstations, but also provides a more preferable presentation.

Alex K. S. Wong,Lawrence W. C. Chan,Ying Liu

DOI: https://doi.org/10.1007/s10796-009-9150-7

2009-01-01

Information Systems Frontiers

Abstract:This paper is aimed to present a novel compartmental PACS model for the automatic object-oriented integration and visualization of heterogeneous data for the multidisciplinary biomedical studies in the midst of the imaging services in radiology department. The generic PACS is conceptually partitioned into two compartments: service and integration. The service compartment supports the routine imaging service by connecting the imaging modalities to the web client workstations through a single fault-tolerant hardware. The integration compartment is synthesized by open source and open standard software tools to perform the long-term archiving of imaging cases and to integrate the images with the related data from other clinical disciplines. The prototype of the compartmental PACS model has been successfully implemented in the Department of Health Technology and Informatics (HTI) at the Hong Kong Polytechnic University (PolyU). Multi-disciplinary study on a cardiovascular case is considered as an example in this paper to demonstrate the seamless integration and web-based visualization of heterogeneous data from radiology, ophthalmology, cardiology and hematology. The implementation of the compartmental PACS model demonstrates a deliberative system design for allocating mission-critical components at the clinical frontline of imaging services and long-term archiving components at the backend. The integrative feature of object-oriented long-term archive addresses the comprehensive needs of patient-centered multidisciplinary biomedical studies.

R D Cox,C J Henri,P M Bret

DOI: https://doi.org/10.1007/BF03168688

Abstract:This article describes the design and implementation of a low-cost image archival and management solution on a radiology network consisting of UNIX, IBM personal computer-compatible (IBM, Purchase, NY) and Macintosh (Apple Computer, Cupertino, CA) workstations. The picture archiving and communications system (PACS) is modular, scaleable and conforms to the Digital Imaging and Communications in Medicine (DICOM) 3.0 standard for image transfer, storage and retrieval. Image data is made available on soft-copy reporting workstations by a work-flow management scheme and on desktop computers through a World Wide Web (WWW) interface. Data archival is based on recordable compact disc (CD) technology and is automated. The project has allowed the radiology department to eliminate the use of film in magnetic resonance (MR) imaging, computed tomography (CT) and ultrasonography.

M Osteaux,R Van den Broeck,F Verhelle,J de Mey

Abstract:PACS represents the natural evolution from the digital new modalities (US, CT, MRI,...) to a global digital environment, where the film based activities are progressively replaced by their digital counterpart. The advantages of the technique, as well as the drawbacks of the first implementations, are described. The "second generation" PACS concept is presented (modular architecture, progressive implementation, multivendor environment, integration with the Hospital Information System, standardization,...). As "case study", the example of the A.Z.-V.U.B. Hospital Implementation is described.

W Cecyl Hobbs

Abstract:New medical imaging technology, such as multi-detector computed tomography (CT) scanners and positron emission tomography (PET) scanners, are creating new possibilities for non-invasive diagnosis that are leading providers to invest heavily in these new technologies. The volume of data produced by such technology is so large that it cannot be "read" using traditional film-based methods, and once in digital form, it creates a massive data integration and archiving challenge. Despite the benefits of digital imaging and archiving, there are several key challenges that healthcare organizations should consider in planning, selecting, and implementing the information technology (IT) infrastructure to support digital imaging. Decisions about storage and image distribution are essentially questions of "where" and "how fast." When planning the digital archiving infrastructure, organizations should think about where they want to store and distribute their images. This is similar to decisions that organizations have to make in regard to physical film storage and distribution, except the portability of images is even greater in a digital environment. The principle of "network effects" seems like a simple concept, yet the effect is not always considered when implementing a technology plan. To fully realize the benefits of digital imaging, the radiology department must integrate the archiving solutions throughout the department and, ultimately, with applications across other departments and enterprises. Medical institutions can derive a number of benefits from implementing digital imaging and archiving solutions like PACS. Hospitals and imaging centers can use the transition from film-based imaging as a foundational opportunity to reduce costs, increase competitive advantage, attract talent, and improve service to patients. The key factors in achieving these goals include attention to the means of data storage, distribution and protection.

Steve G Langer

DOI: https://doi.org/10.1007/s10278-016-9913-x

Abstract:In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

Bahar Mansoori,Beverly Rosipko,Karen K Erhard,Jeffrey L Sunshine

DOI: https://doi.org/10.1007/s10278-013-9625-4

Abstract:In the digital era of radiology, picture archiving and communication system (PACS) has a pivotal role in retrieving and storing the images. Integration of PACS with all the health care information systems e.g., health information system, radiology information system, and electronic medical record has greatly improved access to patient data at anytime and anywhere throughout the entire enterprise. In such an integrated setting, seamless operation depends critically on maintaining data integrity and continuous access for all. Any failure in hardware or software could interrupt the workflow or data and consequently, would risk serious impact to patient care. Thus, any large-scale PACS now have an indispensable requirement to include deployment of a disaster recovery plan to ensure secure sources of data. This paper presents our experience with designing and implementing a disaster recovery and business continuity plan. The selected architecture with two servers in each site (local and disaster recovery (DR) site) provides four different scenarios to continue running and maintain end user service. The implemented DR at University Hospitals Health System now permits continuous access to the PACS application and its contained images for radiologists, other clinicians, and patients alike.

Sridevi Arumugham,Sundararaman Rajagopalan,John Bosco Balaguru Rayappan,Rengarajan Amirtharajan

DOI: https://doi.org/10.1016/j.jbi.2018.08.010

Abstract:Growing demand for e-healthcare across the globe has raised concerns towards the secure and authentication enhanced medical image sharing. One of the services offered by health informatics in hospitals include an user interface through the Local Area Network (LAN) for enabling storage and access of medical records. In this paper, a security enhanced DICOM image sharing over a LAN addressing confidentiality, integrity and authentication has been proposed. Initially, the AES encrypted patient history was combined along with the thumb impression and Quick Response (QR) code of patient ID as watermark. This watermark was encrypted employing Integer Wavelet Transform (IWT), chaotic map and attractors with confusion-diffusion operations. Further, the encrypted watermark was embedded in the selected Region Of Non-Interest (RONI) pixels of DICOM image. Username & unique password credentials, Face identification and FPGA generated One Time Password (OTP) form the three layer authentication scheme for secure DICOM image access through the LAN. Web publishing medium of storing secured DICOM images in cloud has also been addressed in this work. To validate the proposed hybrid crypto-watermarking system, parameters such as key sensitivity, key space, correlation, entropy, histogram, cropping attack, Mean Square Error (MSE), Peak Signal to Noise Ratio (PSNR) and Structural Similarity Index Metric (SSIM) were performed and the results obtained have proved the strength of the proposed algorithm against brute force, statistical and cropping attacks.

Liviu Constantinescu,Jinman Kim,Ashnil Kumar,Daiki Haraguchi,Lingfeng Wen,Dagan Feng

DOI: https://doi.org/10.1186/2047-2501-1-3

2013-01-10

Abstract:Over the past decade, rapid development of imaging technologies has resulted in the introduction of improved imaging devices, such as multi-modality scanners that produce combined positron emission tomography-computed tomography (PET-CT) images. The adoption of picture archiving and communication systems (PACS) in hospitals have dramatically improved the ability to digitally share medical image studies via portable storage, mobile devices and the Internet. This has in turn led to increased productivity, greater flexibility, and improved communication between hospital staff, referring physicians, and outpatients. However, many of these sharing and viewing capabilities are limited to proprietary vendor-specific applications. Furthermore, there are still interoperability and deployment issues which reduce the rate of adoption of such technologies, thus leaving many stakeholders, particularly outpatients and referring physicians, with access to only traditional still images with no ability to view or interpret the data in full. In this paper, we present a distribution architecture for medical image display across numerous devices and media, which uses a preprocessor and an in-built networking framework to improve compatibility and promote greater accessibility of medical data. Our INVOLVE2 system consists of three main software modules: 1) a preprocessor, which collates and converts imaging studies into a compressed and distributable format; 2) a PACS-compatible workflow for self-managing distribution of medical data, e.g. via CD USB, network etc; 3) support for potential mobile and web-based data access. The focus of this study was on cultivating patient-centric care, by allowing outpatient users to comfortably access and interpret their own data. As such, the image viewing software included on our cross-platform CDs was designed with a simple and intuitive user-interface (UI) for use by outpatients and referring physicians. Furthermore, digital image access via mobile devices or web-based access enables users to engage with their data in a convenient and user-friendly way. We evaluated the INVOLVE2 system using a pilot deployment in a hospital environment.

Kathryn Knight,Ioana Danciu,Olga Ovchinnikova,Jacob Hinkle,Mayanka Chandra Shekar,Debangshu Mukherjee,Eileen McAllister,Caitlin Rizy,Kelly Cho,Amy C. Justice,Joseph Erdos,Peter Kuzmak,Lauren Costa,Yuk-Lam Ho,Reddy Madipadga,Suzanne Tamang,Ian Goethert

2024-04-30

Abstract:The compilation and analysis of radiological images poses numerous challenges for researchers. The sheer volume of data as well as the computational needs of algorithms capable of operating on images are extensive. Additionally, the assembly of these images alone is difficult, as these exams may differ widely in terms of clinical context, structured annotation available for model training, modality, and patient identifiers. In this paper, we describe our experiences and challenges in establishing a trusted collection of radiology images linked to the United States Department of Veterans Affairs (VA) electronic health record database. We also discuss implications in making this repository research-ready for medical investigators. Key insights include uncovering the specific procedures required for transferring images from a clinical to a research-ready environment, as well as roadblocks and bottlenecks in this process that may hinder future efforts at automation.

Computer Vision and Pattern Recognition

Joseph E Chasteen,Gretchen Murphy,Arden Forrey,David Heid

2004-08-15

Abstract:This article reviews the issues related to the Health Insurance Portability & Accountability Act (HIPAA) security rule that apply to dental practice. The security rule specifically addresses individually identifiable health information that is transmitted or maintained in electronic media. System security must be applied to the entire technical infrastructure for the practice environment as well as to the work culture on a daily basis and must be thought of as an enterprise asset. Security refers to all of the policies, procedures, tools, and techniques used to assure that privacy and confidentiality are adequately addressed in a healthcare system. HIPAA requires all covered entities that transmit or maintain electronic health information perform, and document, a risk assessment for security and develop a security plan to address major areas of concern. A self-assessment tool is provided in this article.

Suvineetha Herath,Haywood Gelman,John Hastings,Yong Wang

2024-12-18

Abstract:The rapid growth of remote healthcare delivery has introduced significant security and privacy risks to protected health information (PHI). Analysis of a comprehensive healthcare security breach dataset covering 2009-2023 reveals their significant prevalence and impact. This study investigates the root causes of such security incidents and introduces the Attacker-Centric Approach (ACA), a novel threat model tailored to protect PHI. ACA addresses limitations in existing threat models and regulatory frameworks by adopting a holistic attacker-focused perspective, examining threats from the viewpoint of cyber adversaries, their motivations, tactics, and potential attack vectors. Leveraging established risk management frameworks, ACA provides a multi-layered approach to threat identification, risk assessment, and proactive mitigation strategies. A comprehensive threat library classifies physical, third-party, external, and internal threats. ACA's iterative nature and feedback mechanisms enable continuous adaptation to emerging threats, ensuring sustained effectiveness. ACA allows healthcare providers to proactively identify and mitigate vulnerabilities, fostering trust and supporting the secure adoption of virtual care technologies.

Cryptography and Security

Pavithra Prabhu,Manjunath K N,Chitra Rajarama,Anjali Kulkarni,Rajendra Kurady

DOI: https://doi.org/10.31557/APJCP.2021.22.1.185

2021-01-01

Abstract:Background: While transmitting the medical images in radiology information systems the adversary effect can break the CIA (Confidentiality, Integrity, and Availability) triads of information security. The objective of the study was to transmit the complete set of image objects in a dataset without data integrity violation. Methods: In this paper a hybrid cryptographic technique which combines the prime details from the patient dataset (stack of axial 2D images) and the Advanced Encryption Standard (AES) method has been proposed. The steps include a) Creating an artificial X-ray image (DRR) from the 3D volume, b) dividing the DRR image in x and y directions equally into four regions, c) applying the zig-zag pattern to each quadrant, and d) encryption of each quadrant with block cipher mode using the AES algorithm. After dataset transmission the DRR image was regenerated at the receiver and compared each of the deciphered blocks (transmitted ones) using the histogram technique. Results: The technique was tested on CT and MRI scans of sixty datasets. The image injection techniques, such as adding and deleting an image from the dataset and modifying the image pixels, were tested. The results were validated statistically using mean square error and histogram matching techniques. Conclusion: The combination of the DRR and the AES technique has ensured the secured transmission of the entire dataset and not an individual image.

ZhiGang Xie,RiTu Wu

DOI: https://doi.org/10.1109/ICEICE.2011.5777920

2011-01-01

Abstract:Following along the medical digital developing continually, the traditional image of film formats is replaced gradually by the Picture Archiving and Communications system (PACS).PACS became an information platform in communion with the hospital images information, which is the important link of the digital information to the hospital. At present, the application of PACS in the department of the hospital images is still the probation stage so that many hospitals weren't enough familiar with the system. Then, the data collection processes according with medical digital image were summarized to the microcomputer PACS. Hence, PACS will be more actually applied in medical treatment system, and more effectively increased the hospital for medical services and management and diagnosis of disease level.

XIE Ming-wei,HU Hui-jun,XU Jian-min,LIANG Bi-ling

DOI: https://doi.org/10.3969/j.issn.1674-1633.2013.12.034

2013-01-01

Abstract:Objective To summarize the malfunctions frequently occurring during the clinical application of Picture Archiving and Communication Systems(PACS) & Radiology Information System(RIS) and corresponding solutions.Methods PACS/RIS(GE Centricity Enterprise V3.0) is built up with the local area network in the hospital,recording malfunctions and corresponding solutions during its application.Results To solve those common malfunctions concerning PACS,HIS(Hospital Information System)and hardware devices,it is of great necessity for staff in Department of Radiology to record them,then exclude the possibilities one by one and initiate the emergency plan so as to ensure the continuation of diagnostic work.Conclusion Stable and efficient operation of PACS/RIS is pivotal to the daily diagnostic work for Department of Radiology.

Jeff Collmann,Johnathan Coleman,Kristen Sostrom,Willie Wright

DOI: https://doi.org/10.1089/tmj.2004.10.311

Abstract:Organizations must continuously seek safety. When considering computerized health information systems, "safety" includes protecting the integrity, confidentiality, and availability of information assets such as patient information, key components of the technical information system, and critical personnel. "High Reliability Theory" (HRT) argues that organizations with strong leadership support, continuous training, redundant safety mechanisms, and "cultures of high reliability" can deploy and safely manage complex, risky technologies such as nuclear weapons systems or computerized health information systems. In preparation for the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the Office of the Assistant Secretary of Defense (Health Affairs), the Offices of the Surgeons General of the United States Army, Navy and Air Force, and the Telemedicine and Advanced Technology Research Center (TATRC), US Army Medical Research and Materiel Command sponsored organizational, doctrinal, and technical projects that individually and collectively promote conditions for a "culture of information assurance." These efforts include sponsoring the "P3 Working Group" (P3WG), an interdisciplinary, tri-service taskforce that reviewed all relevant Department of Defense (DoD), Miliary Health System (MHS), Army, Navy and Air Force policies for compliance with the HIPAA medical privacy and data security regulations; supporting development, training, and deployment of OCTAVE(sm), a self-directed information security risk assessment process; and sponsoring development of the Risk Information Management Resource (RIMR), a Web-enabled enterprise portal about health information assurance.