Implementation of security in the management of medical images
Keywords:
IS,, PACS, DICOM, HIPAA,, ISO/IEC27002,Abstract
Security inside institutional information systems in hospitals must guarantee confidentiality,
integrity and availability of medical imaging as well as of patients’ identity in PACS (patient
administration and communication systems). Data in systems are not safe at all, since policies in
security of internet or intranet are not enough to ensure absolute privacy, authenticity or integrity
of imaging through the DICOM format. Firewall, encryption and encapsulation are procedures
designed to provide additional protection of data. However, such procedures are not applied as
an absolute rule. Part 15 of DICOM standard PS3.15 specifies profiles and security measures to
the appropriate handling of information. In this paper, controls (indicators), standards (DICOM)
and policies (HIPPA) are discussed about the design of our PACS-INR in order to ensure the
storage, recovering and handling imaging information under a true security and privacy scheme.
Publication Facts
Reviewer profiles N/A
Author statements
Indexed in
- Editor & editorial board
- profiles
- Academic society
- N/A
To learn about these publication facts, click 
PF is maintained by the Public Knowledge Project
References
Cushman R. Information and medical ethics: Protecting
patient privacy. IEEE Technology and Society Magazine.
; 15 (3): 32-39.
Hodge JG, Gostin LO, Jacobson PD. Legal issues con-
cerning electronic health information: privacy, quality,
and liability. JAMA. 1999; 282: 1466-1471.
Lim E. Data security and protection for medical images.
In: Biomedical information technology by dagan feng.
Ed. Elsevier, 2008, pp. 249-257.
International Standard ISO/IEC 27001:2005 Information
technology - Security techniques - Information security
management systems - Requirements. Disponible en:
http://www.iso27000.es/iso27000.html
International Standard ISO/IEC 7498-2. Information
technology, Open Systems Interconnection, Basic Refe-
rence Model-Part 2: Security Architecture, International
Organization for standardization: 1989. Disponible en:
Zio E. Reliability engineering: old problems and new
challenges. Reliability Engineering & System Safety,
; 94 (2): 125-141.
Anderson R. Security engineering: a guide to building
dependable distributed systems, 2nd Edition. Wiley
Computer Publishing, 2008.
Metcalf L, Spring J. Passive detection of servers;
software engineering institute technical report. CERT
division. 2003; pp. 29.
Sommerville I. Software engineering. Addison-Wesley,
th Edition 2011.
Alotaibi Y, Fei L. A novel framework to model a secure
information systems. International Conference on Infor-
mation and Computer Applications. 2012; 24: 84-89.
Jadidoleslamy H. Weakness, vulnerabilities and elu-
sion strategies against intrusion detection systems.
International Journal of Computer Science & Engi-
neering Survey. 2012; 3 (4): 15-25.
ISO/TR 20514:2005. Health informatics-electronic health
record-defi nition, scope and context 2005. Disponible
en: http://www.iso.org/iso/home/store/catalogue tc/
catalogue detail.htm?csnumber=39525
Mouratidis H, Giorgini P, Gordon M. When security
metes software engineering: a case or modelling secure
information systems. Information Systems. 2005; 30:
-629.
Hammond E, James C. Standards in Medical Informatics
En: Biomedical. Informatics: Computer Applications in
Health Care and Biomedicine, 3rd Edition 2006; pp. 265-
HIPAA Security Standard. Health Insurance Porta-
bility and Accountability 2003. Disponible en: http://
www.cms.hhs.gov/hipaa/ hipaa2/regulations/securi-
ty/03-3877.pdf
HL7 Health Level Seven Standards Version 3.0. An
application protocol for electronic data exchange in
health care environments. 2003. Disponible en: http://
www.hl7.org/implement/standards/index.cfm?ref=nav
DICOM. Digital Imaging and Communications in Me-
dicine Standard, Part 1: Introduction and Overview.
National Electrical Manufacturers Association PS.
1-3.18, 2009.
Gutiérrez J, Martínez A, Núñez MA, Baltazar R, Delgado
R, Muñoz JE et al. Sistema PACS-CNR: Una propuesta
tecnológica. Revista Mexicana de Ingeniería Biomédica.
; 24 (1): 77-85.
Pianykh O. Digital Imaging and Communications in
Medicine (DICOM) Cap 11. DICOM Media and Security
Springer 2nd Edition. 2012, pp. 243-262.
Krens R, Spruit M, Urbanus N. Evaluating Information
Security Effectiveness with Health Professionals. In:
Fred AA, Filipe JJ, Gamboa H (Eds.) Communications
in Computer and Information Science 274, BIOSTEC
; pp. 324-334.
Gutiérrez-Martínez J, Núñez-Gaona MA, Aguirre-Mene-
ses H, Delgado-Esquerra RE. A software and hardware
architecture for a high-availability PACS. J Digit Imaging.
; 25 (4): 471-479.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Instituto Nacional de Rehabilitación Luis Guillermo Ibarra Ibarra
This work is licensed under a Creative Commons Attribution 4.0 International License.
© Instituto Nacional de Rehabilitación Luis Guillermo Ibarra Ibarra under a Creative Commons Attribution 4.0 International (CC BY 4.0) license which allows to reproduce and modify the content if appropiate recognition to the original source is given.
