Image watermarking could address HIPAA loophole

October 25, 2005

Current digital image security and privacy protection schemes necessitated by the Health Insurance Portability and Accountability Act focus exclusively on secure storage, access control, and secure transmission of data to authorized recipients. But no mechanism prevents authorized recipients from then releasing those images to unauthorized parties.

Current digital image security and privacy protection schemes necessitated by the Health Insurance Portability and Accountability Act focus exclusively on secure storage, access control, and secure transmission of data to authorized recipients. But no mechanism prevents authorized recipients from then releasing those images to unauthorized parties.

A July paper is the first attempt to address this issue (Comput Med Imaging Graph 2005;29(5):367-383).

"The problem of protecting privacy after data delivery has been overlooked," said Radha Poovendran, Ph.D., an assistant professor of electrical engineering at the University of Washington.

The paper proposes a multicast "fingerprinting" solution based on image adaptive wavelet watermarking. A broadcast image would need to be decoded by watermark keyholders before the image could be used for diagnostic purposes.

Watermarking is a technique of embedding identification codes into host media. Assuming a unique watermark per user, watermarking can be used as fingerprinting.

During the process of decoding, two fingerprints that correspond to the original sender and the recipient who performs the decoding are imprinted onto the image.

"Our scheme is scalable in user storage and watermark key update communication, as it requires only one watermark key to be stored by each user. No watermark key update is required for member-join or member-revocation," Poovendran said.

To facilitate the use of the scheme in practice, the researchers considered system implementation issues and completed an analytical performance evaluation.

Simulation results conducted on 31 images from five modalities confirmed that the fingerprinted images were of higher quality when compared with 10:1 JPEG compressed images, in terms of three image quality indices: peak signal-to-noise ratio, quality index, and mean squared Moran error. They withstood various image processing steps, including low-pass filter, high-pass filter, JPEG compression, cropping, and averaging attack, Poovendran said.

"Our solution satisfies both image quality and efficiency requirements for medical processing, while enabling tracing of the source of image leakage," he said.

Poovendran said research in this area has two advantages:

  • It enhances patients' privacy by serving as a deterrent against illegal distribution of their data.

  • For legal and law enforcement purposes, it allows healthcare institutions to identify the recipient who illegally distributed the data.

The researchers note that storage requirements of the central server and fast tracing are open problems.

"With periodic updates of watermarks, the number of watermarks stored in the system increases linearly as time progresses, making tracing a harder task due to the number of comparisons that need to be performed to identify a violator," Poovendran said.