A Secure Architecture for Standard Medical Imaging Repositories
share
The production of medical images in digital format has been growing in the most varied healthcare providers, currently representing an essential element for supporting medical diagnosis and treatment. In this field, formats, transmission, and visualization processes are defined by the international Digital Imaging and Communications in Medicine (DICOM) standard. Traditional departmental repositories have poor access control policies and authenticated users have access to all repository resources when using standard DICOM network services. Usually, this issue is minimized in small environments because the repository is consumed by a unique frontend application that imposes additional controls. However, a vendor-neutral repository is supposed to be accessible to distinct parties through standard services. Moreover, many healthcare institutions are outsourcing their repositories to the Cloud to be shared by distinct functional domains. This article proposes and describes the implementation of an innovator ownership concept and access control mechanisms in standard medical imaging resources, particularly in the context of centralized storage services supporting multiple repositories instances. The developed accounting mechanism is capable of associate the repository resources permissions, and delegation of rights, to third entities. The solution also provides a programmatic interface, made available through web services, for management of proposed services. The concept validation was done through the integration of proposed architecture in an open-source archive.
READ FULL TEXT