The rise of mobile technology in healthcare: the challenge of securing teleradiology

2015 12th International Conference & Expo on Emerging Technologies for a Smarter World (CEWIT) Pub Date : 2015-12-03 DOI:10.1109/CEWIT.2015.7338167

T. Piliouras, Robert J. Suss, Pui Lam Raymond Yu, Siddhant Vikas Kachalia, Rahul Sanjeeva Bangera, Raj Rajesh Kalra, Muzammil Pasha Maniyar

{"title":"The rise of mobile technology in healthcare: the challenge of securing teleradiology","authors":"T. Piliouras, Robert J. Suss, Pui Lam Raymond Yu, Siddhant Vikas Kachalia, Rahul Sanjeeva Bangera, Raj Rajesh Kalra, Muzammil Pasha Maniyar","doi":"10.1109/CEWIT.2015.7338167","DOIUrl":null,"url":null,"abstract":"There are many potential security risks associated with viewing, accessing, and storage of DICOM files on mobile devices. Digital Imaging and Communications in Medicine (DICOM) is the industry standard for the communication and management of medical imaging. DICOM files contain multidimensional image data and associated meta-data (e.g., patient name, date of birth, etc.) designated as electronic protected health information (e-PHI). The HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule, the HIPAA Security Rule, the ARRA (American Recovery and Reinvestment Act), the Health Information Technology for Economic and Clinical Health Act (HITECH), and applicable state law mandate comprehensive administrative, physical, and technical security safeguards to protect e-PHI, which includes (DICOM) medical images. Implementation of HIPAA security safeguards is difficult and often falls short. Mobile device use is proliferating among healthcare providers, along with associated risks to data confidentiality, integrity, and availability (CIA). Mobile devices and laptops are implicated in wide-spread data breaches of millions of patients' data. These risks arise in many ways, including: i) inherent vulnerabilities of popular mobile operating systems (e.g., iOS, Android, Windows Phone); ii) sharing of mobile devices by multiple users; iii) lost or stolen devices; iv) transmission of clinical images over public (unsecured) wireless networks; v) lack of adequate password protection; vi) failure to use recommended safety precautions to protect data on a lost device (e.g., data wiping); and vi) use of personal mobile devices while accessing or sharing e-PHI. Analysis of commonly used methods for DICOM image sharing on mobile devices elucidates areas of vulnerability and points to the need for holistic security approaches to ensure HIPAA compliance within and across clinical settings. Innovative information governance strategies and new security approaches are needed to protect against data breaches, and to aid in the collection and analysis of compliance data. Generally, it is difficult to share DICOM images across different HIPAAcompliant Picture Archive and Communication Systems (PACS) and certified electronic health record (EHR) systems - while it is easy to share images using non-FDA approved, personal devices on unsecured networks. End-users in clinical settings must understand and strictly adhere to recommended mobile security precautions, and should be held to greater standards of personal accountability when they fail to do so.","PeriodicalId":153787,"journal":{"name":"2015 12th International Conference & Expo on Emerging Technologies for a Smarter World (CEWIT)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 12th International Conference & Expo on Emerging Technologies for a Smarter World (CEWIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CEWIT.2015.7338167","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

There are many potential security risks associated with viewing, accessing, and storage of DICOM files on mobile devices. Digital Imaging and Communications in Medicine (DICOM) is the industry standard for the communication and management of medical imaging. DICOM files contain multidimensional image data and associated meta-data (e.g., patient name, date of birth, etc.) designated as electronic protected health information (e-PHI). The HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule, the HIPAA Security Rule, the ARRA (American Recovery and Reinvestment Act), the Health Information Technology for Economic and Clinical Health Act (HITECH), and applicable state law mandate comprehensive administrative, physical, and technical security safeguards to protect e-PHI, which includes (DICOM) medical images. Implementation of HIPAA security safeguards is difficult and often falls short. Mobile device use is proliferating among healthcare providers, along with associated risks to data confidentiality, integrity, and availability (CIA). Mobile devices and laptops are implicated in wide-spread data breaches of millions of patients' data. These risks arise in many ways, including: i) inherent vulnerabilities of popular mobile operating systems (e.g., iOS, Android, Windows Phone); ii) sharing of mobile devices by multiple users; iii) lost or stolen devices; iv) transmission of clinical images over public (unsecured) wireless networks; v) lack of adequate password protection; vi) failure to use recommended safety precautions to protect data on a lost device (e.g., data wiping); and vi) use of personal mobile devices while accessing or sharing e-PHI. Analysis of commonly used methods for DICOM image sharing on mobile devices elucidates areas of vulnerability and points to the need for holistic security approaches to ensure HIPAA compliance within and across clinical settings. Innovative information governance strategies and new security approaches are needed to protect against data breaches, and to aid in the collection and analysis of compliance data. Generally, it is difficult to share DICOM images across different HIPAAcompliant Picture Archive and Communication Systems (PACS) and certified electronic health record (EHR) systems - while it is easy to share images using non-FDA approved, personal devices on unsecured networks. End-users in clinical settings must understand and strictly adhere to recommended mobile security precautions, and should be held to greater standards of personal accountability when they fail to do so.

查看原文本刊更多论文

医疗保健领域移动技术的兴起:确保远程放射学安全的挑战

在移动设备上查看、访问和存储DICOM文件存在许多潜在的安全风险。医学数字成像和通信(DICOM)是医学成像通信和管理的行业标准。DICOM文件包含指定为电子保护健康信息(e-PHI)的多维图像数据和相关元数据(例如，患者姓名、出生日期等)。HIPAA(健康保险流通与责任法案)隐私规则、HIPAA安全规则、ARRA(美国复苏与再投资法)、健康信息技术促进经济和临床健康法(HITECH)以及适用的州法律规定了全面的行政、物理和技术安全保障措施，以保护e-PHI，其中包括(DICOM)医学图像。HIPAA安全保障措施的实施很困难，而且常常达不到要求。在医疗保健提供商中，移动设备的使用正在激增，同时伴随着数据机密性、完整性和可用性(CIA)方面的相关风险。移动设备和笔记本电脑涉及数百万患者数据的大范围数据泄露。这些风险以多种方式出现，包括:i)流行移动操作系统(如iOS、Android、Windows Phone)的固有漏洞;Ii)多个用户共享移动设备;Iii)设备丢失或被盗;Iv)通过公共(不安全的)无线网络传输临床图像;V)缺乏足够的密码保护;Vi)未能使用推荐的安全预防措施来保护丢失设备上的数据(例如，数据擦除);以及vi)在访问或共享e-PHI时使用个人移动设备。对移动设备上常用的DICOM图像共享方法的分析阐明了漏洞区域，并指出需要采用整体安全方法来确保临床环境内和跨临床环境的HIPAA合规性。需要创新的信息治理策略和新的安全方法来防止数据泄露，并帮助收集和分析遵从性数据。通常，在不同的符合hipaa的图片存档和通信系统(PACS)和经过认证的电子健康记录(EHR)系统之间共享DICOM图像很困难，而在不安全的网络上使用未经fda批准的个人设备共享图像很容易。临床环境中的最终用户必须理解并严格遵守所建议的移动安全预防措施，如果他们没有这样做，则应遵守更高的个人责任标准。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 12th International Conference & Expo on Emerging Technologies for a Smarter World (CEWIT)

自引率

0.00%

发文量