• Home

  • Documents

  • Securing_Medical_Imaging_in_the_Cloud_Whitepaper
11
Securing Medical Imaging in the Cloud Cloud Medical Image Exchange A Whitepaper by DICOM Grid

Securing_Medical_Imaging_in_the_Cloud_Whitepaper

Embed Size (px)

Citation preview

Page 1: Securing_Medical_Imaging_in_the_Cloud_Whitepaper

Securing Medical Imaging in the Cloud

Cloud MedicalImage Exchange

A Whitepaper by DICOM Grid

Page 2: Securing_Medical_Imaging_in_the_Cloud_Whitepaper

page 2 Securing Medical Imaging in the Cloud

ContentsOverviewInfrastructure to SupportSecuring Images in Transfer Security and Usability Securing Users Creating Interconnectivity Applying CustomizationsMonitoring ActivitySummary

3457789

1011

Page 3: Securing_Medical_Imaging_in_the_Cloud_Whitepaper

page 3 Securing Medical Imaging in the Cloud

OverviewAsk any clinician or patient who relies on access to diagnostic imag-ing, and they will tell you that it is a key component of the health re-cord. Regardless of your organization’s size or specialty, the reliable, quick, and universal access to clinically rich imaging data is essential across the entire care continuum. Therein lies the rub. The traditional way of managing information in departmentalized PACS is falling short. The closed loop design of these systems combined with data exchange on CDs and VPNs leaves much to be desired.

When properly deployed, new technology for storing and sharing data helps to overcome the challenges associated with traditional PACS architecture and point-to-point distribution methods. Cloud-based solutions for medical image management are specifically designed to make the process of storing and sharing data easier, more productive, and more accessible for administrators and phy-sicians alike. While improving clinical and operational efficiencies is of upmost importance, in the medical world, security is where the rubber meets the road.

At DICOM Grid, our mission is to help organizations move away from a “siloed” approach to image management. By cre-ating a secure environment for open collaboration, we’re rede-fining the way medical imaging information is accessed, shared, and stored. The keyword there is secure. With over 1.2 billion images under management, our customers - including many top healthcare enterprises - rely on us to store and share patient health information 24/7.

Here at DICOM Grid, we are committed to protecting personal health information. To deliver on this commitment, we have developed patented technologies and a series of policies to ensure

HIPAA Compliance and Medical Image Sharing

DICOM Grid fully complies with HIPAA.

The Health Insurance Portabil-ity Accountability Act (HIPAA) governs how personal health information may be used and shared. Among other things, HIPAA requires that individu-als remain in control of their health information at all times, This means DICOM Grid cannot (and does not) send information from an account without authorization. Period.

Authorization is requested via a check box on our site. All authorizations are tracked and documented with audit trails.

Page 4: Securing_Medical_Imaging_in_the_Cloud_Whitepaper

page 4 Securing Medical Imaging in the Cloud

data is safe. Un-like most imaging technology provid-ers, which merely meet the controls necessary for managing data in accordance with applicable laws, we go above and beyond to provide a level of security you can’t find any-where else.

It all starts with putting medical imaging data in the center and then surrounding it with the most robust solutions for physical security, end-to-end encryption, user management, and auditing.

Infrastructure to Support: Starting from the ground upCore to our strategy is a strong physical infrastructure. DICOM Grid hosts it’s data at a facility located in Phoenix, Arizona and it is reg-ularly audited in accordance with SSAE 16 Type II standards. The center is maintained by a world-leading third party provider, offering the most sophisticated access controls and back up in the industry. A defensive perimeter, digital video surveillance, biometric screening and round the clock monitoring, are all components of the facility’s multi layer security protocol. Only authorized personnel who are given physical keys have access to the cages.

Beyond physical security, the infrastructure is designed for true disas-ter avoidance, building in advanced measures for redundancy. The datacenter is network-neutral with more than a dozen telecommuni-cations carriers providing redundant bandwidth capabilities. As an extra measure, DICOM Grid also provides customers with the option to create secondary backup via cloud-based storage services.

DICOM Grid and Safe Harbor

DICOM Grid adheres to the US Safe Har-bor privacy principles. These principles are designed to prevent accidental information disclosure or loss and enable US-based com-panies to comply with the European Union Directive 95/46/EC on the protection of personal data. For more information about the Safe Harbor framework or our registra-tion, see the Department of Commerce’s web site.

Page 5: Securing_Medical_Imaging_in_the_Cloud_Whitepaper

page 5 Securing Medical Imaging in the Cloud

Securing Images in Transfer With customers in every healthcare vertical, including hospitals, private practices, and clinical trials, we are responsible for digital imaging solutions that affect the lives of millions of patients. As a rule of thumb, we leave nothing to chance. Two levels of protection en-sure that data is safe during transfers between acquiring facilities and receiving facilities.

1. DICOM Grid transfers all data over secure SSL socket level en-cryption (TLS v1 256 bit). TLS v1 is currently the industry standard for high-quality encryption and it is HIPAA compliant.

2. Split-merge technology is DICOM Grid’s approach to securing medical data in the cloud and is a hallmark of our solution. This technology allows DICOM Grid to co-locate images from various locations in one data store without compromising access, security, or HIPAA compliance. Essentially, our split-merge technology ensures that the personal health data is split from the diagnostic image, such as MR, CT or X-Ray, and is stored in the datacenter separately - com-bining only in memory, never in storage.

Do you need to know all the technical details of our split-merge technology? Be sure to download our datasheet here.

http://www.dicomgrid.com/securing-imaging-data-with-split-merge-technology
Page 6: Securing_Medical_Imaging_in_the_Cloud_Whitepaper

page 6 Securing Medical Imaging in the Cloud

Split Merge TechnologyThe image below illustrates how DICOM Grid’s split-merge technology keeps PHI and images seperate and secure.

Page 7: Securing_Medical_Imaging_in_the_Cloud_Whitepaper

page 7 Securing Medical Imaging in the Cloud

Security and Usability: Striking a balanceAs the focus in healthcare shifts from fee-for-service, to value-based and collaborative care, the security model needs to change as well. There’s always been a tug of war between security and usability, with the ultimate goal being to strike a balance between risk mitigation and utility. Why is this important? If information is too hard to share, users may seek out HIPAA–risky ways to do it on their own, which opens organizations up to potentially costly data loss and legal risks. We’ve approached the challenge by building out the most robust cloud-based solution for image management with a core focus on collaboration. Our platform can be configured to support many different workflows, preferences, and permissions, while offering the visibility you need to oversee it all.

Here we outline how DICOM Grid addresses security when manag-ing users, connecting systems, and applying customizations.

Securing Users: Role-based permissionsIn order to simplify image sharing and collaboration in the cloud, DICOM Grid’s platform offers a powerful way for administrators to centrally manage user privileges. Using a “role-based” permission system, roles define what activities a user is allowed to execute. There is no limit to the number of roles and combinations of permis-sion sets that can be created within DICOM Grid. This approach to managing users makes it easy to apply granular control over “who gets to see what, and when”.

Page 8: Securing_Medical_Imaging_in_the_Cloud_Whitepaper

page 8 Securing Medical Imaging in the Cloud

Locations and groups are also used within DICOM Grid’s platform to define segments of an organization and to apply levels of access. For example, locations might be comprised of main hospitals, affiliate hospitals, or private practices. Groups on the other hand help cate-gorize smaller segments such as departments, resident physicians, or technicians. An administrator can customize the platform by limiting the functionality available to certain users. Roles can be set for users at the group or location level that differ from their organizational role, increasing or decreasing a user’s “power”. In addition, studies shared with locations or groups can go through certain approval processes. For instance, when a study is shared with a location it can require approval by a user with the appropriate role before entering a worklist.

Creating Interconnectivity: Connecting groups, locations, and DICOM devicesAnother critical capability of creating a secure ecosystem for medi-cal image sharing is efficiently connecting all the users and systems under one roof. DICOM Grid securely links an entity’s physical local area network to the cloud using a gateway. A gateway is a Windows-based software application that is installed on a server, workstation, or virtual machine. It communicates with DICOM devices (PACS, modalities, workstations, etc.) to send and receive medical images across the network. Gateways compress/decompress and en-crypt/decrypt medical images transferred to and from the cloud. To tie everything together, routing rules can be established to automate workflows and the transferring of studies across a network. Studies can be shared with specified organizations, locations, groups, or

Approve

View

Reject

Edit

ActivitiesProcess incoming studies

Page 9: Securing_Medical_Imaging_in_the_Cloud_Whitepaper

page 9 Securing Medical Imaging in the Cloud

users; or sent to a predetermined PACS, modality or viewing station based on user-defined parameters.

Applying Customizations: Last-mile security featuresAt DICOM Grid, we understand that the devil is in the details. That’s why we offer a variety of custom settings to help fine-tune security workflows. We refer to these customizations as last-mile features and can include the following:

• Session Expiration - A time frame when users will be logged out after a period of account inactivity.

• Password Expiration - A time frame when a user’s password will expire. Users will be prompted to create a new password after password expiration.

• Single Sign-On - The ability to enable SAML for seamless “one- click” single sign-on (leveraging Ping One to drive identity manage- ment).

• Anonymize Personal Health Information - Replace sensitive personal identifiers such as patient name or ID with anonymized data.

• Add Custom Fields - Capture additional data at the study upload event for supplemental patient record information.

PACS

Page 10: Securing_Medical_Imaging_in_the_Cloud_Whitepaper

page 10 Securing Medical Imaging in the Cloud

Monitoring ActivityThe final piece of the equation is having insight and the ability to con-tinuously monitor account activity. With DICOM Grid, administrators can manage users and control settings all while gaining a 360-de-gree view and log info from within a convenient dashboard. DICOM Grid offers administrators the analytics and auditing to gain visibility into which data has been access and shared inside the four walls of their institution and beyond.

Dr. Gene Harbour

Dr. Gene Harbour

Dr. Gene Harbour

Melissa Gomes

Dr. Kris Smith

Dr. Kris Smith

Page 11: Securing_Medical_Imaging_in_the_Cloud_Whitepaper

page 11 Securing Medical Imaging in the Cloud

Request A DemoContact our knowledgeable sales team to set up a demo of DICOM Grid and see for yourself how we can help.

Request Demo

SummaryIn this whitepaper, we laid out the path to securing medical imaging in the cloud. In the world of healthcare, this specifically means relying on physical infrastructure and encryption mechanisms that lives up to the law as well as best practices. As we enter a new era of collabo-rative care and interconnectivity it’s important to note that controlling access is just as important as how it is shared and stored. DICOM Grid combines top tier storage infrastructure, patented technology, and a flexible platform to provide organizations with an unmatched level of security and control over imaging data.

We’d like to speak with you about your security requirements and discuss how our solution and architecture can help you leverage the power of the cloud.

http://www.dicomgrid.com/request-a-demo

Daniel Zanella and Alexander Weygers

Daniel Zanella and Alexander Weygers

Documents
Basic Buffer Overflows Explained

Basic Buffer Overflows Explained

Documents
Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Documents
Cakes Recipes

Cakes Recipes

Documents
Do you admire Leonardo da Vinci?

Do you admire Leonardo da Vinci?

Documents
xCDC14a

xCDC14a

Documents
Keyboard Shortcuts for the Opera Browser for Mac OS X

Keyboard Shortcuts for the Opera Browser for Mac OS X

Documents
Algorithms

Algorithms

Documents
Personality Development

Personality Development

Documents
Oedipus The King: The Ideal Tragic Play

Oedipus The King: The Ideal Tragic Play

Documents
One Flew Over the Cuckoo's Nest

One Flew Over the Cuckoo's Nest

Documents
(Tesla) - The Tesla Magnetic Car Engine

(Tesla) - The Tesla Magnetic Car Engine

Documents
The Last Carnival I Ever Saw

The Last Carnival I Ever Saw

Documents
European Colinization of Latin America

European Colinization of Latin America

Documents
How Computer Keyboards Work

How Computer Keyboards Work

Documents
Steve Jobs' Commencement Speech at Stanford

Steve Jobs' Commencement Speech at Stanford

Documents
Chapter 24

Chapter 24

Documents
Who Killed God

Who Killed God

Documents
Simple Functions in Haskell

Simple Functions in Haskell

Documents
Star Wars Prequel Trilogy Trivia (Episodes I-III)

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Documents
I Am a Holocaust Denier and I Am Unafraid

I Am a Holocaust Denier and I Am Unafraid

Documents
How Computer Monitors Work

How Computer Monitors Work

Documents
Acetone Peroxide

Acetone Peroxide

Documents
Improve the Color Quality Of Your Monitor

Improve the Color Quality Of Your Monitor

Documents
Star Wars Original Trilogy Trivia (Episodes IV-VI)

Star Wars Original Trilogy Trivia (Episodes IV-VI)

Documents
Disclaimer

Disclaimer

Documents
Bhagavad Gita

Bhagavad Gita

Documents
Chapter 23

Chapter 23

Documents
Compressing And Decompressing Folders

Compressing And Decompressing Folders

Documents
United States Constitution

United States Constitution

Documents