Abstract
According to Taiwan’s legislation pertaining to the protection of electronic data, the creators of electronic medical records (EMR) are solely responsible for the security of EMR. However, actual implementations that fulfill the security standards and requirements for electronic medical record systems are still lacking. Most EMR created from picture archive and communication system are not considered secure, as security protection mechanisms have not yet been granted legal status. This paper describes the details of establishing a digital signature system using Taiwan health professional cards. A digital signature system has been included to ensure quality assurance (QA) operations are controlled by technicians, and reporting capabilities have been provided for radiologist. Six imaging modalities and eight types of radiology reports have also been included in the system. Results indicate that the process of creating QA signatures does not have an adverse effect on the workflow of the facility, requiring less time for the signing and verification of radiology reports. This system has already been used routinely online in a real clinical setting for more than 2 years.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Yang, C. M., Lin, H. C., Chang, P., and Jian, W. S., Taiwan’s perspective on electronic medical records’ security and privacy protection: Lessons learned from HIPAA. Comput. Methods. Programs Biomed. 82:277–282, 2006.
Health Insurance Portability Accountability Act of 1996 (HIPAA). Available via Centers for Medicare and Medicaid Services. http://www.cms.hhs.gov/hipaageninfo. Accessed 17 Oct 2010
Code NZTHIP (1994) Rule 5: storage and security of health information. http://www.privacy.org.nz/assets/Files/Codes-of-Practice-materials/HIPC-1994-2008-revised-edition.pdf.
Toyoda, K., Standardization and security for the EMR. Int. J. Med. Inform. 48:57–60, 1998.
Digital Imaging and Communications in Medicine (DICOM) Part 15: Security and System Management Profiles. National Electrical Manufacturers Association. ftp://medical.nema.org/medical/dicom/2009/09_15pu.pdf.
Bos, J. J., Digital signatures and the electronic health records: providing legal and security guarantees. Int. J. Biomed. Comput. 42:157–163, 1996.
Ratib, O., Ligier, Y., Bandon, D., and Valentino, D., Update on digital image management and PACS: Web and PACS: Heralding the new age of imaging in the health care community. Abdom. Imaging 25:333–340, 2000.
Lim, E. Y. S., Data security and protection for medical images. In: Feng, D. D. (Ed.), Biomedical information technology, 1st edition. Elsevier, Burlington, pp. 249–257, 2008.
Hollerbach, A., Brandner, R., Bess, A., Schmücker, R., and Bergh, B., Electronically signed documents in health care - analysis and assessment of data formats and transformation. Methods. Inf. Med. 44:520–527, 2005.
van der Haak, M., Wolff, A. C., Brandner, R., Drings, P., Wannenmacher, M., and Wetter, T., Data security and protection in cross-institutional electronic patient records. Int. J. Med. Inform. 70:117–130, 2003.
Schüze, B., Kroll, M., Geisbe, T., and Filler, T. J., Patient data security in the DICOM standard. Eur. J. Radiol. 51:286–289, 2004.
Cao, F., Huang, H. K., and Zhou, X. Q., Medical image security in a HIPAA mandated PACS environment. Comput. Med. Imaging. Graph. 27:185–196, 2003.
Brandner, R., van der Haak, M., Hartmann, M., Haux, R., and Schmücker, P., Electronic signature for medical documents - Integration and evaluation of a public key infrastructure in hospitals. Methods. Inf. Med. 41:321–330, 2002.
de Lusignan, S., Chan, T., Theadom, A., and Dhoul, N., The roles of policy and professionalism in the protection of processed clinical data: A literature review. Int. J. Med. Inform. 76:261–268, 2007.
Srivastava, A., Electronic signatures and security issues: An empirical study. Comput. Law. Sec. Rev. 25(5):432–446, 2009.
Kardas, G., and Tunali, E. T., Design and implementation of a smart card based healthcare information system. Comput. Methods. Programs Biomed. 81:66–78, 2006.
Chen, Y. C., Chen, L. K., Tsai, M. D., Chiu, H. C., Chiu, J. S., and Chong, C. F., Fingerprint verification on medical image reporting system. Comput. Methods. Programs Biomed. 89:282–288, 2008.
Wong, S. T., A cryptologic based trust center for medical images. J. Am. Med. Inform. Assoc. 3:410–421, 1996.
Gritzalis, S., Iliadis, J., Gritzalis, D., Spinellis, D., and Katsikas, S., Developing secure web-based medical applications. Med. Inform. Internet Med. 24:75–90, 1999.
Clunie, D. A., DICOM structured reporting. PixelMed, Bangor, 2000.
Riesmeier, J., Eichelberg, M., Kleber, K., Grönemeyer, D. H. W., Oosterwijk, H., and Jensch, P., Authentication, integrity and confidentiality in DICOM structured reporting: Concept and implementation. SPIE Med. Imaging 4685:70–278, 2002.
Lepanto, L., Impact of electronic signature on radiology report turnaround time. J. Digit Imaging 16:306–309, 2003.
Zhou, Z., and Liu, B. J., HIPAA compliant auditing system for medical images. Comput. Med. Imaging. Graph. 29:235–241, 2005.
Liu, B., Zhou, Z., and Huang, H., A HIPAA-compliant architecture for securing clinical images. J. Digit Imaging 19:172–180, 2006.
Kroll, M., Schütze, B., Geisbe, T., Lipinski, H. G., Grönemeyer, D. H. W., and Filler, T. J., Embedded systems for signing medical images using the DICOM standard. Int. Congr. Ser. 1256:849–854, 2003.
Jin P FPGA and ASIC Implementation of ECC Processor for Security on Medical Embedded System. 3rd Information Technology and Applications, International Conference on, 2005. pp 547–551.
Vijay, N. V. K., Sylvanus, A. E., Sergio, C., and Jose, A. R., Security middleware infrastructure for DICOM images in health information systems. J. Digit Imaging 16:356–364, 2003.
Lien, C. Y., Kao, T., Hsiao, C. H., and Keng, C. I., A software-embedded method of security protection applied in indirect imaging in dentistry. J. Med. Biol. Eng. 30:203–207, 2010.
Digital Imaging and Communications in Medicine (DICOM) Supplement 41: Digital Signatures. National Electrical Manufacturers Association. ftp://medical.nema.org/medical/dicom/final/sup41_ft.pdf.
Digital Imaging and Communications in Medicine (DICOM) Supplement 86: Digital Signatures in Structured Reports. National Electrical Manufacturers Association. ftp://medical.nema.org/medical/dicom/final/sup86_ft2.pdf.
Lien, C. Y., Hsiao, C. H., Huang, L. C., and Kao, T., Applying a presentation content manifest for signing clinical documents. J. Digit Imaging 23:152–160, 2010.
Kobayashi, L., Furuie, S., and Barreto, P., Providing integrity and authenticity in DICOM images: A novel approach. IEEE Trans. Inf. Technol. Biomed. 13:582–589, 2009.
Kobayashi, L., and Furuie, S., Proposal for DICOM multiframe medical image integrity and authenticity. J. Digit Imaging 22:71–83, 2008.
Bartel M, Boyer J, Fox B, LaMacchia B, Simon E (2001) XML-Signature Syntax and Processing - W3C Proposed Recommendation. . W3C (World Wide Web Consortium). http://www.w3.org/TR/2001/PRxmldsig-core-20010820/.
Landrock, P., and Pedersen, T., WYSIWYS? – What you see is what you sign? Inf. Secur. Tech. Rep. 3:55–61, 1998.
Ruotsalainen, P., and Manning, B., A notary archive model for secure preservation and distribution of electrically signed patient documents. Int. J. Med. Inform. 76:449–453, 2007.
Lekkas, D., and Gritzalis, D., Long-term verifiability of the electronic healthcare records’ authenticity. Int. J. Med. Inform. 76:442–448, 2007.
Pharow, P., and Blobel, B., Electronic signatures for long-lasting storage purposes in electronic archives. Int. J. Med. Inform. 74:279–287, 2005.
Lekkas, D., and Gritzalis, D., Cumulative notarization for long-term preservation of digital signatures. Comput. Sec. 23(5):413–424, 2004.
Yu, Y. C., Huang, T. Y., and Hou, T. W., Forward secure digital signature for electronic medical records. J. Med. Syst. 36:399–406, 2012.
Huang, K. H., Hsieh, S. H., Chang, Y. J., Lai, F., Hsieh, S. L., and Lee, H. H., Application of portable CDA for secure clinical-document exchange. J. Med. Syst. 34:531–539, 2010.
Digital Imaging and Communications in Medicine (DICOM) Supplement 95: Audit Trail Messages. National Electrical Manufacturers Association. ftp://medical.nema.org/medical/dicom/final/sup95_ft.pdf
Morgan, M. B., Branstetter, B. F., Lionetti, D. M., Richardson, J. S., and Chang, P. J., The radiology digital dashboard: Effects on report turnaround time. J. Digit Imaging 21:50–58, 2008.
Acknowledgments
The authors would like to acknowledge the technical support and data collecting provided by Mr. Wen-Jen Hsieh, Mr. Wei-Chung Chen and Mr. Yao-Yi Chen. This work was supported by the Department of Health and the National Science Council of Taiwan under Grant NSC 97-2114-E-010-002 and NSC 101-2917-I-564-060.
Conflict of interest
The authors declare that they have no conflict of interest.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lien, CY., Yang, TL., Hsiao, CH. et al. Realizing Digital Signatures for Medical Imaging and Reporting in a PACS Environment. J Med Syst 37, 9924 (2013). https://doi.org/10.1007/s10916-012-9924-1
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-012-9924-1