MINUTES
Meeting: Working Group 14 (Security)
of the DICOM Standards Committee
Place: San Diego, CA
Date: January 9, 2002
Members Present:
GE Medical Systems Harry Solomon
Merge Technologies John Fehrenbach
Siemens Medical Solutions Lawrence Tarbox
Toshiba Hidenori Shinoda
Members Absent:
Eastman Kodak David Gobuty
JIRA Isao Ohbayashi
Konica Medical Imaging Hitoshi Yoshimura
Philips Medical Systems Cor Loef
RadPharm David Clunie
Others Present:
Cerner Steve Fine
Ed Larsen, Inc. Ed Larsen
ETIAM Emmanuel Cordonnier
GE Medical Systems John Moehrke
Kaiser Permanente Greg Thomas
Medifacts Systems Cheryl Tyus
Philips Research K. P. Lee
Siemens Medical Solutions Mike Cassidy
Siemens Medical Solutions Helmut Koenig
Siemens Medical Solutions Glen Marshall
Siemens Medical Solutions Jim Schiel
University of Magdeburg Bernd Blobel
University of Washington Blair Cockerline
Veterans Health Administration Amy Page
Veterans Health Administration Mike Davis
NEMA Staff Howard Clark
Presiding Officer: Lawrence Tarbox, Chair
-
Preliminary Events
Participants introduced themselves and reviewed the agenda. No additional items were proposed.
-
Approval of Previous Minutes
The minutes of the WG 14 meeting held on November 30, 2001 in Chicago were reviewed and approved.
-
Security in IHE
Group Chair Lawrence Tarbox noted that IHE hopes to conduct a demonstration of security at the RSNA conference in November 2002.
-
Audit Trails Remote Logging Protocol
Glen Marshall provided a background review of the WG-14 meeting that was held at RSNA in Chicago. He noted:
-
HL7 Security & Accountability SIG has balloted an informative document for an audit message. Planning to create an HL7 v3 standard.
-
DICOM WG 14 has been tasked with developing methodologies for sending audit trail information to a central repository.
-
ASTM has balloted and adopted a standard specification for audit and disclosure logs for use in healthcare information systems.
The following conclusions were reported:
-
Commonality between DICOM and HL7 work exist for these use cases and the associated data:
-
Access and modifications to the security database, e.g., adding user accounts, changing privileges, etc.
-
Access and modification to the audit data
-
Application domain security-relevant use cases that do not require knowledge of the application data or business rules, e.g., user logins and directory/file level access.
-
Security-relevant event data arising from the underlying messaging and transport infrastructure.
-
Application domain security-relevant uses cases that do require knowledge of the application data or business rules may lack data commonality. If there are common data among such events, the vocabularies for such data may be distinct among application domains.
-
We should jointly agree on the common use cases and data. This would be best reflected in an XML schema.
-
The audit data payload should be independent of the underlying message framing and transport. For example, we see that ebXML may be appropriate in the HL7 implementations but Reliable Syslog (RFC 3195) may be appropriate for DICOM.
-
A standard specification for controlling detail-level of audit data is highly desirable.
-
A standard specification for audit data retention and purging is highly desirable.
-
We should explicitly exclude forensic data-gathering, e.g., before/after data change logs, from the scope of the work.
-
A follow-up joint meeting [this one] will occur during the HL7 meeting in January. This will refine the work and detail direction we will take.
Mr. Marshall expressed his hope that an action plan could be established to move this forward. To this end, he and Group Chair Lawrence Tarbox led participants in a detailed review of just what elements are required in order to produce and maintain the required audit trail records. The majority of the discussion was aimed at identifying which specific group (HL7, WG-14, ASTM or IHE) will take responsibility for each particular task. The results of this discussion, including logistical steps, are summarized in the attached appendix that was provided by Mr. Marshall.
-
Adding Digital Signatures to Structured Reports
This topic was deferred to a subsequent meeting.
-
New Business
No new business was brought before the group.
-
Date for Next Meeting
A teleconference is planned for mid-February. Glen Marshall will announce the date and time.
Various other, related groups are expected to meet in conjunction with the SPIE Conference in San Diego in February of 2002. The chair will consult with leaders of these groups to determine whether there would be sufficient benefit for WG-14 to meet at that time also.
Beyond February of 2002, the next meeting will be held at NEMA headquarters on April 23, 2002.
-
Adjournment
The meeting was adjourned at 5:30 PM.
Reported by: Howard E. Clark
Secretary
January 23, 2002
Reviewed by Counsel:
Appendix One
JOINT MEETING HL7 Security & Accountability SIG with Imaging Integration SIG and DICOM’s WG-14 and WG-20
By Glen Marshall, Siemens
-
Note: We need to ensure that selective audit & selective reporting is formalized more clearly.
-
Tasking –
-
HL7 to handle
-
Session & transport (neutral as to underlying transport)
-
Security admin audits
-
Audit trail management audits
-
User login/logoff
-
Specification of mandatory minimum auditing (non-normative guidelines, normative references?)
-
Draft of mapping between cross-industry security logs to HL7 spec. (normative vs. guidance?), noting that this will uncover a lot of dragons. This does NOT substitute for system audit & its purposes for security assurance. Think of this effort as application domain audits with a digest of relevant system-level events.
-
Application groups (DICOM, etc., including HL7) need to handle application specific data
-
ASTM to handle
-
ID of commonalities between HL7 & ASTM work
-
Selective audit & selective reporting is formalized more clearly
-
HL7, DICOM, ASTM to jointly cover vocabulary
-
ID of external references, e.g., ISO/TC 215 WG 4 glossary
-
Explicitly not in scope: Further use cases, trigger events, coverage of national & organizational requirements for … (perhaps non-normative notes & references?)
-
Rules for production of audit (excl emergency access, which is covered by ASTM?)
-
Rules for consumption of audit – reporting, heuristics, alarms
-
Rules for archiving
-
Rules for purging
-
Backup/recovery (guarantee of audit availability)
-
Non-Normative references/guidance/appendix: Scalability (joint HL7, ASTM, DICOM)
-
Scale-up
-
Scale-down
-
Guidance on efficient use of computing resources
-
ASTM covers (guidelines or normative?) Systems Management
-
Actions in case of audit unavailability
-
Logistics
-
Minutes –
-
HL7 – www.hl7.org
-
NEMA/DICOM/SPC – medical.nema.org
-
Meetings (joint will occur somewhere within this)
-
DICOM WG 14: April 23 @ NEMA, June 26 In Paris, Sept 25 at NEMA, December 6 @ RSNA
-
HL7: April in Atlanta, Oct in Baltimore, Jan in San Antonio
-
ASTM: Seattle @ TEPR, November @ ?
-
Conf calls: vocabulary, monthly synch? TBD – first one needs to cover use cases & vocab. – time to be determined based on national participation requirements.
-
Listserve
-
www.hl7.org, Security & Accountability SIG listserve
-
DICOM WG 14, imaging domain only
-
Document repository
-
GFM to set this up
-
Work schedule
-
HL7 – target is normative v3 spec for CQ committee ballot in Oct. – Aug 1 completion for publication.
-
Intermediate drafts to be placed on doc repository & notice via listserv
-
First item is use cases – Tentative first pass due 2/9.
-
Other artifacts TBD
-
DICOM
-
Draft of Imaging specific portion, referencing HL7 base, public comment target is approx same as HL7 doc.
-
Use cases - Tentative first pass due 2/9.
-
ASTM
-
Cross-ref with HL7 S&A informative document – Tentative first pass due 2/9.
|