Privacy and security in teleradiology

Abstract

Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

Introduction

The concept of security has many dimensions from physical security to information security [1]. Core elements of the information security are confidentiality, integrity, availability, accountability and non-repudiation of information. In this paper we focus on information security in teleradiology. Other security dimensions are not discussed.

Privacy is a fundamental human right and basic privacy protection principles are universal [2], [3], [4]. Information privacy concerns exist wherever personally identifiable information is collected, processed, stored and disclosed. Information processing itself covers the whole lifecycle of personal data from creation to destruction.

In this paper we first discuss on security and privacy protection principles and requirements already developed for electronic health records and EHR-systems. The remainder sections of this paper are focused to security and privacy protection requirements, controls, safeguards and security services needed to make modern teleradiology trusted in such a way that confidentiality, integrity and availability of information as well as accountability, and in many cases also non-repudiation of information are proven when information is created, updated, modified, moved or transferred, stored, deleted, archived and destructed.

Basic information privacy principles are [2], [7], [8], [9]:

• personal data shall be processed fairly and lawfully;

• personal data shall be held only for specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or purposes;

• appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss, errors, abuse and misuse destruction of the data;

• accountability of processing personal data should be proven;

• the consent needed for data processing should be freely given;

• personal data shall not be transferred to any country or territory that does not ensure adequate level of protection;

• personal data shall be adequate, relevant and not excessive in relation to the purpose for which it is processed; and

• personal data processed for any purpose shall not be kept for longer than is necessary for that purpose.

In all countries privacy protection legislation defines the rights and duties of organisations and people with respect to the processing of personal data. Therefore data processing should be legal and meet regulatory and contractual obligations.

The content of patient's health data (e.g. the EHR, radiological referral or report) is sensitive, and in health care domain the data is in most cases also identifiable. Therefore health data should be protected in such a way that both the basic security and privacy protection principles discussed above and more detailed existing health care specific requirements are fulfilled.

The starting point for any eHealth service or application should be the definition of security and privacy protection policies. In practice adequate security and privacy protection is then achieved by implementation of reasonable controls and safeguards which can be defined via risk analysis. In any case it is mandatory that rules, controls and safeguards fulfil national regulatory requirements.

There exist many widely used guidelines and standards for security and privacy protection of personal health information [3], [5], [6]. The basic international standard developed for security management of health information is the ISO 27799 (Security Management in Health Using ISO/IEC 17799). In many countries national health authorities have developed additional good practice guidelines for secure management, use and disclose of health records [3], [6].