Brent J. Liu,Zheng Zhou,H. K. Huang

DOI: https://doi.org/10.1007/s10278-005-9248-5

IF: 4.903

2005-01-01

Journal of Digital Imaging

Abstract:The Health Insurance Portability and Accountability Act (HIPAA, instituted April 2003) Security Standards mandate health institutions to protect health information against unauthorized use or disclosure. One approach to addressing this mandate is by utilizing user access control and generating audit trails of the various authorized as well as unauthorized user access of health data. Although most current clinical image systems [e.g., picture archiving and communication system (PACS)] have components that generate log files for application debugging purposes, there is a lack of methodology to obtain and synthesize the pertinent data from the large volumes of log data generated by these multiple components within a PACS. We have designed a HIPAA-compliant architecture specifically for tracking and auditing the image workflow of clinical imaging systems such as PACS. As an initial first step, we developed HIPAA-compliant auditing system (H-CAS) based on parts of this HIPAA-compliant architecture. H-CAS was implemented within a test-bed PACS simulator located in the Image Processing and Informatics lab at the University of Southern California. Evaluation scenarios were developed where different user types performed legal and illegal access of PACS image data within each of the different components in the PACS simulator. Results were based on whether the scenarios of unauthorized access were correctly identified and documented as well as on normal operational activity. Integration and implementation pitfalls were also noted and included.

Hai-yan Zhou,Xing Yao,Yue-ming Zhu,Hui-long Duan,Xu-dong Lu,Chen-hui Zhao

DOI: https://doi.org/10.3969/j.issn.1671-7104.2006.06.010

2006-01-01

Abstract:PACS (Picture Archiving and Communication System) is successfully applied in Huzhou Central Hospital, and is well integrated with its HIS system by WEBSERVICE middleware. The system supports DICOM 3.0 Standard, and DICOM gateways are installed for modalities that do not support DICOM so as to have implemented the digitalization of all the image departments in the hospital.

Tian-shu ZHOU,Xing-hua ZHU,Jing-song LI

DOI: https://doi.org/10.3969/j.issn.1673-7571.2015.06.025

2015-01-01

Abstract:To meet the demand of big data sharing and communication in regional medical systems in a secure manner, we designed and developed a security system within HIE-oriented EMR, including identity authentication, privilege management, access log, and data encryption modules. The establish and deployment of the system could prevent access from the illegal users, keep EMR system accessibility while controllability, record the modification traces and make it undeniability, protect the medical data from intercepted by intruders, keep the data confidentiality from none stakeholders, and finally construct a complete security system in EMR.

Zheng Zhou,Brent J Liu

DOI: https://doi.org/10.1016/j.compmedimag.2004.09.009

IF: 7.422

2005-01-01

Computerized Medical Imaging and Graphics

Abstract:As an official regulation for healthcare privacy and security, Health Insurance Portability and Accountability Act (HIPAA) mandates health institutions to protect health information against unauthorized use or disclosure. One such method proposed by HIPAA Security Standards is audit trail, which records and examines health information access activities. HIPAA mandates healthcare providers to have the ability to generate audit trails on data access activities for any specific patient. Although current medical imaging systems generate activity logs, there is a lack of formal methodology to interpret these large volumes of log data and generate HIPAA compliant auditing trails.

Liang SHEN,Qian HUANG,You ZHAI,Yunqing QIU,Qingwei ZHAO,Lihua WU,Min ZHOU,Jian LIU

DOI: https://doi.org/10.3785/j.issn.1008-9292.2020.07.01

2020-01-01

Abstract:Clinical trial management system is independently developed by our hospital, which basically realized the whole process management and data collection of clinical trials. Based on the platform, the functional architecture of data remote monitoring and auditing was established. By desensitizing and encrypting of data, the project and subject hologram were visualized to facilitate to review of data. The data remote monitoring and auditing cloud platform adopts the B/S architecture pattern. Users register to apply for an account through the cloud platform, and access to the account via HTTPS security protocol. The authorized users were able to view the relevant items online to ensure the secure data transmission and easy operating. The electronic management of data is the direction of future efforts. By compliance with laws and regulations, the remote monitoring/auditing can be realized, and the data security and personal privacy can be ensured with the application of information technology. In this paper, the feasibility of remote monitoring/auditing mode is explored, specific technical schemes and system functions are suggested, and the realization scenarios are conceived in case of major public health emergencies.

Qingli Zhou,Jianhu He,Jun Liu

2008-01-01

Abstract:The development of hospital business demands the integration of information systems. After studying the relative technologies for system connection,system integration and different modes of connecting system, we put forward a protocol to integrate the existing laboratory information system( LIS) and hospital information system(HIS). It introduces the multi-tier distributed technical methods for improving the client/server applications; it ascertains the units and transactions participating in workflow integration by referencing the IHE( Integrating the Healthcare Enterprises) Laboratory Technology Framework; it implements information exchange by Health Level 7(HL7) standards; and it can conserve previous investment and avoid some problems of security, maintenance and realtime process without the risk of massively updating system.

Jun Liang,Mei Fang Xu,Lan Juan Li,Sheng Li Yang,Bao Luo Li,De Ren Cheng,Ou Jin,Li Zhong Zhang,Long Wei Yang,Jun Xiang Sun

DOI: https://doi.org/10.1007/978-3-642-17313-4_49

2010-01-01

Abstract:The health information systems of most medical institutions in China are isolated. Communications across these systems are generally realized through point-to-point interfaces at the database level, which tend to lack interoperability, extensibility, and security. In the resent study, we developed localized, document-oriented and data-focused clinical document architecture (CDA) templates based on health level 7 (HL7) CDA. Then, by combining these templates with the Service-oriented architecture for HL7 middleware, we accomplished interoperability across multiple heterogeneous systems. Modules of our system have been put into trial use in six medical institutions, including the Second University Hospital (main campus and regional campuses) of the School of Medicine, Zhejiang University and other collaborating hospitals.

Zheng Zhou

DOI: https://doi.org/10.1016/j.compmedimag.2007.02.013

2007-01-01

Abstract:Computer aided diagnosis/detection (CAD) has been extensively used in mammography, chest, and three-dimensional (3D) CT lung imaging for clinical decision support over last 5-6 years. Recent trend is to integrate CAD applications with a PACS so that CAD results can be reviewed by most physicians for diagnosis. However, data security issue arises when a CAD application is integrated with a PACS. In this paper, we present a lossless digital signature embedding (LDSE) method for assuring the integrity of images used by the CAD and new images and results generated by the CAD application. Our experimental results show that the method is effective for assuring the integrity of CAD images. Combining this method with traditional one-dimensional digital signature technique for protecting CAD results, we provide a complete integrity assurance solution for a CAD application integrated with a PACS. (c) 2007 Elsevier Ltd. All rights reserved.

JG Zhang,XM Chen,J Zhuang,JR Jiang,XY Zhang,DQ Wu,HK Huang

DOI: https://doi.org/10.1117/12.480651

2003-01-01

Abstract:In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare providers. CA component keeps the information of user personnel identification, accessing rights, and their administration levels, and the DSPR component manages the All the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

D B Harding Jr,R J Gac Jr,C T Reynolds 3rd,J Romlein,A K Chacko

DOI: https://doi.org/10.1007/BF03167663

Abstract:The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.

JG Zhang,Z Zhou,J Zhuang,RL Han,GZ Zhang,J Feng,MP Wang,CF Wang

DOI: https://doi.org/10.1117/12.435459

2001-01-01

Abstract:Huadong hospital in Shanghai with 700 beds provides health care services for inpatients and outpatients, as well as special senior and VIP patients. In order to move to digital imaging based radiology practice, and also provide better intra-hospital clinical services for senior and VIP patients, we started designing and planning PACS implementation from September of 1999. Based on the radiology service model and current workflow in Huadong hospital, we implemented PACS in following steps: In phase I, we designed PALS infrastructure and implemented PACS networks connecting to most digital modalities, reading rooms and clinical buildings, we also built NT-based module PALS for every kind of digital imaging modality with DICOM communication capability. In phase II, we developed an UNIX based PACS central server connecting to the individual module PACS for image routing, querying and retrieving among different departments and modality sections, and also installed specially designed interactive teleconsultation display workstations in radiology sections and clinical departments for consultation services. In phase III, we will integrate RIS into PACS infrastructure to optimize PACS dataflow and improve radiology workflow to achieve better performance and more efficient services. In this presentation, we will also discuss the PACS design strategies and implementation methods in Huadong hospitals to decrease the risks and to increase the positive responses from the partners and end users.

Wayne Bradford,John F Hurdle,Bernie LaSalle,Julio C Facelli

DOI: https://doi.org/10.1136/amiajnl-2013-001769

Abstract:High-performance computing centers (HPC) traditionally have far less restrictive privacy management policies than those encountered in healthcare. We show how an HPC can be re-engineered to accommodate clinical data while retaining its utility in computationally intensive tasks such as data mining, machine learning, and statistics. We also discuss deploying protected virtual machines. A critical planning step was to engage the university's information security operations and the information security and privacy office. Access to the environment requires a double authentication mechanism. The first level of authentication requires access to the university's virtual private network and the second requires that the users be listed in the HPC network information service directory. The physical hardware resides in a data center with controlled room access. All employees of the HPC and its users take the university's local Health Insurance Portability and Accountability Act training series. In the first 3 years, researcher count has increased from 6 to 58.

Hui Tian,Weiping Ye,Jia Wang,Hanyu Quan,Chin-Chen Chang

DOI: https://doi.org/10.1155/2023/3375823

IF: 8.993

2023-11-27

International Journal of Intelligent Systems

Abstract:In the context of healthcare 4.0, cloud-based eHealth is a common paradigm, enabling stakeholders to access medical data and interact efficiently. However, it still faces some serious security issues that cannot be ignored. One of the major challenges is the assurance of the integrity of medical data remotely stored in the cloud. To solve this problem, we propose a novel certificateless public auditing for medical data in the cloud (CPAMD), which can achieve efficient batch auditing without complicated certificate management and key escrow. Specifically, in our CPAMD, a new secure certificateless signature method is designed to generate tamper-proof data block tags; a manageable delegated data outsourcing mechanism is presented to reduce the burden of data maintenance on patients and achieve auditability of outsourcing behavior; and a privacy-preserving augmented verification strategy is proposed to provide comprehensive auditing of both medical data and its source information without compromising privacy. We perform formal security analysis and comprehensive performance evaluation for CPAMD. The results demonstrate that the presented scheme can provide better auditing security and more comprehensive auditing capabilities while achieving good performance comparable to state-of-the-art ones.

computer science, artificial intelligence

Zheng Zhou,H. K. Huang,B. J. Liu

DOI: https://doi.org/10.1117/12.653511

2006-01-01

Abstract:Our previous study presented a lossless digital signature embedding (LDSE) method for assuring the integrity of 2D medical images in network transit or during archival. With the advent of multi-detector CT scanners and volume acquisition technologies, a PACS exam can now potentially generate hundreds, even thousands, of images. To perform the 2D LDSE method on each individual image in the volume would be extremely time consuming and inefficient. For this reason, a novel 3D LDSE method has been investigated for 3D image volumes. The method begins with generating a single digital signature (DS) of the entire volume. Embedding of the DS is performed by first identifying a bit stream from the image volume based on the correlation of 3D pixel values. The bit stream is compressed using lossless compression methods and the DS is concatenated with the compressed bit stream. This concatenated bit stream is then embedded within the original image volume. During the verification process, the embedded bit stream is extracted and utilized to recover the original bit stream and the original DS. The original bit stream can be used to restore the image volume which in turn can be used in the verification of the DS. In addition, to 3D LDSE embedding methodology for image volumes, a new procedure is developed to address clinical workflow for 3D image volumes. Experimental results demonstrated that the 3D LDSE method can assure the integrity of 3D image volume efficiently and effectively. In addition, a 3D clinical image workflow procedure was demonstrated.

Alex K. S. Wong,Lawrence W. C. Chan,Ying Liu

DOI: https://doi.org/10.1007/s10796-009-9150-7

2009-01-01

Information Systems Frontiers

Abstract:This paper is aimed to present a novel compartmental PACS model for the automatic object-oriented integration and visualization of heterogeneous data for the multidisciplinary biomedical studies in the midst of the imaging services in radiology department. The generic PACS is conceptually partitioned into two compartments: service and integration. The service compartment supports the routine imaging service by connecting the imaging modalities to the web client workstations through a single fault-tolerant hardware. The integration compartment is synthesized by open source and open standard software tools to perform the long-term archiving of imaging cases and to integrate the images with the related data from other clinical disciplines. The prototype of the compartmental PACS model has been successfully implemented in the Department of Health Technology and Informatics (HTI) at the Hong Kong Polytechnic University (PolyU). Multi-disciplinary study on a cardiovascular case is considered as an example in this paper to demonstrate the seamless integration and web-based visualization of heterogeneous data from radiology, ophthalmology, cardiology and hematology. The implementation of the compartmental PACS model demonstrates a deliberative system design for allocating mission-critical components at the clinical frontline of imaging services and long-term archiving components at the backend. The integrative feature of object-oriented long-term archive addresses the comprehensive needs of patient-centered multidisciplinary biomedical studies.

JG Zhang,RL Han,DQ Wu,XY Zhang,J Zhuang,J Feng,MP Wang,GZ Zhang,CF Wang

DOI: https://doi.org/10.1117/12.467023

2002-01-01

Abstract:Huadong hospital in Shanghai with 800 beds provides health care services for inpatients and outpatients, as well as special senior and VIP patients. In order to move to digital imaging based radiology practice, and also provide better intra-hospital consultation services for senior and VIP patients, we started to implement PACS for hospital wide services from 1999, and also designed and developed an automatic monitoring system (AMS) to monitor and control PACS operation and dataflow to decrease the total cost of ownership for PACS operation. We installed the AMS on top of the Huadong Hospital PACS in the May of 2001. The installation was painless, did not interrupt the normal PACS operation, and took only one month. The PACS administrators with the AMS can now monitor and control the entire PACS operation in real time, and also track patient and image data flow automatically. These features make administrators take proper action even before user's complaint if any failure happened in any PACS component or process, they reduce the size of the management team, and decrease total cost of PACS ownership.

Z Zhou,HK Huang,BJ Liu

DOI: https://doi.org/10.1117/12.595408

2005-01-01

Abstract:One of the new trends to protect the PACS image data against disaster situations is to store clinical images at an off-site backup archive. In order to support the mission-critical clinical PACS, the backup archive must be 24/7 continuously available (CA). We have developed a novel Data Grid for this purpose using the grid computing technology. With the federation of several PAC systems in a grid, the Data Grid can provide the true CA (99.999%) backup for the PAC systems. However, image integrity becomes a new critical issue to the Data Grid where the image data are not under the protection of local PACS anymore. In this paper, we presented a digital signature embedding (DSE) method, which can assure image integrity in image transmission or archive. The DSE method permanently embeds the digital signature (DS) of the image in the image pixels using lossless data embedding approaches, which can completely recover the original image whenever desired. The permanently embedded DS in the image would provide the integrity assurance for medical image during its lifetime. The embedding process can be utilized by the local PACS archive server to embed the DS in every image before it is sent to the Data Grid. The embedded DS can then be extracted for verification to ensure image integrity when images arrived in the Data Grid or when images were retrieved back. Therefore, with the DSE method, we have extended our protection of image integrity from local PACS to the backup Data Grid.

Chang Xu,Ningning Wang,Liehuang Zhu,Kashif Sharif,Chuan Zhang

DOI: https://doi.org/10.1109/jiot.2019.2917186

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:The integration of wearable wireless devices and cloud computing in e-health systems has significantly improved their effectiveness and availability. Patients can upload their personal health information (PHI) files to the cloud, from where the health service providers (HSPs) can obtain appropriate information to determine the health state. This system not only reduces the costs associated to healthcare but also provides timely diagnosis to save lives. However, a number of privacy concerns arise while sharing sensitive information. In this paper, we propose a novel privacy-preserving patient health information sharing scheme, which allows HSPs to access and search PHI files in a secure yet efficient manner. We make use of the searchable encryption technique with keyword range search and multikey-word search. The proposed privacy-preserving equality test protocol allows different types of numeric comparison searches on encrypted data. We also use a variant of bloom filter and message authentication code to classify PHI files, filter false data, and check integrity of search results. The simulations on real-world and synthetic data show the feasibility and efficiency of the system, and security analysis proves the privacy-preservation properties.

Xiuli Chai,Jiangyu Fu,Zhihua Gan,Yang Lu,Yushu Zhang,Daojun Han

DOI: https://doi.org/10.1109/jiot.2022.3228781

IF: 10.6

2023-04-07

IEEE Internet of Things Journal

Abstract:With the development of telemedicine diagnosis technology, the collection, storage, and transmission of medical data has become a pivotal problem. To solve these problems, in terms of semi-tensor product compressed sensing (STP-CS) and hybrid cloud, a new medical data transmission framework is presented in this article, which can ensure the efficiency, confidentiality, and verifiability of data transmission. According to the edge detection, the authentication information is embedded into the insignificant area of the medical image to protect the authenticity of the data. STP-CS is utilized to measure and encrypt the medical image, which improves the efficiency of data transmission. In order to make the image data more secure, an adaptive cyclic shift diffusion algorithm based on chaotic sequence is used to effectively diffuse the measurement results. In addition, we also apply encoding for the quantized measurement value to be used as tamper proof authentication. The simulation results prove that the presented medical data transmission scheme can effectively improve the image reconstruction effect, transmission efficiency, and security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Edward Chou,Matthew Tan,Cherry Zou,Michelle Guo,Albert Haque,Arnold Milstein,Li Fei-Fei

DOI: https://doi.org/10.48550/arXiv.1811.09950

2018-11-25

Abstract:Computer-vision hospital systems can greatly assist healthcare workers and improve medical facility treatment, but often face patient resistance due to the perceived intrusiveness and violation of privacy associated with visual surveillance. We downsample video frames to extremely low resolutions to degrade private information from surveillance videos. We measure the amount of activity-recognition information retained in low resolution depth images, and also apply a privately-trained DCSCN super-resolution model to enhance the utility of our images. We implement our techniques with two actual healthcare-surveillance scenarios, hand-hygiene compliance and ICU activity-logging, and show that our privacy-preserving techniques preserve enough information for realistic healthcare tasks.

Computer Vision and Pattern Recognition