Team takes on DICOM multiframe security
Data security is perhaps the top issue in the minds of the general public when it comes to the implementation and deployment of electronic medical record (EMR) and electronic health record (EHR) systems. Unauthorized access and disclosure of privileged health information is preeminent in their concerns about the adoption of this technology, as well as the alteration of healthcare data with malicious intent.

A pair of developers from Sao Paulo, Brazil, recently created an encryption algorithm for DICOM images, particularly multiframe images such as those generated by x-ray angiography (XRA) and intravascular ultrasound (IVUS), which provides integrity and authenticity, along with a digital signature, for medical images. Their work appeared online before print in the Journal of Digital Imaging.

“The encryption process itself is a cascading scheme, where a frame is ciphered with data related to the previous frames, generating also additional data on image integrity and authenticity,” the authors wrote. “Decryption is similar to encryption, featuring also the standard security verification of the image.”

The code developers noted that their proposed algorithm provides a higher security level than the standard digital signature approach as defined in DICOM Part 15, due to the creation of a stronger bond between the signature and the pixel data.

“It is harder to tamper with the data because its visualization goes necessarily through security verification,” they wrote. “Furthermore, the slightest change in the signature and/or in the data is detected—depending on the adulteration, one can have an evident and visible proof of tampering, showing noise to the user instead of any meaningful data.”

A potential drawback to the deployment of a strong encryption schema is the performance of the decryption of the algorithm. In the real world of healthcare delivery, speedy access to data is of critical importance for patient care.

The scientists conducted a comparative performance evaluation of their algorithm against four commonly employed encryption methods: the DICOM Part 15 digital signature algorithm; advanced encryption system (AES) in Galois Counter Mode; watermarking using Haar wavelets; and least significant bit (LSB) watermarking. Simulations were conducted on an Intel Pentium 4, 3.0 GHz workstation with 1 GB of RAM using anonymized patient images.

“The proposed algorithm showed competitive speeds, rivaling the DICOM method—albeit a little bit slower—and besting some of the existing methods while offering a stronger security than the fastest algorithms,” they reported.

The authors noted that their cascading approach to encryption carries with it two constraints in performance. To retrieve a frame from a multiframe image data set for viewing, one must first retrieve all frames before the desired frame and they must all be decrypted. The other constraint is that the algorithm is difficult to parallelize. They suggested that these drawbacks could be alleviated by splitting the multiframe image into several blocks and applying their approach for each block.

“This method makes it virtually impossible for damage in the images to go unnoticed, except in the case where the legitimate owner of the data is the malicious party, to which there is no technical solution,” they wrote. “Correct definition and enforcement of policies and procedures of the institution may reduce this risk.”

The authors believe that digital clinical data security is a multi-part process that needs to be conducted throughout various layers of healthcare information systems.

“To achieve satisfactory levels of security, several methods and procedures must be developed and evaluated, and this work is part of this larger effort to provide adequate security to clinical information in all levels,” they wrote.