View
220
Download
0
Category
Tags:
Preview:
Citation preview
Grid Based Infrastructure for Distributed Medical Imaging
Carl KesselmanISI Fellow
Director, Center for Grid TechnologiesInformation Sciences Institute
Research ProfessorComputer Science
Viterbi School of EngineeringUniversity of Southern California
Joint work with Stephan G. Erberich, Ann Chervenak, Robert Schuler, Laura Pearlman, Jonathan C. Silverstein
2
Problem
Doctor A needs image records from Hospital B Collaborative clinical trials, provider networks,
offsite archiving/storage Solution
Create a Virtual Organization on a SOA architecture
Issues Minimal disturbance of enterprise environment Co-existence with existing medical imaging
tools and user interfaces Privacy/security requirements
3
The MEDICUS Solution
Medical Imaging and Computing for Unified Information Sharing (MEDICUS)
Exploit existing imaging standards and tools in local enterprise
Gateway into standard Grid services for federation Security/privacy Data discovery Data movement
Globus MEDICUS Proto-Project @ http://dev.globus.org/wiki/Incubator/MEDICUS
4
Digital Imaging and Communicationsin Medicine (DICOM)
Defines image format Standard header (metadata) and image
formats Simple communication protocol for image
access and publication store, find, get, move, …
Used by existing medical imaging systems Picture Archiving and Communications
Systems (PACS)
5
Open Source Grid Software
Data Mgmt
SecurityCommonRuntime
Execution Mgmt
Info Services
GridFTPAuthenticationAuthorization
ReliableFile
Transfer
Data Access& Integration
Grid ResourceAllocation &
ManagementIndex
CommunityAuthorization
DataReplication
CommunitySchedulingFramework
Delegation
ReplicaLocation
Trigger
Java Runtime
C Runtime
Python Runtime
WebMDS
WorkspaceManagement
Grid Telecontrol
Protocol
Globus Toolkit v4www.globus.org
CredentialMgmt
6
Major Components of Medicus
DICOM Grid Interface Service OGSA web service to translate between DICOM and
Grid operations OGSA-DAI
Meta-catalog Data Replication Service (DRS)
Data replication/data discovery Utilized RLS and GridFTP for disovery, replica
management and data movement Grid Security Infrastructure
Security, authorization
7
The Grid is the PACS Meets image exchange needs
Not limited to research use (e.g. BIRN, caBIG) Single architecture for Clinical and Research use Federate image references (Meta Catalog) - IHE XDS model X.509 authentication security model + SAML assertions Hide Grid workflow from user if possible, e.g. DICOM
workflow Meets image storage needs
FT and DR by replicas PACS-Grid-PACS too slow for clinical use Integrate hospital PACS Data integrity by CRC checksums
9
DICOM Globus Interface Service
DGISDICOM Protocols Grid Protocols
(Web services)
• Drive Grid workflows from DICOM protocol operations
• Manage security interface between DICOM/Grid
10
Meta Catalog Service for Medical Images
OGSA-DAI + Data Base (e.g. MySQL, Derby, Oracle, ..)
DICOM meta data Patient level (e.g. encrypted name, id, etc.) Study level (e.g. date, time, protocol, etc.) Series level (e.g. imaging type, modality, etc.) Image level (e.g. position, level, exposure, etc.)
Keys are DICOM UIDs (Study, Series, Image) Health meta data
Flexible Annotation, e.g. ICD-9
11
DGIS: Image DiscoveryDICOM C-FIND Operation
Globus MEDICUS Proto-Project @ http://dev.globus.org/wiki/Incubator/MEDICUS
GlobusDicom Grid Interface Service
(DGIS)
DICOM queryC-FIND
Grid PACS Meta Catalog(DICOM Image Attributes)
Globus OGCE-DAI
1. Meta Catalog Query
Health CareProvider
Grid Node
Radiologist
Display Workstation
12
DGIS: Image DeliveryDICOM C-GET/C-MOVE Operations
Globus MEDICUS Proto-Project @ http://dev.globus.org/wiki/Incubator/MEDICUS
Grid PACS(Image Storage)
Globus GridFTP Server
GlobusDicom Grid Interface Service
(DGIS)
Cache ImageStorage
2. Check
DICOM retrieveC-GET/C-MOVE
3. Retrieve image series
Grid PACS Meta Catalog(DICOM Image Attributes)
Globus OGCE-DAI
1. Get image series storage location
Health Care Provider
Grid Node
Grid Node
RadiologistDisplay
Workstation
13
MEDICUS Fault Tolerance and Disaster Recovery
Fault Tolerance and Disaster Recovery through replicas OGSA compliant Replication Location
Service (RLS) Index encrypted DICOM keys
(study and series UIDs) Index which storage has physical
representation of series record Local replica index (RLS) VO replica index (RLS master)
14
DGIS: Image publicationDICOM C-STORE Operation
Globus MEDICUS Proto-Project @ http://dev.globus.org/wiki/Incubator/MEDICUS
Grid PACS(Image Storage)
Globus GridFTP Server
GlobusDicom Grid Interface Service
(DGIS)
1. Update
DICOM pushC-STORE
2. Image series publication
Grid PACS Meta Catalog(DICOM Image Attributes)
Globus OGCE-DAI
3. Meta Catalog publication
Health CareProvider
Grid Node
Grid Node
TechnologistPACS Administrator
Auto-Scheduler
Modality
Cache ImageStorage
DICOM pushC-STORE
PACS
15
Protected Health Information Underlying principal:
Patient ownership, covered consent MEDICUS v1
Single layer GSI security model X.509 proxy certificate standards based Typical use case: Closed VO like Healthcare provider
network, Military network, research network. MEDICUS v2
Patient Centric Authorization using assertions Patient advocacy – patient controlled access Logging of “on behalf actor” at Grid Service All patient data on the Grid Typical use-case: SOA of third-party storage, image
processing services require no-PHI access to DICOM
16
Jan 16, 2008 VOs & Security 16
VO Security Services
RequestorApplication
VODomain
CredentialValidation
Service
AuthorizationService
Requestor'sDomain
Service Provider'sDomain
Audit/Secure-Logging
Service
AttributeService
TrustService
ServiceProvider
Application
Bridge/Translation
Service
PrivacyService
CredentialValidation
Service
AuthorizationService
Audit/Secure-Logging
Service
AttributeService
TrustService
PrivacyService
CredentialValidation
Service
AuthorizationService
AttributeService
TrustService
CredentialValidation
Service
AuthorizationService
AttributeService
TrustService
WS-StubWS-Stub Secure Conversation
18
Jan 16, 2008 VOs & Security 18
CAS
Shib
LDAP
Handle
GrouperVOMS
PERMIS
XACML
SAML
SAZ
PRIMA
gpBox
Gridmap
LCMAPS
XACML
LCAS
CSMProxy Issuing
Policy Assertions from Everywhere (2)
Active Role
19
Patient Authorized Grid Image Workflow
Patient
Healthcare Provider
Internet2 IdP
Globus OGSA-DAIMeta Catalog Service
PHI safe entries
2.1
2.2
Hippocratic Verification ServicePolicy Decision Point (PDP)
2.3
Globus GridFTPStorage Service Provider
Compressed DICOM Series Records
4.1
4.3
4.4
Physician
Globus RLSReplica Location Service
4.2
GridShib
5.1
1.1
3.1
20
Patient Authorized Grid Image Workflow
Patient
Healthcare Provider
Internet2 IdP
Globus OGSA-DAIMeta Catalog Service
PHI safe entries
2.1
2.2
Hippocratic Verification ServicePolicy Decision Point (PDP)
2.3
Globus GridFTPStorage Service Provider
Compressed DICOM Series Records
4.1
4.3
4.4
Physician
Globus RLSReplica Location Service
4.2
GridShib
5.1
1.1
3.1
21
Globus MEDICUS Use-Cases Multi-center clinical trials
Children’s Oncology Group Phase-I28 international medical centers (since 09/2003)
NANT Cancer Foundation13 national medical centers (since 12/2005)
Off-site Medical Image Storage Enterprise PACS / Grid PACS FT and DR by replication using Globus Data Replication
Service (DRS) Medical Image Federation
Enterprise Hospital VO Military VO Community Practices VO Etc.
23
Summary
MEDICUS vertically integrates existing standards based GT4 components – no research specific layer
Fast and efficient DICOM off-site storage Integrates with hospital PACS + FT and DR Transparent image workflow for Physician Flexible and cost efficient deployment using open-
source (~ $500 per TB) PHI protected at patient level Single HealthGrid solution for Clinical and Research
use of same images
24
Conclusion
MEDICUS present one piece to HealthGrid puzzle Modular SOA design ideal for collaborative
extension, e.g. image processing web services using DICOM image resources on the Grid
Open-source (Apache license), part of theGlobus Toolkit Development release:ou are invited to contribute your field of expertisedev.globus.org/wiki/Incubator/MEDICUS
Roadmap: Standards based PHR, Workstation Grid plug-in, IHE XDS/-I WebServices
Recommended