01.12.2012
Whitepapers on Imaging Infrastructure for Research Part Three: Security and Privacy
Erschienen in: Journal of Imaging Informatics in Medicine | Ausgabe 6/2012
Einloggen, um Zugang zu erhaltenExcerpt
This is the third part of three describing an extension of the process for developing a clinical research project including the use of in vivo imaging data. The high-level process diagram for development of a research project including images is shown in Fig. 1. In part two of this series, data management requirements and practices for including images were described. This part describes the security and privacy requirements for supporting images used in research.
Centralized security infrastructure
|
Distributed security infrastructure
|
|
---|---|---|
Centralized data repository
|
Hospital
|
Central (public) repository
|
Distributed data repository
|
Research institution with multiple research groups
|
Grid (caGrid), web services, internet, and research consortium
|
Requirements
|
Central repository and distributed security
|
Distributed repository and central security
|
Distributed repository and distributed security
|
|
---|---|---|---|---|
Data transformation
|
De-identification
|
Need consistent de-identification approach
|
Need consistent de-identification approach
|
|
Research identifier
|
Need global identifier
|
Need global identifier
|
||
Privacy preserving transformation
|
Consistent transformation
|
Consistent transformation
|
||
Encryption
|
Encryption by each repository using same mechanism
|
Encryption by each repository using same mechanism
|
||
Signature
|
Signature for each repository
|
Signature for each repository
|
||
Honest Broker
|
Consistency between brokers critical
|
Consistency between brokers critical
|
||
Infrastructure
|
Policy management
|
Consistent policies in different systems and coordinate different systems
|
Consistent policies in different systems and coordinate different systems
|
|
User identity management
|
Each organization manages own users
|
Each organization manages own users
|
||
User role and attribute management
|
Cross-institutional roles important
|
Cross-institutional roles important
|
||
Authentication
|
Authentication against local identity provider. Security token needs to be acceptable by all
|
Authentication against local identity provider. Security token needs to be acceptable by all
|
||
Audit log management
|
Log may need to be managed by and potentially replicated at multiple sites. Log mining would require accessing multiple log repositories
|
Log may need to be managed by and potentially replicated at multiple sites. Log mining would require accessing multiple log repositories
|
||
Trust management
|
Critical to have well established trust fabric between security components
|
Critical to have well established trust fabric between security components
|
||
Data access and movement
|
Authorization
|
May need to combine multiple authorization policies
|
Each repository needs to enforce authorization
|
May need to combine multiple authorization policies. Each repository needs to enforce authorization
|
Delegation
|
||||
Audit logging
|
May need to log to multiple log management services
|
May need to log to multiple log management services
|
||
Non-repudiation
|
||||
Transmission protection
|
Requirements
|
Applicability to physical media transmission
|
|
---|---|---|
Data transformation
|
De-identification
|
Must be performed by administrator prior to placement on physical media
|
Research identifier
|
Must be performed by administrator prior to placement on physical media
|
|
Privacy preserving transformation
|
Must be performed by administrator prior to placement on physical media
|
|
Encryption
|
Must be performed by administrator prior to placement on physical media
|
|
Signature
|
Must be performed by administrator prior to placement on physical media
|
|
Honest broker
|
Administrator acting as honest broker
|
|
Infrastructure
|
Policy management
|
Administrator needs to be able to read and enforce policies
|
User identity management
|
Administrator may manage the user identity on behalf of the requester.
|
|
User role and attribute management
|
Administrator must track requester’s role and attributes
|
|
Authentication
|
Administrator must authenticate the requester through human readable communication channels
|
|
Audit log management
|
Administrator must keep audit log
|
|
Trust management
|
Trust is established between administrator and requester non- electronically
|
|
Data access and movement
|
Authorization
|
Administrator must perform the authorization for data access
|
Delegation
|
A request delegate access request to the administrator, who then must apply the appropriate level of access
|
|
Audit logging
|
Administrator performs the audit logging
|
|
Non-repudiation
|
Administrator must keep record of data request, access, physical media packaging, and shipment
|
|
Transmission protection
|
Administrator encrypts and signs the data prior to data shipment
|
Requirements
|
Available technology or standards
|
|
---|---|---|
Data transformation
|
De-identification
|
CTP DICOM anonymization
|
Research identifier
|
IHE PIX
|
|
Privacy preserving transformation
|
application specific
|
|
Encryption
|
X509 certificate, XML encryption, and PGP
|
|
Signature
|
X509 certificate, XML signature, MD5/SHA1 sum
|
|
Honest broker
|
||
Infrastructure
|
Policy management
|
XACML
|
User identity management
|
LDAP, active directory, OpenID, caGrid Dorian
|
|
User role and attribute management
|
LDAP, active directory, caGrid GridGrouper
|
|
Authentication
|
SAML, WS-Trust, DICOM, caGid Dorian
|
|
Audit log management
|
IHE ATNA schema
|
|
Trust management
|
caGrid grid trust service
|
|
Data access and movement
|
Authorization
|
SAML, OAuth
|
Delegation
|
caGrid certificate delegation service
|
|
Audit logging
|
IHE ATNA profile
|
|
Non-repudiation
|
||
Transmission protection
|
WS-Security, HTTPS
|