CEWIT 2015 12th International Conference & Expo on Emerging Technologies for a Smarter World
The Rise of Mobile Technology in Healthcare: The Challenge of Securing Teleradiology
Sharing DICOM Images on Mobile Devices: Confidentiality, Integrity, & Availability RisksAbstract— There are many potential security risks associated with viewing, accessing, and storage of DICOM files on mobile devices. Digital Imaging and Communications in Medicine (DICOM) is the industry standard for the communication and management of medical imaging. DICOM files contain multi-dimensional image data and associated meta-data (e.g., patient name, date of birth, etc.) designated as electronic protected health information (e-PHI).
The HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule, the HIPAA Security Rule, the ARRA (American Recovery and Reinvestment Act), the Health Information Technology for Economic and Clinical Health Act (HITECH), and applicable state law mandate comprehensive administrative, physical, and technical security safeguards to protect e-PHI, which includes (DICOM) medical images. Implementation of HIPAA security safeguards is difficult and often falls short. Mobile device use is proliferating among healthcare providers, along with associated risks to data confidentiality, integrity, and availability (CIA). Mobile devices and laptops are implicated in wide-spread data breaches of millions of patients’ data.
These risks arise in many ways, including:
Analysis of commonly used methods for DICOM image sharing on mobile devices elucidates areas of vulnerability and points to the need for holistic security approaches to ensure HIPAA compliance within and across clinical settings. Innovative information governance strategies and new security approaches are needed to protect against data breaches, and to aid in the collection and analysis of compliance data. Generally, it is difficult to share DICOM images across different HIPAA-compliant Picture Archive and Communication Systems (PACS) and certified electronic health record (EHR) systems – while it is easy to share images using non-FDA approved, personal devices on unsecured networks. End-users in clinical settings must understand and strictly adhere to recommended mobile security precautions, and should be held to greater standards of personal accountability when they fail to do so.
Latest posts by Dr. Teresa Piliouras (see all)
- Best We Can Be Featured in IEEE Pulse Magazine - February 23, 2016
- CEWIT 2015 12th International Conference & Expo on Emerging Technologies for a Smarter World - October 16, 2015
- 2015 IEEE Long Island Systems, Applications and Technology Conference (LISAT 2015) - May 1, 2015