2. page 2 Securing Medical Imaging in the Cloud
Contents
Overview
Infrastructure to Support
Securing Images in Transfer
Security and Usability
Securing Users
Creating Interconnectivity
Applying Customizations
Monitoring Activity
Summary
3
4
5
7
7
8
9
10
11
3. page 3 Securing Medical Imaging in the Cloud
Overview
Ask any clinician or patient who relies on access to diagnostic imag-
ing, and they will tell you that it is a key component of the health re-
cord. Regardless of your organization’s size or specialty, the reliable,
quick, and universal access to clinically rich imaging data is essential
across the entire care continuum. Therein lies the rub. The traditional
way of managing information in departmentalized PACS is falling
short. The closed loop design of these systems combined with data
exchange on CDs and VPNs leaves much to be desired.
When properly deployed, new technology for storing and sharing
data helps to overcome the challenges associated with traditional
PACS architecture and point-to-point distribution methods. Cloud-
based solutions for medical image management are specifically
designed to make the process of storing and sharing data easier,
more productive, and more accessible for administrators and phy-
sicians alike. While improving clinical and operational efficiencies
is of upmost importance, in the
medical world, security is where
the rubber meets the road.
At DICOM Grid, our mission
is to help organizations move
away from a “siloed” approach
to image management. By cre-
ating a secure environment for
open collaboration, we’re rede-
fining the way medical imaging
information is accessed, shared,
and stored. The keyword there
is secure. With over 1.2 billion
images under management, our
customers - including many top
healthcare enterprises - rely on us
to store and share patient health
information 24/7.
Here at DICOM Grid, we are
committed to protecting personal
health information. To deliver
on this commitment, we have
developed patented technologies
and a series of policies to ensure
HIPAA Compliance and
Medical Image Sharing
DICOM Grid fully complies
with HIPAA.
The Health Insurance Portabil-
ity Accountability Act (HIPAA)
governs how personal health
information may be used and
shared. Among other things,
HIPAA requires that individu-
als remain in control of their
health information at all times,
This means DICOM Grid
cannot (and does not) send
information from an account
without authorization. Period.
Authorization is requested
via a check box on our site.
All authorizations are tracked
and documented with audit
trails.
4. page 4 Securing Medical Imaging in the Cloud
data is safe. Un-
like most imaging
technology provid-
ers, which merely
meet the controls
necessary for
managing data in
accordance with
applicable laws,
we go above and
beyond to provide
a level of security
you can’t find any-
where else.
It all starts with putting medical imaging data in the center and then
surrounding it with the most robust solutions for physical security, end-
to-end encryption, user management, and auditing.
Infrastructure to Support:
Starting from the ground up
Core to our strategy is a strong physical infrastructure. DICOM Grid
hosts it’s data at a facility located in Phoenix, Arizona and it is reg-
ularly audited in accordance with SSAE 16 Type II standards. The
center is maintained by a world-leading third party provider, offering
the most sophisticated access controls and back up in the industry. A
defensive perimeter, digital video surveillance, biometric screening
and round the clock monitoring, are all components of the facility’s
multi layer security protocol. Only authorized personnel who are
given physical keys have access to the cages.
Beyond physical security, the infrastructure is designed for true disas-
ter avoidance, building in advanced measures for redundancy. The
datacenter is network-neutral with more than a dozen telecommuni-
cations carriers providing redundant bandwidth capabilities. As an
extra measure, DICOM Grid also provides customers with the option
to create secondary backup via cloud-based storage services.
DICOM Grid and Safe Harbor
DICOM Grid adheres to the US Safe Har-
bor privacy principles. These principles are
designed to prevent accidental information
disclosure or loss and enable US-based com-
panies to comply with the European Union
Directive 95/46/EC on the protection of
personal data. For more information about
the Safe Harbor framework or our registra-
tion, see the Department of Commerce’s web
site.
5. page 5 Securing Medical Imaging in the Cloud
Securing Images in Transfer
With customers in every healthcare vertical, including hospitals,
private practices, and clinical trials, we are responsible for digital
imaging solutions that affect the lives of millions of patients. As a rule
of thumb, we leave nothing to chance. Two levels of protection en-
sure that data is safe during transfers between acquiring facilities and
receiving facilities.
1. DICOM Grid transfers all data over secure SSL socket level en-
cryption (TLS v1 256 bit). TLS v1 is currently the industry standard
for high-quality encryption and it is HIPAA compliant.
2. Split-merge technology is DICOM Grid’s approach to securing
medical data in the cloud and is a hallmark of our solution. This
technology allows DICOM Grid to co-locate images from various
locations in one data store without compromising access, security,
or HIPAA compliance. Essentially, our split-merge technology ensures
that the personal health data is split from the diagnostic image, such
as MR, CT or X-Ray, and is stored in the datacenter separately - com-
bining only in memory, never in storage.
Do you need to know all the technical details of
our split-merge technology?
Be sure to download our datasheet here.
6. page 6 Securing Medical Imaging in the Cloud
Split Merge Technology
The image below illustrates how DICOM Grid’s split-merge technology
keeps PHI and images seperate and secure.
7. page 7 Securing Medical Imaging in the Cloud
Security and Usability:
Striking a balance
As the focus in healthcare shifts from fee-for-service, to value-based
and collaborative care, the security model needs to change as well.
There’s always been a tug of war between security and usability, with
the ultimate goal being to strike a balance between risk mitigation
and utility. Why is this important? If information is too hard to share,
users may seek out HIPAA–risky ways to do it on their own, which
opens organizations up to potentially costly data loss and legal risks.
We’ve approached the challenge by building out the most robust
cloud-based solution for image management with a core focus on
collaboration. Our platform can be configured to support many
different workflows, preferences, and permissions, while offering the
visibility you need to oversee it all.
Here we outline how DICOM Grid addresses security when manag-
ing users, connecting systems, and applying customizations.
Securing Users: Role-based permissions
In order to simplify image sharing and collaboration in the cloud,
DICOM Grid’s platform offers a powerful way for administrators to
centrally manage user privileges. Using a “role-based” permission
system, roles define what activities a user is allowed to execute.
There is no limit to the number of roles and combinations of permis-
sion sets that can be created within DICOM Grid. This approach to
managing users makes it easy to apply granular control over “who
gets to see what, and when”.
8. page 8 Securing Medical Imaging in the Cloud
Locations and groups are also used within DICOM Grid’s platform
to define segments of an organization and to apply levels of access.
For example, locations might be comprised of main hospitals, affiliate
hospitals, or private practices. Groups on the other hand help cate-
gorize smaller segments such as departments, resident physicians, or
technicians. An administrator can customize the platform by limiting
the functionality available to certain users. Roles can be set for users
at the group or location level that differ from their organizational
role, increasing or decreasing a user’s “power”. In addition, studies
shared with locations or groups can go through certain approval
processes. For instance, when a study is shared with a location it can
require approval by a user with the appropriate role before entering
a worklist.
Creating Interconnectivity: Connecting groups, locations, and
DICOM devices
Another critical capability of creating a secure ecosystem for medi-
cal image sharing is efficiently connecting all the users and systems
under one roof. DICOM Grid securely links an entity’s physical
local area network to the cloud using a gateway. A gateway is a
Windows-based software application that is installed on a server,
workstation, or virtual machine. It communicates with DICOM devices
(PACS, modalities, workstations, etc.) to send and receive medical
images across the network. Gateways compress/decompress and en-
crypt/decrypt medical images transferred to and from the cloud. To
tie everything together, routing rules can be established to automate
workflows and the transferring of studies across a network. Studies
can be shared with specified organizations, locations, groups, or
Approve
View
Reject
Edit
Activities
Process incoming studies
9. page 9 Securing Medical Imaging in the Cloud
users; or sent to a predetermined PACS, modality or viewing station
based on user-defined parameters.
Applying Customizations: Last-mile security features
At DICOM Grid, we understand that the devil is in the details. That’s
why we offer a variety of custom settings to help fine-tune security
workflows. We refer to these customizations as last-mile features and
can include the following:
• Session Expiration - A time frame when users will be logged out
after a period of account inactivity.
• Password Expiration - A time frame when a user’s password will
expire. Users will be prompted to create a new password after
password expiration.
• Single Sign-On - The ability to enable SAML for seamless “one-
click” single sign-on (leveraging Ping One to drive identity manage-
ment).
• Anonymize Personal Health Information - Replace sensitive personal
identifiers such as patient name or ID with anonymized data.
• Add Custom Fields - Capture additional data at the study upload
event for supplemental patient record information.
PACS
10. page 10 Securing Medical Imaging in the Cloud
Monitoring Activity
The final piece of the equation is having insight and the ability to con-
tinuously monitor account activity. With DICOM Grid, administrators
can manage users and control settings all while gaining a 360-de-
gree view and log info from within a convenient dashboard. DICOM
Grid offers administrators the analytics and auditing to gain visibility
into which data has been access and shared inside the four walls of
their institution and beyond.
Dr. Gene Harbour
Dr. Gene Harbour
Dr. Gene Harbour
Melissa Gomes
Dr. Kris Smith
Dr. Kris Smith
11. page 11 Securing Medical Imaging in the Cloud
Request A Demo
Contact our knowledgeable sales team to set up a demo of
DICOM Grid and see for yourself how we can help.
Request Demo
Summary
In this whitepaper, we laid out the path to securing medical imaging
in the cloud. In the world of healthcare, this specifically means relying
on physical infrastructure and encryption mechanisms that lives up to
the law as well as best practices. As we enter a new era of collabo-
rative care and interconnectivity it’s important to note that controlling
access is just as important as how it is shared and stored. DICOM
Grid combines top tier storage infrastructure, patented technology,
and a flexible platform to provide organizations with an unmatched
level of security and control over imaging data.
We’d like to speak with you about your security requirements and
discuss how our solution and architecture can help you leverage the
power of the cloud.