Ana səhifə

Minutes meeting: Working Group 14 (Security) of the dicom standards Committee Place


Yüklə 64 Kb.
tarix27.06.2016
ölçüsü64 Kb.



MINUTES

Meeting: Working Group 14 (Security)

of the DICOM Standards Committee



Place: San Diego, CA

Date: January 9, 2002


Members Present:


GE Medical Systems Harry Solomon

Merge Technologies John Fehrenbach

Siemens Medical Solutions Lawrence Tarbox

Toshiba Hidenori Shinoda



Members Absent:


Eastman Kodak David Gobuty

JIRA Isao Ohbayashi

Konica Medical Imaging Hitoshi Yoshimura

Philips Medical Systems Cor Loef

RadPharm David Clunie

Others Present:


Cerner Steve Fine

Ed Larsen, Inc. Ed Larsen

ETIAM Emmanuel Cordonnier

GE Medical Systems John Moehrke

Kaiser Permanente Greg Thomas

Medifacts Systems Cheryl Tyus

Philips Research K. P. Lee

Siemens Medical Solutions Mike Cassidy

Siemens Medical Solutions Helmut Koenig

Siemens Medical Solutions Glen Marshall

Siemens Medical Solutions Jim Schiel

University of Magdeburg Bernd Blobel

University of Washington Blair Cockerline

Veterans Health Administration Amy Page

Veterans Health Administration Mike Davis

NEMA Staff Howard Clark


Presiding Officer: Lawrence Tarbox, Chair



  1. Preliminary Events

Participants introduced themselves and reviewed the agenda. No additional items were proposed.


  1. Approval of Previous Minutes

The minutes of the WG 14 meeting held on November 30, 2001 in Chicago were reviewed and approved.


  1. Security in IHE

Group Chair Lawrence Tarbox noted that IHE hopes to conduct a demonstration of security at the RSNA conference in November 2002.


  1. Audit Trails Remote Logging Protocol

Glen Marshall provided a background review of the WG-14 meeting that was held at RSNA in Chicago. He noted:

  • HL7 Security & Accountability SIG has balloted an informative document for an audit message. Planning to create an HL7 v3 standard.

  • DICOM WG 14 has been tasked with developing methodologies for sending audit trail information to a central repository.

  • ASTM has balloted and adopted a standard specification for audit and disclosure logs for use in healthcare information systems.

The following conclusions were reported:

  • Commonality between DICOM and HL7 work exist for these use cases and the associated data:

    • Access and modifications to the security database, e.g., adding user accounts, changing privileges, etc.

    • Access and modification to the audit data

    • Application domain security-relevant use cases that do not require knowledge of the application data or business rules, e.g., user logins and directory/file level access.

    • Security-relevant event data arising from the underlying messaging and transport infrastructure.

  • Application domain security-relevant uses cases that do require knowledge of the application data or business rules may lack data commonality. If there are common data among such events, the vocabularies for such data may be distinct among application domains.

  • We should jointly agree on the common use cases and data. This would be best reflected in an XML schema.

  • The audit data payload should be independent of the underlying message framing and transport. For example, we see that ebXML may be appropriate in the HL7 implementations but Reliable Syslog (RFC 3195) may be appropriate for DICOM.

  • A standard specification for controlling detail-level of audit data is highly desirable.

  • A standard specification for audit data retention and purging is highly desirable.

  • We should explicitly exclude forensic data-gathering, e.g., before/after data change logs, from the scope of the work.

  • A follow-up joint meeting [this one] will occur during the HL7 meeting in January. This will refine the work and detail direction we will take.

Mr. Marshall expressed his hope that an action plan could be established to move this forward. To this end, he and Group Chair Lawrence Tarbox led participants in a detailed review of just what elements are required in order to produce and maintain the required audit trail records. The majority of the discussion was aimed at identifying which specific group (HL7, WG-14, ASTM or IHE) will take responsibility for each particular task. The results of this discussion, including logistical steps, are summarized in the attached appendix that was provided by Mr. Marshall.


  1. Adding Digital Signatures to Structured Reports

This topic was deferred to a subsequent meeting.


  1. New Business

No new business was brought before the group.


  1. Date for Next Meeting

A teleconference is planned for mid-February. Glen Marshall will announce the date and time.

Various other, related groups are expected to meet in conjunction with the SPIE Conference in San Diego in February of 2002. The chair will consult with leaders of these groups to determine whether there would be sufficient benefit for WG-14 to meet at that time also.

Beyond February of 2002, the next meeting will be held at NEMA headquarters on April 23, 2002.


  1. Adjournment

The meeting was adjourned at 5:30 PM.

Reported by: Howard E. Clark

Secretary

January 23, 2002


Reviewed by Counsel:

Appendix One


JOINT MEETING

HL7 Security & Accountability SIG

with

Imaging Integration SIG

and

DICOM’s WG-14 and WG-20

By Glen Marshall, Siemens





  1. Note: We need to ensure that selective audit & selective reporting is formalized more clearly.

  2. Tasking –

  1. HL7 to handle

  1. Session & transport (neutral as to underlying transport)

  2. Security admin audits

  3. Audit trail management audits

  4. User login/logoff

  5. Specification of mandatory minimum auditing (non-normative guidelines, normative references?)

  6. Draft of mapping between cross-industry security logs to HL7 spec. (normative vs. guidance?), noting that this will uncover a lot of dragons. This does NOT substitute for system audit & its purposes for security assurance. Think of this effort as application domain audits with a digest of relevant system-level events.

  1. Application groups (DICOM, etc., including HL7) need to handle application specific data

  2. ASTM to handle

  1. ID of commonalities between HL7 & ASTM work

  2. Selective audit & selective reporting is formalized more clearly

  1. HL7, DICOM, ASTM to jointly cover vocabulary

  1. ID of external references, e.g., ISO/TC 215 WG 4 glossary

  1. Explicitly not in scope: Further use cases, trigger events, coverage of national & organizational requirements for … (perhaps non-normative notes & references?)

  1. Rules for production of audit (excl emergency access, which is covered by ASTM?)

  2. Rules for consumption of audit – reporting, heuristics, alarms

  3. Rules for archiving

  4. Rules for purging

  5. Backup/recovery (guarantee of audit availability)

  1. Non-Normative references/guidance/appendix: Scalability (joint HL7, ASTM, DICOM)

  1. Scale-up

  2. Scale-down

  3. Guidance on efficient use of computing resources

  1. ASTM covers (guidelines or normative?) Systems Management

  1. Actions in case of audit unavailability

  1. Logistics

  1. Minutes –

  1. HL7 – www.hl7.org

  2. NEMA/DICOM/SPC – medical.nema.org

  1. Meetings (joint will occur somewhere within this)

  1. DICOM WG 14: April 23 @ NEMA, June 26 In Paris, Sept 25 at NEMA, December 6 @ RSNA

  2. HL7: April in Atlanta, Oct in Baltimore, Jan in San Antonio

  3. ASTM: Seattle @ TEPR, November @ ?

  4. Conf calls: vocabulary, monthly synch? TBD – first one needs to cover use cases & vocab. – time to be determined based on national participation requirements.

  1. Listserve

  1. www.hl7.org, Security & Accountability SIG listserve

  2. DICOM WG 14, imaging domain only

  1. Document repository

    1. GFM to set this up

  1. Work schedule

  1. HL7 – target is normative v3 spec for CQ committee ballot in Oct. – Aug 1 completion for publication.

  1. Intermediate drafts to be placed on doc repository & notice via listserv

  2. First item is use cases – Tentative first pass due 2/9.

  3. Other artifacts TBD

  1. DICOM

  1. Draft of Imaging specific portion, referencing HL7 base, public comment target is approx same as HL7 doc.

  2. Use cases - Tentative first pass due 2/9.

  1. ASTM

  1. Cross-ref with HL7 S&A informative document – Tentative first pass due 2/9.

WG 14 (Security)

of the DICOM Standards Committee

January 9, 2002




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©atelim.com 2016
rəhbərliyinə müraciət