DICOM is ready for HIPAA

Article

Imagine the following scenario: The quarterback of your favorite football team injures his knee and is rushed to the hospital for an MRI to inspect the damage. The local physician likes to have a second opinion, however, so she sends the

Imagine the following scenario: The quarterback of your favorite football team injures his knee and is rushed to the hospital for an MRI to inspect the damage. The local physician likes to have a second opinion, however, so she sends the image to a colleague using regular Internet transfer. A hacker paid by a tabloid sports magazine is monitoring all Internet traffic out of the hospital and intercepts the image. The magazine publishes the photo on the front cover, under the heading "Forget about the Super Bowl."

In another scenario, someone intercepts an electronic diagnostic report, captures it, changes a single word ("malignant" to "benign"), and sends it on, pretending to be the original sender.

Such situations may seem farfetched, but security breaches have already been reported involving quite dramatic consequences. The pending HIPAA security regulations are designed to ensure that institutions implement procedures, guidelines, and measures that will prevent such catastrophes from happening in the medical environment.

While these guidelines will have obvious ramifications for health data transfers of all kinds, it is important to note that the communication component of any information exchange is an essential, but not exclusive, part of the security chain.

Even if an institution implements all the necessary measures to make sure the communication is secure, in many instances someone could access a workstation without authorization. It is well known in computer security circles that passwords can often be found on or around workstations. In addition, in the first scenario above, the MRI could be viewed by any layman who happens to look over the shoulder of a physician at the workstation in a public area.

Of course, a number of other measures can be implemented to make each data exchange secure. One of the most common is encryption, which is already commercially available. Every time you buy a book from Amazon.com or any other item over the Web and you provide your credit card number, this transaction is encrypted using a secure socket layer (SSL) protocol. The same can be done for the exchange of images or diagnostic reports.

In addition, the DICOM committee is working on a digital signature proposal whereby certain or all aspects of an image or diagnostic report can be authenticated. DICOM deals only with the communication of data and is therefore not sufficient to achieve full compliance with the upcoming HIPAA guidelines. Thus, digital signatures are expected to become very important in radiology, especially for electronic reports.

Several of these concepts will be demonstrated at upcoming trade shows, notably the RSNA meeting in Chicago and the ECR in Vienna. A number of vendors have sponsored the implementation of these principles, and the resulting software will be available in the public domain.

Comments/questions: Herman Oosterwijk at herman@otechimg.com


© 2000 Miller Freeman Inc.
11/29/00, Issue # 117, page 8.

Recent Videos
What New Research Reveals About Computed Tomography and Radiation-Induced Cancer Risk
What New Interventional Radiology Research Reveals About Treatment for Breast Cancer Liver Metastases
New Mammography Studies Assess Image-Based AI Risk Models and Breast Arterial Calcification Detection
Can Deep Learning Provide a CT-Less Alternative for Attenuation Compensation with SPECT MPI?
Employing AI in Detecting Subdural Hematomas on Head CTs: An Interview with Jeremy Heit, MD, PhD
Pertinent Insights into the Imaging of Patients with Marfan Syndrome
What New Brain MRI Research Reveals About Cannabis Use and Working Memory Tasks
Current and Emerging Legislative Priorities for Radiology in 2025
How Will the New FDA Guidance Affect AI Software in Radiology?: An Interview with Nina Kottler, MD, Part 2
A Closer Look at the New Appropriate Use Criteria for Brain PET: An Interview with Phillip Kuo, MD, Part 2
Related Content
© 2025 MJH Life Sciences

All rights reserved.