Data-centric Protection in DICOM

摘要

In this paper we address the problem of privacy protection and trust enhancement in a distributed healthcare eco system. Increased trust in other parties of the eco system encourages medical entities to share data. This increases the availability of data and consequently improves the general quality of health care. We present two different solutions to the above described problem, both being developed using the DICOM standard (Digital Imaging and Communications in Medicine). The first approach, which is partially relying on legislation, uses sticky policies and commitment protocols to enhance trust. We propose to attach the access control policies to the data in the DICOM files. Furthermore, the source of data disclosure makes sure that the destination commits to enforce the policies by obtaining a signature on the policies and thus providing a proof of the commitment by the destination. The second approach aims at increasing trust by technical enforcement. For this purpose, digital rights management (DRM) technology is used. We demonstrate that it is possible to create a DICOM DRM container using the tools provided by this standard, hence still guaranteeing backward compatibility.