Skip to main content
Hauptrubriken
CME Facharzt-Training Webinare Zeitschriften Bücher e.Medpedia Podcast
Service
Jobbörse Info & Hilfe
Fachgebiete
Anästhesiologie Allgemeinmedizin Arbeitsmedizin Augenheilkunde Chirurgie Dermatologie Gynäkologie und Geburtshilfe HNO Innere Medizin Kardiologie Neurologie Onkologie und Hämatologie Orthopädie und Unfallchirurgie Pädiatrie Pathologie Psychiatrie Radiologie Rechtsmedizin Urologie Zahnmedizin
Themen
Klimawandel und Gesundheit Neues aus dem Markt COVID-19 Praxis und Beruf Seltene Erkrankungen GOÄ & EBM Panorama
Sammlungen
Kasuistiken Algorithmen & Infografiken Blickdiagnosen Arthropedia FlapFinder (für Dermatochirurgen) Videos Kongressberichterstattung Medizin für Apothekerinnen und Apotheker Für Ärztinnen und Ärzte in Weiterbildung Für Medizinstudierende
Erweiterte Suche
Anmelden
nach oben
Journal of Imaging Informatics in Medicine
Erschienen in: Journal of Digital Imaging 4/2015

01.08.2015

Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard

verfasst von: Josefina Gutiérrez-Martínez, Marco Antonio Núñez-Gaona, Heriberto Aguirre-Meneses

Erschienen in: Journal of Imaging Informatics in Medicine | Ausgabe 4/2015

Einloggen, um Zugang zu erhalten

Abstract

Data security is a critical issue in an organization; a proper information security management (ISM) is an ongoing process that seeks to build and maintain programs, policies, and controls for protecting information. A hospital is one of the most complex organizations, where patient information has not only legal and economic implications but, more importantly, an impact on the patient’s health. Imaging studies include medical images, patient identification data, and proprietary information of the study; these data are contained in the storage device of a PACS. This system must preserve the confidentiality, integrity, and availability of patient information. There are techniques such as firewalls, encryption, and data encapsulation that contribute to the protection of information. In addition, the Digital Imaging and Communications in Medicine (DICOM) standard and the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regulations are also used to protect the patient clinical data. However, these techniques are not systematically applied to the picture and archiving and communication system (PACS) in most cases and are not sufficient to ensure the integrity of the images and associated data during transmission. The ISO/IEC 27001:2013 standard has been developed to improve the ISM. Currently, health institutions lack effective ISM processes that enable reliable interorganizational activities. In this paper, we present a business model that accomplishes the controls of ISO/IEC 27002:2013 standard and criteria of security and privacy from DICOM and HIPAA to improve the ISM of a large-scale PACS. The methodology associated with the model can monitor the flow of data in a PACS, facilitating the detection of unauthorized access to images and other abnormal activities.
Literatur
1.
Huang, HK: PACS and Imaging Informatics. Basic Principles and Applications, New Jersey: Wiley Blackwell 2nd Edition, 2010
2.
Pianykh, O: Digital Imaging and Communications in Medicine (DICOM) Cap 11. DICOM Media and Security, Springer 2nd Edition, 2012
3.
Fernando J, Dawson L: The health information system security threat lifecycle: An informatics theory. Int J Med Inform 78:815–826, 2009PubMedCrossRef
4.
Lim, E: Data Security and Protection for Medical Images In: Biomedical Information Technology by Dagan Feng, Elsevier, 2008
5.
Mouraditis H, Giorgini H, Manson G: Integrating Security and 85 Systems Engineering: Towards the modeling of secure information systems. Lect Notes Comput Sci. Adv Inform Syst Eng 2681:63–78, 2003CrossRef
6.
Alotaibi Y, Fei L: A novel framework to model a secure information systems. Int Conference Inf Comput Appl 24:84–89, 2012
7.
Jadidoleslamy H: Weakness, vulnerabilities and elusion strategies against intrusion detection systems. Int J Comput Science & Engineering Survey 3(4):15–25, 2012CrossRef
8.
Farhadi A, Ahmadi M: The Information Security Needs in Radiological Information Systems—an Insight on State Hospitals of Iran, 2012 J Digit Imaging 26:1040–1044, 2013
9.
Cao F, Huang HK, Zhou XQ: Medical image security in a HIPAA mandated PACS environment. Comput Med Imag Grap 27(2–3):185–96, 2003CrossRef
10.
Mansoori B, Rosipko B, Erhard K, Sunshine J: Design and Implementation of Disaster Recovery and Business Continuity Solution for Radiology PACS. J Digit Imaging 27:19–25, 2014PubMedCentralPubMedCrossRef
11.
Liang Q, Ma J, Ma Z, Li G: A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems. J Med Syst 37:9897, 2013CrossRef
12.
Krens, R, Spruit, M, Urbanus, N: Evaluating Information Security Effectiveness with Health Professionals, Springer, 2013
13.
14.
Zhou Z, Liu B: HIPAA compliant auditing system for medical images. Comput Med Imag Grap 29:235–241, 2005CrossRef
15.
Lien CY, Yang TL, Hsiao CH, Kao T: Realizing Digital Signatures for Medical Imaging and Reporting in a PACS Environment. J Med Syst 37:9924, 2013PubMedCrossRef
16.
Oh G, Lee YB, Yeom S: Security Mechanism for Medical Image Information on PACS Using Invisible Watermark. Lect Notes Comput Sci 3402:315–324, 2005CrossRef
17.
ISO/IEC 27002:2013 Control objectives and controls IN: International Standard ISO/IEC27001:2013 Information technology - Security techniques - Information security management systems – Requirements. Second Edition 2013-10-01.
18.
Allweyer T. BPMN 2.0 Introduction to the Standard for Business Process Modeling. Urheberrechtlich geschütztes Material 2nd Edition 2010.
19.
20.
Gutiérrez J, Núñez MA, Aguirre H, Delgado R: A software and hardware Architecture for a High-Availability PACS. J Digit Imaging 25(4):471–9, 2012CrossRef
21.
22.
23.
24.
25.
26.
Image Sharing & Archiving. Available at http://​usa.​healthcare.​siemens.​com/​ siemens_hwem-hwem_ssxa_websites-context-root/wcm/idc/groups/public/@us/@ healthit/documents/download/mdaw/mzi2/~edisp/final-isa_flyer-032012-00284737.pdf Accessed 20 October 2014.
Metadaten
Titel
Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard
verfasst von
Josefina Gutiérrez-Martínez
Marco Antonio Núñez-Gaona
Heriberto Aguirre-Meneses
Publikationsdatum
01.08.2015
Verlag
Springer US
Erschienen in
Journal of Imaging Informatics in Medicine / Ausgabe 4/2015
Print ISSN: 2948-2925
Elektronische ISSN: 2948-2933
DOI
https://doi.org/10.1007/s10278-014-9746-4

Weitere Artikel der Ausgabe 4/2015

Journal of Digital Imaging 4/2015 Zur Ausgabe

OriginalPaper

Computer-Aided Methodology for Syndromic Strabismus Diagnosis

ReviewPaper

One Night in the ED

OriginalPaper

Detection and Correction of Laterality Errors in Radiology Reports

OriginalPaper

A Query Tool for Investigator Access to the Data and Images of the National Lung Screening Trial

OriginalPaper

Strategies for Medical Data Extraction and Presentation Part 3: Automated Context- and User-Specific Data Extraction

OriginalPaper

Improving Radiologist-IT Staff Communications and Collaboration Through a Shadowing Project

Neu im Fachgebiet Radiologie

23.04.2024 | Pankreaskarzinom | Nachrichten

S3-Leitlinie zu Pankreaskrebs aktualisiert

18.04.2024 | Pädiatrische Notfallmedizin | Nachrichten

Fünf Dinge, die im Kindernotfall besser zu unterlassen sind

13.04.2024 | Klinik aktuell | Kongressbericht | Nachrichten

„Nur wer sich gut aufgehoben fühlt, kann auch für Patientensicherheit sorgen“

08.04.2024 | Andrologie | Nachrichten

Wie toxische Männlichkeit der Gesundheit von Männern schadet
weitere anzeigen

Update Radiologie

Bestellen Sie unseren Fach-Newsletter und bleiben Sie gut informiert.

Newsletter bestellen