SCAR 2004 Special Session: SS10 Introduction Malicious Logic and Additional Aspects of Security and

1
SCAR 2004 - Special Session SS10 IntroductionM
alicious Logic and Additional Aspects of
Security and Privacy in Medical Information
Systems Joint NEMA/COCIR/JIRA Security
Privacy Committee (SPC)
2
What you will learn today

• What the SPC is
• Who the presenters are
• What Defending Medical Information Systems
  Against Malicious Software will cover
• What Organizing Security Privacy in Medical
  Imaging Technology is about
• What Internet Based Remote Servicing of Medical
  Equipment under HIPAA can accomplish
• How the session will be conducted

3
Security and Privacy Committee (SPC) 1

• Joint effort by NEMA-MII (USA), COCIR-IT
  (Europe), and JIRA (Japan)
• World-wide manufacturers of medical imaging
  informatics equipment
• Mission Ensure a level of data security and data
  privacy in the health care sector that
• Meets legally mandated requirements
• Can be implemented in ways that are reasonable
  and appropriate
• Reduces healthcare costs of compliance to
  regulations
• Scope
• All systems, devices, components, and accessories
  used in medical imaging informatics
• Not exclusive of other products and expected to
  be extendable to all equipment that maintains
  patient identifiable data

4
Security and Privacy Committee (SPC) 2

• Goal Provide a common understanding and solution
  for complying with data security and data privacy
  legislation
• Currently focusing on the European Community,
  Japan, and the United States of America
• Develop industry positions to
• Target consistent approaches in the global market
• Avoid incompatabilities between institutions
  exchanging data
• Guide implementation of privacy and security
  measures
• Advocate common industry positions on privacy and
  security issues that require interpretation
• Develop solution recommendations based upon the
  industry positions and standards

5
SPC Efforts Outcome (1)

• Jointly-approved white paper series
• Security Privacy An Introduction to HIPAA
             
• Security Privacy Auditing In Healthcare
  Information Technology
• Security Privacy Requirements for Remote
  Servicing
• Remote Service Interface Solution (A) IPSec
  Over the Internet Using Digital Certificates
  (including NAT)
• Identification Allocation of Basic Security
  Rules in Healthcare Imaging Systems
• Defending Medical Information Systems Against
  Malicious Software
• Introduction to the NEMA HIPAA Business Associate
  Contract Sample Language

6
SPC Efforts Outcome (2)

• All papers available at www.nema.org/medical/spc
• Companies eligible to participate in the SPC
  member companies of NEMA, COCIR, JIRA, and the
  DICOM Standards Committee
• Active Members AGFA Healthcare GE Medical
  Systems Kodak Health Imaging Konica Minolta
  Medical Merge eFilm Nihon Kohden Philips
  Medical Systems Siemens Medical
  Solutions Toshiba Medical Systems

7
The Presenters (1)

• Dwight A. Simon,Medical Standards Director
  Senior Integration Specialist
• Merge eFilmMilwaukee, WI, USA
• Co-Chair of DICOM Standards Committee
• Member of various DICOM Working Groups
• Member of Joint NEMA/COCIR/JIRA Security
  Privacy Cmte
• Member of NEMA Medical Imaging Informatics
  Section
• Voting member of HL7
• Worked in Healthcare Medical Imaging for 20 yrs
• Was Medical Product Engineering Manager for 12
  yrs
• Doing Healthcare Integration Standards Speaking
  for 12 yrs
• Teaching Healthcare Integration Standards for 5
  years

8
The Presenters (2)

• Dr. David E. Gobuty, CISSPChief Security Officer
  andDirector, Systems Security Engineering
• Eastman Kodak Company Health Imaging
  GroupRochester, NY, USA
• Chair, Joint NEMA/COCIR/JIRA Security Privacy
  Committee
• Certified Information Systems Security
  Professional
• Member, DICOM Working Group-14 (Security)
• Member, HIMSS Medical Device Privacy Security
  Working Group
• Member, NEMA Medical Imaging Informatics Section
• Works in medical device privacy security for 4
  years
• Systems security engineering professional for 25
  years

9
The Presenters (3)

• Dr. Wolfgang Leetz,Senior Engineer
• Siemens Medical Solutions Standardization
  TechnologyErlangen, Germany
• Vice Chair, Joint NEMA/COCIR/JIRA Security and
  Privacy Committee (former Chair of the SPC)
• SPC contact to COCIR (Europe) and ZVEI (Germany)
• Member, DICOM WG 14 Security
• Member, NEMA Medical Imaging Informatics Section
• Works in medical device privacy security for 4
  years

10
Defending Medical Information Systems Against
Malicious Software

• Presented by Dwight Simon
• Understand how to protect against viruses, Trojan
  horses, denials of service, trap doors, time
  bombs and worms.
• Find out why vendors and users must cooperate to
  help safeguard the security and privacy of data
  in healthcare.

11
Organizing Security Privacy in Medical Imaging
Technology

• Presented by David Gobuty
• Become familiar with the security rules to be
  enforced to protect the privacy of
  patient-identifiable data.
• Recognize that some security rules are best
  enforced procedurally and others by technology.

12
Internet Based Remote Servicing of Medical
Equipment under HIPAA

• Presented by Wolfgang Leetz
• Learn about a solution for remote servicing of
  medical IT systems, while ensuring availability,
  confidentiality, and integrity of transmitted
  data.
• Understand how to use this solution when the
  healthcare facility uses Network Address
  Translation (NAT) in their internal LAN.

13
For More Information about or to Participate in
SPC

• Contact the Secretariat
• Mr. Stephen Vastagh
• National Electrical Manufacturers Association
• Suite 1847
• 1300 N. 17th Street
• Arlington, VA 22209, USA
• E-mail ste_vastagh_at_nema.org
• Telephone 1-703-841-3281
• SPC Website www.nema.org/medical/spc