This piece was originally published in the July 2016 issue of electroindustry.
Jeroen Medema, DICOM Standards Committee Co-chair, Philips; Robert Horn, AGFA; and Lawrence Tarbox, University of Arkansas for Medical Sciences
As a mature standard with roots reaching back to before its debut in early 1990s, Digital Imaging and Communications in Medicine (DICOM) is the international standard for medical imaging.
How, then, does a mature standard stay current in the modern world of health IT, with cloud-based data, hackers accessing medical systems, ransomware in hospitals, and the like?
The short answer is that DICOM prevails as a wholly modern standard in the areas of security and privacy. Actual security and privacy depend entirely on the standard’s implementation in relevant products and in the deployment of these products in the field.
Note that DICOM is not a software package; rather, it provides specifications for information exchange, analogous to the NEMA specifications for electrical power plugs and sockets. Product development teams use the DICOM specification when creating a product.
Starting in 1999, DICOM included options for encrypting and protecting data moving over network connections. This was in response to the implementation of the Health Insurance Portability and Accountability Act (commonly known as HIPAA) and not in response to cybersecurity concerns.
In 2001, DICOM extended the use of cryptographic message syntax (CMS) for encrypting data. It specified how sensitive portions of a DICOM object (known as a PHI, which stands for protected health information) could be encrypted within the DICOM object (the digital equivalent of a DICOM image) for safekeeping.
Thus, the standard provides for the protection of a DICOM object throughout its life, not just during information interchange. This encryption of sensitive portions of a DICOM object is an integral capability. While it is not within the scope of DICOM to encrypt the entire DICOM object, DICOM does facilitate such methods.
Security and Privacy Mechanisms
Most DICOM objects contain images and associated demographic and medical information about patients, which must be kept confidential. Encryption is one way to keep data confidential. DICOM does not specify the encryption in detail (it refers to other standards for that), but several changes made to the standard over the last decade facilitate encryption. These include the transfer of encrypted DICOM objects and reading encrypted DICOM objects on the receiver’s end. For example:
- For sending objects in an email, DICOM defines how to encrypt the files using CMS methods for email.
- For sending objects using traditional DICOM transfer mechanism (known as the DIMSE protocol), DICOM defines how to use an encrypted transport layer security (TLS) connection.
- For sending objects using the new DICOM transfer mechanism (DICOM web services), DICOM defines how to use an encrypted https connection.
DICOM facilitates the use of encryption but does not mandate it; it defines how encryption is to be used in a DICOM context. Whether to employ encryption or not is a policy choice for a hospital and an implementation choice for a vendor. Regardless of a vendor’s choice, hospitals may establish a VPN-encrypted network and use unencrypted DICOM. This is quite common between sites, but, from a cybersecurity point of view, may not be advisable.
The security and privacy capabilities of DICOM are only a small piece of total protection of medical data. Chief information officers (CIOs) of hospitals, healthcare systems, and other healthcare providers are responsible for protecting the medical data of their customers. Ultimately, CIOs have the responsibility of implementing and maintaining the protective mechanisms within their own systems and interfaces.
DICOM stands ready to facilitate this.