550

IEEE TRANSACTIONS ON INFORMATION TECHNOLOGY IN BIOMEDICINE, VOL. 15, NO. 4, JULY 2011

A Novel Key Management Solution for Reinforcing Compliance With HIPAA Privacy/Security Regulations
Chien-Ding Lee, Kevin I.-J. Ho, and Wei-Bin Lee, Member, IEEE
AbstractDigitizing medical records facilitates the healthcare process. However, it can also cause serious security and privacy problems, which are the major concern in the Health Insurance Portability and Accountability Act (HIPAA). While various conventional encryption mechanisms can solve some aspects of these problems, they cannot address the illegal distribution of decrypted medical images, which violates the regulations dened in the HIPAA. To protect decrypted medical images from being illegally distributed by an authorized staff member, the model proposed in this paper provides a way to integrate several cryptographic mechanisms. In this model, the malicious staff member can be tracked by a watermarked clue. By combining several well-designed cryptographic mechanisms and developing a key management scheme to facilitate the interoperation among these mechanisms, the risk of illegal distribution can be reduced. Index TermsCryptography, digital imaging and communication in medicine (DICOM), digital watermarking, encryption, Health Insurance Portability and Accountability Act (HIPAA), patients privacy.

I. INTRODUCTION FFERING professional medical services is the goal of all healthcare providers. During diagnosis and treatment, a series of health records and medical images are generated, stored, transmitted, and withdrawn. No matter how health information is gathered and/or stored, the processed or selectively disseminated should be controlled [1][4]. Thus, comprehensive principles concerning medical information security as well as patient privacy are necessary for every participant. It is helpful to dene the relevant terms and to facilitate realizing how to secure the data processing in the healthcare information system (HIS). The Health Insurance Portability and Accountability Act (HIPAA) [5], [6] promoted by the U.S. government is a representative principle. In the HIPAA, privacy and security regulations are the two crucial parts that indicate how to avoid offenses and

Manuscript received January 3, 2010; revised November 23, 2010 and February 21, 2011; accepted May 1, 2011. Date of publication May 12, 2011; date of current version July 15, 2011. C.-D. Lee and W.-B. Lee are with the Department of Information Engineering and Computer Science, Feng Chia University, Taichung 40724, Taiwan (e-mail: P9521801@fcu.edu.tw; wblee@fcu.edu.tw). K. I.-J. Ho is with the Department of Computer Science and Communication Engineering, Providence University, Taichung 43301, Taiwan (e-mail: ho@pu.edu.tw). Color versions of one or more of the gures in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identier 10.1109/TITB.2011.2154363

unauthorized disclosures of health information. Nowadays, the HIPAA is a popular framework that is followed by a great number of organizations. There are two crucial guidelines of HIPAA privacy/security regulations. First, the individual medical data can be used and disclosed only for purposes of treatment, payment, and healthcare operations [5][7]. That is, a patients control and understanding of his/her medical information should be assured. Second, participants have to build a complete security policy as well as its implemental protection systems [8][10]. Well-dened mechanisms, such as encryption/decryption, digital signature, hash function, and watermarking, can be applied to construct security systems that protect medical data [11][20]. Although the medical security is a specic case, these general mechanisms are still superior due to the skillful design. On the other hand, the medical security issue is nontrivial, since the conventional mechanism was not originally designed for the specic requirements of medical information. Therefore, these security mechanisms must be adapted to t the healthcare environment. Various approaches [8][10], [21], [22] have been proposed to comply with HIPAA regulations. In order to support hospitalwide HIPAA compliance, Cao et al. [8] focused on ensuring the integrity and security of medical images and network security for the picture archiving and communications system (PACS). Lee and Lee [9] summarized the essential events for HIPAA privacy/security regulations and proposed a solution for these events. Their system not only satises the requirements of patients control and understanding, but also safeguards the condentiality and integrity of the protected health information (PHI). The case of consent exceptions is solved by providing the key recovery mechanism. Following the framework proposed in [9], the different security systems in [10], [21], and [22] were developed for HIPAA compliance. However, there is a security vulnerability that has not been considered by these schemes. Although these systems ensure that only authorized users can access the PHI, control is terminated when the data are legally decrypted. Thus, it is still possible for a legal user to deliver decrypted medical data to an unauthorized person for some purposes. In other words, under the strong protection techniques, the illegal disclosure of medical information can still occur. With this weakness, the patients control cannot be achieved, and the condentiality of PHI becomes compromised. Undoubtedly, this poses a serious challenge to HIPAA privacy/security regulations. Although this problem is a management issue rather than a technical issue, a suitable watermarking technique, which

1089-7771/$26.00 2011 IEEE

LEE et al.: NOVEL KEY MANAGEMENT SOLUTION FOR REINFORCING COMPLIANCE WITH HIPAA PRIVACY/SECURITY REGULATIONS

551

embeds a message related to the identication of the user accessing the image, can prevent the problem. Li et al. [23] proposed a specic multicast ngerprinting solution based on the digital watermarking mechanism. Their approach embeds an individuals watermark message into the medical image. Therefore, the illegal distribution of the medical image can be tracked by extracting the watermark message. However, key management, a crucial issue, has not been carefully considered, so it is difcult to determine how the watermark keys are prepared, stored, and distributed by the proper authority. If the security of the key management is doubtful, both the medical information security and the patients privacy are threatened. During the healthcare process, a patients medical records are accessed by different medical staff members on various operating devices. For example, a medical image may be displayed on a clinical physicians PC and on a radiologists workstation. A key management scheme must be carefully designed so that the medical records can be protected without disturbing the healthcare process. The security system with a key management mechanism should closely match protocols, equipment, and procedures that are currently used in the healthcare organization, such as health professional cards (HPCs), digital imaging and communication in medicine (DICOM), and the PACS. Implementation of the security system affects patients and medical staff, so the impact must be minimized. In this paper, we propose a protection model to protect decrypted medical images from being illegally distributed by an authorized staff member. To make the model work, several well-established cryptographic mechanisms are integrated, since none of them alone can provide the protection. Key management is crucial to facilitate the interoperations among these mechanisms because the keys are required in all applied mechanisms. Our key management, derived from the concept of Shamirs secret sharing, ensures the authorization of the decryption key for each image. Moreover, the watermark mechanism is tied in with the tracking of the malicious staff member who illegally distributed decrypted images. Therefore, by combining the applied mechanisms and developing a skillful key management, the risk of the illegal distribution of authorized users can be reduced by using the proposed model. The rest of this paper is organized as follows. In Section II, we briey describe related works to facilitate the understanding of our design. In Section III, the proposed protection model is delineated. The discussion and conclusion are given in Sections IV and V, respectively.

Fig. 1.

Watermark embedding.

B. Digital Imaging and Communication in Medicine DICOM [25] is developed to accomplish compatibility and performance among computer systems, network protocols, and medical imaging modalities. It provides a comprehensive principle for managing, operating, storing, printing, and transmitting medical images. The tags of the DICOM header are stipulated to satisfy various requirements of medical imaging. For example, a DICOM header consists of Patient ID, ServiceObject Pair (SOP) Instance Unique Identier (UID), Accession Number, and so on. The Patient ID is used to uniquely link an image to a patient; the SOP Instance UID is used to uniquely identify an image; and the Accession Number is a number stored in the HIS for retrieving a DICOM study from the PACS. C. Robust Digital Watermarking Unlike encryption, a robust watermarking mechanism is generally applied to protect digital rights as a proof of ownership by embedding a crucial clue into multimedia data. A digital robust watermarking mechanism presents the following major concerns. 1) Imperceptibility: The watermarked image should be almost identical to the original one to retain its quality and camouage. 2) Robustness: If the watermarked image has been manipulated, such as cropping, noising, blurring, or compression, the verier can identiably extract the watermark as long as the quality of image reasonably remains. In the past, many researchers have developed various robust watermarking techniques [26][35] that provide both imperceptibility and robustness. Generally, two major operations are involved in a watermarking system, embedding and extracting, which are depicted in Figs. 1 and 2, respectively. In the frequency-domain-based watermarking, the image is transformed into the frequency domain before the watermarking process and, then, is inversely transformed into the spatial domain. For example, the discrete cosine transform (DCT) employed in [27], [31], and [32] is a helpful mechanism to accomplish the operation. Furthermore, a watermark key can be used to protect the embedded watermark. For example, if the embedding frequency coefcients are decided by a key during embedding, the user without the corresponding key cannot further locate and extract the watermark. The operations of embedding and extracting can be formulated as Watermarked Image = WEKey (OriginalImage, Watermark) and Watermark WTKey (Watermarked Image), = respectively.

II. PRELIMINARY A. Secret Sharing Shamir [24] proposed a (t, n) threshold secret sharing mechanism to distribute a secret to n participants, so that the secret can be recovered only when t out of n (t n) participants cooperate together. The interested readers may refer to [24] for details.

552

IEEE TRANSACTIONS ON INFORMATION TECHNOLOGY IN BIOMEDICINE, VOL. 15, NO. 4, JULY 2011

B. Key Generation Phase The keys of an operating device and its equipped card reader are generated when they are certied. For a card reader, two keys are required, since it has to act as the connection between a certied device and a staff members smart card. The procedures to generate all participants keys are described in the following steps. Step 1: Compute the key of device i as Yd,i = fD (IDd,i ) where IDd,i is the identication of device i. Step 2: Compute two keys of the card reader k by using the polynomials dened in (1) and (2): Yr D ,k = fD (IDr,k ) and Yr S,k = fS (IDr,k ) where IDr,k is the identication of card reader k. The staff key is generated when a staff member joins a healthcare institute. Step 3: Compute the key of staff member j as Ys,j = fS (IDs,j ) where IDs,j is the identication of device j. Once the key Ys,j is generated, it is securely saved in the smart card owned by staff member j. C. Image Encryption Phase When a medical image, denoted as IM, is generated by a modality, it is sent to the PACS server. Then, for encryption, the PACS server performs the following steps. Step 1: Compute the session key Kim for IM as Kim = h(Km || IDim ) (3)

Fig. 2.

Watermark extracting.

III. PROPOSED MODEL Our model involves a trusted PACS server, certied devices D used to display medical images equipped with smart card readers R, and healthcare staff members S, such as surgeons, physicians, and radiologists. Accordingly, medical images can be accessed only when staff members are authorized by inserting their smart cards into the card reader attached to a certied device. Moreover, during the decryption performed by the PACS server, a watermark is embedded to the image simultaneously to provide tracking ability. The notations prepared in the system are dened as follows. Let q be a large prime number; h(), a public secure one-way hash function; and EK () and DK (), the symmetric encryption and decryption functions with secret key K, respectively. The model consists of ve phases: initialization, key generation, image encryption, image decryption, and disclosure verication. The details of these phases are described as follows. A. Initialization Phase In this phase, the master key Km is selected. Then, two linear polynomials, denoted as fD (X) and fS (X), are constructed, where fD (X) and fS (X) are used to generate device keys and staff keys, respectively. The master key Km can be recovered from the interception of fD (X) and fS (X). Step 1: Choose a random number Km Zq as the master key. Step 2: On a 2-D coordinate plane, point PK m = (Km , b) is chosen. Then, select two other points PD = (P XD , P YD ) and PS = (P XS , P YS ) in such a way that PK m , PD , and PS are not on a line, where P XD , P YD , P XS , and P YS are in Zq . Step 3: Construct a polynomial Y = fD (X) = a1 X + a2 mod q (1)

where IDim is the identication of IM, which can be any unique information stored in the DICOM header of the image, such as the SOP Instance UID. Step 2: Encrypt IM as C = EK im (IM). Step 3: Store the encrypted image C. Fig. 3 presents the ow of the image encryption process. D. Image Decryption Phase When an authorized staff member j requests access to image IM on a certied device i, the staff member must insert the smart card into the card reader k connected to device i and, then, enables the card by entering the correct PIN or biometric information. Then, the card performs the following procedures. Step 1: Derive keys Yd,i , Ys,j , Yr D ,k , and Yr S,k from device i, the smart card of staff j, and card reader k, respectively. Step 2: Reconstruct (1) by (IDd,i , Yd,i ) and (IDr,k , Yr D ,k ). Step 3: Reconstruct (2) by (IDs,j , Ys,j ) and (IDr,k , Yr S,k ). Step 4: Recall the master key Km by computing the intersection of (1) and (2). Step 5: Compute the images session key Kim by (3) as Kim = h(Km || IDim ). (5) (4)

by computing Lagrange interpolation through the points PK m and PD , i.e. fD (P XD ) = P YD and fD (Km ) = b. Step 4: Construct a polynomial Y = fS (X) = a3 X + a4 mod q (2)

by computing Lagrange interpolation through the points PK m and PS , i.e., fS (P XS ) = P YS and fS (Km ) = b. Then, the two polynomials as well as the point PK m (Km , b) are kept without any disclosure.

LEE et al.: NOVEL KEY MANAGEMENT SOLUTION FOR REINFORCING COMPLIANCE WITH HIPAA PRIVACY/SECURITY REGULATIONS

553

Fig. 4.

Flow of the image decryption phase.

Fig. 3.

Flow of the image encryption phase.

Step 2: Extract the embedded watermark from IM as Ws,j = WTK wk (IM ) (8)

The device, then, sends the access request with Kim , IDim , and IDs,j to the PACS server. After receiving the request, the PACS server performs the following steps. Step 1: Generate a watermark message Ws,j based on the identication IDs,j as Ws,j = GW(IDs,j ) (6)

where WTK wk () denotes the watermark extracting process with Kwk . Once Ws,j is extracted, the identication IDs,j appearing on the watermark can be visibly recognized, thus identifying the suspicious staff member. IV. DISCUSSION The major contribution of this paper is to propose a modularized protection model that includes a key management scheme and a tracking mechanism. Since the model is modularized, all the applied cryptographic mechanisms are able to be individually replaced as future security or efciency concerns. To validate our contribution, the privacy and security aspects of the proposed model are examined thoroughly in this section. Then, the feasibility of its implementation is evaluated to show the practicability. A. Privacy Protection Issues To illustrate the privacy protection capability of our model, the access processes for medical images are discussed in this section. During transmission and storage, each medical image is encrypted by a well-developed cipher, such as advanced encryption standard (AES) [36][38], with the key Kim generated based on the master key Km and the unique identication IDim . To challenge the security implies breaking the underlying cryptosystem, except when the master key Km is compromised. When a staff member needs to retrieve an encrypted medical image stored in the PACS server, Km must be recovered rst in order to compute the decryption key Kim for the image. The keys of the staff member and the certied device are computed by different functions. Knowledge of (IDd,i , Yd,i ), (IDs,j , Ys,j ), (IDr,k , Yr D ,k ), and (IDr,k , Yr S,k ) is required to rebuild the two polynomials stated in (1) and (2) in order to nd their intersection PK m (Km , b). Therefore, an encrypted image can be decrypted only under the request issued by an authorized staff member on a certied device as long as a1 , a2 , a3 , and a4 are secure.

where GW() is a function to generate the watermark message, which is a visible binary pattern of the given identication. Step 2: Divide the watermark message Ws,j into t blocks as 1 2 t Ws,j = {Ws,j , Ws,j , . . . , Ws,j }, where t = (the size of image C/the size of a DCT block). Step 3: Compute the watermarking key Kwk of the image as Kwk = h(Km || IDp || SNim ) (7)

where IDp is the Patient ID, and SNim is the Accession Number of the image. r Step 4: Embed watermark as IM r = WEK wk (IMr , Ws,j ) for r = 1, . . . ,t, where IMr is the rth accumulation of the size of a DCT block and is generated during performing DK im (C). Step 5: Send the decrypted watermarked image IM = {IM 1 , IM 2 , . . . , IM t } to the operating device. During the decryption process, whenever an image block, with enough size to accommodate a piece of watermark message, is decrypted, the watermark message is embedded into the decrypted image block. As a result, the watermarking and decryption processes are performed parallelly. By repeating the process, the embedding process is tied in with the decryption to guarantee the traceability. Fig. 4 presents the ow of the image decryption phase. E. Disclosure Verication Phase Whenever an illegally disclosed medical image is found, the following verication process is invoked on the PACS server to track the staff member who is responsible. Step 1: Compute the watermarking key Kwk by (7).

554

IEEE TRANSACTIONS ON INFORMATION TECHNOLOGY IN BIOMEDICINE, VOL. 15, NO. 4, JULY 2011

During the image decryption process, the data in an encrypted medical image are decrypted sequentially. After decrypting a set of data, part of the watermark is embedded in the decrypted set before decrypting the next set. Accordingly, a possible way to break the watermark is to terminate the decryption process when the amount of decrypted information is sufcient for disclosure that is similar to perform malicious modication on the watermarked image. In such a way, the major concern is that how many portions of the watermark are embedded. Because the embedded watermark Ws,j generated from the identication IDs,j is a visible binary pattern, the remarkable tolerance ability of the visual system is able to recognize the extracted watermark fragments. Thus, by using the natural property of the human visual system, the watermark is enough different visually to allow user identication even in the case of strong image modication. The watermark Ws,j embedded in a decrypted image is produced from the identication of staff member j. Therefore, if an illegally distributed decrypted image is found, the user who distributed the decrypted image can be identied by verifying the extracted watermark Ws,j . For successful disclosure verication, the traceability of the embedded watermark must be guaranteed. The watermarking key is computed by (7) Kwk = h(Km || IDp || SNim ). Modication of either IDp or SNim is a possible way to disable the tracking ability. However, once the IDp is modied, the relation between the image and the patient is broken. As a result, the illegally distributed image will not damage the patients privacy. If SNim is modied, Kwk can be recovered by comparing all Accession Numbers of the patient, since all these numbers are recorded in the HIS. Furthermore, a malicious user may separately disclose a medical image and the corresponding patient information in order to defeat the protection. In this case, the knowledge IDp and SNim required in (7) may be exhaustly searched from the HIS. Although the process is time consuming, it is workable because the case occurs infrequently and the process can be performed ofine. On the other hand, a potential way to destroy the watermark embedded in a decrypted image is to remove it. The operation of watermarking depends on the images watermarking key Kwk . The security of Kwk is vital for the success of the model and will be discussed in the next section. B. Security Analysis In this section, the security of the keys operating among the applied mechanisms is analyzed. The certied device keys and staff member keys are generated based on their associated identications, which may be public. It is computationally infeasible to derive (1) and (2) without the knowledge of a1 , a2 , a3 , and a4 . The staff member key Ys,j stored in the smart card is securely protected. In accordance with the smart card standard, ISO/IEC 7816 [39], different access controls, including PIN, specic authentication, and so on, can be applied to protect the data stored in the smart card [40], [41]. In some countries, the government strictly regulates data access. For example, in Taiwan, each card

reader used in healthcare organizations must be equipped with a certied Security Access Module (SAM). The data stored in the Healthcare IC Card can be accessed only after going through a series of mutual authentication steps between the SAM and the Bureau of National Health Insurance (BNHI) [42], [43]. Due to the full protection of key Ys,j , it is impossible to compute (2) using two or more staff members keys. The certied device keys are protected in a similar way. Thus, any illegal collusion between two or more participants is infeasible. For an attacker, there is a possibility to perform an exhaustive search to nd the Km . In the initialization phase, Km is determined as a random number and can be generated using the Deterministic Random Bit Generator [44], following the recommendations of the National Institute of Standards and Technology. The minimum length of Km is 112 bits and can be expanded to 128, 196, or 256 bits [44] to enhance the security strength. Furthermore, the large prime q can be set to 512 bits. Now, let us consider Kim and Kwk . Both are generated by (3) Kim = h(Km || IDim ) and (7) Kwk = h(Km || IDp || SNim ), respectively. The secure hash function, for example, the secure hash algorithm (SHA-256) [45], is collision resistant, so that the correct Kim and Kwk can be computed if (and only if) the correct Km is held. Based on the security of Km , there is no way to compromise Kim and Kwk . Furthermore, a crucial concern is that the same key cannot be used to watermark too many documents [46]. In our model, the keys used in the mechanisms of encryption and watermarking as well as the keys for processing each DICOM study are different. For instance, SNim , the Accession Number of the DICOM study, is applied to produce the watermarking key Kwk . This means that the watermarking operation for each study uses a distinct key. Although some multiframe examinations, such as the Computer Tomography (CT) scan, contain more than one image in a study, the number is limited and acceptable. Generally speaking, the number of images in a study is not greater than 1000 in current medical practice. Therefore, the key developed in our model conforms to the principle of key usage directed in [46]. Based on this discussion, the protection model with the key management development proposed in this paper is secure for professional healthcare service. C. Feasibility Analysis To show the practicability, the details of the required equipments, information, and techniques for the system are discussed in this section. 1) Required Equipment: To implement the proposed model, a healthcare organization needs to equip each operating device with a smart card reader and a certied SAM, install key generation and decryption-watermark embedding modules to a trusted PACS server, and provide a smart card to each medical staff member as needed. Since 1995, many countries have been implementing advanced smart card projects to facilitate healthcare service [47][50]. For instance, in Taiwan, the NHI IC Card is one of the major e-government initiative projects. As of December 2008, more than 91.87% of hospitals and healthcare institute have joined this project [43], [51]. Under this project, it is

LEE et al.: NOVEL KEY MANAGEMENT SOLUTION FOR REINFORCING COMPLIANCE WITH HIPAA PRIVACY/SECURITY REGULATIONS

555

necessary to apply an HPC as well as a card reader. Accordingly, the health smart card equipment is well established and dependable. The SAM technology is mature, and the required function can be easily implemented in the card readers. Hence, all of the equipment required to implement the system are available and practical. 2) Required Information: The key of an authorized staff member is created based on their identication, which can be easily obtained from their personal record. The identication of an operating device and a card reader can be any existing identication of the device, such as the host name or the manufacturer assigned series number. In the proposed model, the parameters used to generate the keys of Kim and Kwk are computed based on the Patient ID, SOP Instance UID, and the Accession Number, which are dened in the DICOM. As a result, no collection of new information is needed to implement the proposed system. Moreover, the DICOM is a predominant standard for the current medical imaging environment [52], [53], so it poses no implementation problem. 3) Required Techniques: The mechanisms required to implement the model include a symmetric cipher, a one-way hash function, an identication watermark generator, and a watermark embedding/extracting mechanism. All of these techniques have been thoroughly investigated by researchers. Many wellknown results have been published and carefully evaluated. These techniques are continuously improved for better adaptation in various applications. For instance, the watermark mechanism, popularly used for the multimedia purpose, is getting mature in healthcare business as the time goes on. Furthermore, the efciency of these techniques is acceptable, since there are no time-consuming operations.

ACKNOWLEDGMENT The authors would like to thank the anonymous referees for their valuable discussions and comments.

REFERENCES
[1] H. J. Smith, S. J. Milberg, and S. J. Burke, Information Privacy: Measuring individuals concerns about organizational practices, MIS Q., vol. 20, pp. 167196, Jun. 1996. [2] R. Cushman, Information and medical ethics: Protecting patient privacy, IEEE Technol. Soc. Mag., vol. 15, no. 3, pp. 3239, Fall 1996. [3] F. H. Simone, IT-Security and Privacy: Design and Use of PrivacyEnhancing Security Mechanisms (Lecture Notes in Computer Science Series). New York: Springer-Verlag, Jun. 2001, p. 6. [4] J. G. Hodge, Jr., L. O. Gostin, and P. D. Jacobson, Legal issues concerning electronic health information: Privacy, quality, and liability, J. Amer. Med. Assoc., vol. 282, pp. 14661471, 1999. [5] Health Insurance Portability and Accountability Act of 1996, 104th Congress, Public Law 104191, 1996. [6] Centers for Medicare and Medicaid Services. (1996). Health Insurance Portability Accountability Act of 1996 (HIPAA), [Online]. Available: http://www.cms.hhs.gov/hipaageninfo. [7] G. M. Stevens, A brief summary of the medical privacy rule, in Proc. CRS Rep. Congr., 2003. [8] F. Cao, H. K. Huang, and X. Q. Zhou, Medical image security in a HIPAA mandated PACS environment, Comput. Med. Imag. Graph, vol. 27, no. 23, pp. 185196, 2003. [9] W.-B. Lee and C.-D. Lee, A cryptographic key management solution for HIPAA privacy/security regulations, IEEE Trans. Inf. Technol. Biomed., vol. 12, no. 1, pp. 3441, Jan. 2008. [10] J. Li, J.-S. Lee, and C.-C. Chang, Preserving PHI in compliance with HIPAA privacy/security regulations using cryptographic techniques, in Proc. Int. Conf. Intell. Inf. Hiding Multimedia Signal Process., 2008, pp. 15451548. [11] P. Pharow and B. Blobel, Electronic signatures for long-lasting storage purposes in electronic archives, Int. J. Med. Informat., vol. 74, pp. 279 287, 2005. [12] E.-H. W. Kluge, Secure e-health: Managing risks to patient health data, Int. J. Med. Informat., vol. 76, pp. 402406, 2007. [13] W. Susilo and K. T. Win, Security and access of health research data, J. Med. Syst., vol. 31, pp. 103107, 2007. [14] J. Choe and S. K. Yoo, Web-based secure access from multiple patient repositories, Int. J. Med. Informat., vol. 77, pp. 242248, 2008. [15] F. Hu, M. Jiang, M. Wagner, and D.-C. Dong, Privacy-preserving telecardiology sensor networks: Toward a low-cost portable wireless hardware/software codesign, IEEE Trans. Inf. Technol. Biomed., vol. 11, no. 6, pp. 619627, Nov. 2007. [16] D.-C. Lou, M.-C. Hu, and J.-L. Liu, Multiple layer data hiding scheme for medical images, Comput. Stand. Interfaces, vol. 31, pp. 329335, 2009. [17] J. Hu and F. Han, A pixel-based scrambling scheme for digital medical images protection, J. Netw. Comput. Appl., vol. 32, pp. 788794, 2009. [18] I. Blanquer, V. Hernandez, D. Segrelles, and E. Torres, Enhancing privacy and authorization control scalability in the grid through ontologies, IEEE Trans. Inf. Technol. Biomed., vol. 13, no. 1, pp. 1624, Jan. 2009. [19] G. Coatrieux, C. L. Guillou, J.-M. Cauvin, and C. Roux, Reversible watermarking for knowledge digest embedding and reliability control in medical images, IEEE Trans. Inf. Technol. Biomed., vol. 13, no. 2, pp. 158168, Mar. 2009. [20] L. O. M. Kobayashi, S. S. Furuie, and P. S. L. M. Barreto, Providing integrity and authenticity in DICOM images: A novel approach, IEEE Trans. Inf. Technol. Biomed., vol. 13, no. 4, pp. 582589, Jul. 2009. [21] J. Hu, H.-H. Chen, and T.-W. Hou, A hybird public key infrastructure solution (HPKI) for HIPAA privacy/security regulations, Comput. Stand. Interfaces, vol. 32, no. 56, pp. 274280, Oct. 2010. [22] H.-F. Huang, K.-C. Liu, and H.-W. Wang, A new design of cryptographic key management for HIPAA privacy and security regulations, Int. J. Innovat. Comput., Inf. Control, vol. 5, no. 11(A), pp. 13494198, Nov. 2009. [23] M. Li, R. Poovendran, and S. Narayanan, Protecting patient privacy against unauthorized release of medical images in a group communication environment, Comput. Med. Imag. Graph., vol. 29, pp. 367383, 2005.

V. CONCLUSION We have proposed a protection model to prevent medical images being illegally distributed by authorized staff members. In our model, several well-established cryptographic mechanisms are combined by using a modularized design, so that each of the underlying mechanisms can be replaced for security or efciency concerns. Moreover, the interoperation problems among the different mechanisms are addressed by the proposed key management scheme. The security of keys supports the access authorization and the success of illegal distribution tracking, thus enhancing the protection of patients privacy. Finally, the proposed model is feasible and can be implemented with minimum impacts for the health industry. The model proposes a practical solution to manage keys securely. However, the periodical update of the master key as well as the related keys is still required to maintain the security level. Fortunately, the process of key update in the model is not difcult, since the devices and staff members have been involved in the control of a hospital. In our future work, we hope that the model can be modied to accommodate the consideration of a secure and exible way, which can update the master key without the inuence of the participants.

556

IEEE TRANSACTIONS ON INFORMATION TECHNOLOGY IN BIOMEDICINE, VOL. 15, NO. 4, JULY 2011

[24] A. Shamir, How to share a secret, Commun. ACM, vol. 11, pp. 612613, 1979. [25] HEMA. DICOM: Digital Imaging and Communication in Medicine. (Jan. 2011). [Online]. Available: http://medical.nema.org/ [26] F. Y. Shih and Y.-T. Wu, Robust watermarking and compression for medical images based on genetic algorithms, Inf. Sci., vol. 175, no. 3, pp. 200216, Oct. 2005. [27] A. Sverdlov, S. Dexter, and A. Eskicioglu, Robust DCT-SVD domain image watermarking for copyright protection: Embedding data in all frequencies, presented at the 13th Eur. Signal Processing Conf., Sep. 2005, Antalya, Turkey. [28] C.-C. Chang, P. Tsai, and C.-C. Lin, SVD-based digital image watermarking scheme, Pattern Recognit. Lett., vol. 26, pp. 15771586, 2005. [29] K.-L. Chung, W.-N. Yang, Y.-H. Huang, S.-T. Wu, and Y.-C. Hsu, On SVD-based watermarking algorithm, Appl. Math. Comput., vol. 188, pp. 5457, 2007. [30] A. A. Mohammad, A. Alhaj, and S. Shaltaf, An improved SVD-based watermarking scheme for protecting rightful ownership, Signal Process., vol. 88, pp. 21582180, 2008. [31] S. D. Lin, S.-C. Shie, and J. Y. Guo, Improving the robustness of DCTbased image watermarking against JPEG compression, Comput. Stand. Interfaces, vol. 32, pp. 5460, 2010. [32] M. H. Pi, C. H. Li, and H. Li, A novel fractal image watermarking, IEEE Trans. Multimedia, vol. 8, no. 3, pp. 488499, Jun. 2006. [33] W. Lu, W. Sun, and H. Lu, Robust watermarking based on DWT and nonnegative matrix factorization, Comput. Electr. Eng., vol. 35, pp. 183 188, 2009. [34] L. Ghouti, A. Bouridane, M. K. Ibrahim, and S. Boussakta, Digital image watermarking using balanced multiwavelets, IEEE Trans. Signal Process., vol. 54, no. 4, pp. 15191536, Apr. 2006. [35] J.-J. Shen and J.-M. Ren, A robust associative watermarking technique based on vector quantization, Digit. Signal Process., vol. 20, pp. 1408 1423, 2009. [36] Advanced Encryption Standard, FIPS 197, National Institute of Standards and Technology, Gaithersburg, MD, 2001. [37] A. Biryukov, Block ciphers and stream ciphers: The state of the art,, Cryptology ePrint Archive, 2004, Rep. 2004/094, [Online]. Available: http://eprint.iacr.org/2004/094/. [38] J. Daemen and V. Rijmen, The block cipher rijndael, Res. Appl., vol. 1820, pp. 288296, 2000. [39] Integrated Circuit(s) Cards With Contacts, International Standard ISO/IEC 7816, International Organization for Standardization, 2004. [40] K. Vedder and F. Weikmann, Smart cardsRequirements, properties, and applications, in State of the Art in Applied CryptographyCourse on Computer Security and Industrial Cryptography (Revised Lectures) (Lecture Notes in Computer Science Series). vol. 1528. New York: Springer-Verlag, Jun. 1997, pp. 307331. [41] D. Husemann, Standards in the smart card world, Comput. Netw., vol. 36, pp. 473487, 2001. [42] J.-T. Lai, T.-W. Hou, C.-L. Yeh, and C.-M. Chao, Using healthcare IC cards to manage the drug doses of chronic disease patients, Comput. Biol. Med., vol. 37, pp. 206213, 2007. [43] C.-T. Liu, P.-T. Yang, Y.-T. Yeh, and B.-L. Wang, The impacts of smart cards on hospital information systemsAn investigation of the rst phase of the national health insurance smart card project in Taiwan, Int. J. Med. Informat., vol. 75, pp. 173181, 2006. [44] Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revised), FIPS SP 800-90, National Institute of Standards and Technology, Gaithersburg, MD, 2007. [45] Secure Hash Standard, FIPS 180-2, National Institute of Standards and Technology, Gaithersburg, MD, 2002. [46] F. Cayre, C. Fontaine, and T. Furon, Watermarking security: Theory and practice, IEEE Trans. Signal Process., vol. 53, no. 10, pp. 39763987, Oct. 2005. [47] O. Rienhoff, Integrated Circuit Health Data Cards (Smart Cards): A Primer for Health Professionals. Washington, DC: PAHO, 2003. [48] Smart health card: The key to the health care system of the future. (Jan. 2011). [Online]. Available: http://www.gi-de.com. [49] B. Blobel and P. Pharow, Experiences with health professional card, in Proc. Electron. Health Rec. Eur.. London, U.K, Sep. 1997, pp. 2939. [50] W. C. Pao, NHI IC cards in use at all hospitals, clinics, China Post, vol. 5, p. 5, Mar. 2004.

[51] Bureau of National Health Insurance. (2009). National Health Insurance in Taiwan [Online]. Available: http://www.nhi.gov.tw/webdata/ AttachFiles/Attach_13787_1_NationalHealthInsuranceinTaiwan2009.pdf. [52] S. C. Horii and W. D. Bidgood, DICOM: A standard for medical imaging, Proc. SPIE, vol. 1785, pp. 87102, Sep. 1992. [53] R. Noumeir, DICOM structured report document type denition, IEEE Trans. Inf. Technol. Biomed., vol. 7, no. 4, pp. 318328, Dec. 2003.

Chien-Ding Lee received the B.S. degree from the Department of Information Management, Chaoyang University of Technology, Taichung, Taiwan, in 2000, and the M.S. degree in 2005 from the Department of Information Engineering and Computer Science, Feng Chia University, Taichung, Taiwan, where he is currently working toward the Ph.D. degree. He is an Information Engineer with the Department of Information Systems, Changhua Christian Hospital, Changhua, Taiwan. His current research interests include cryptography, information hiding, healthcare informatics, and medical imaging.

Kevin I.-J. Ho received the B.S. degree in computer engineering from the National Chiao Tung University, Hsinchu, Taiwan, in 1983, and the M.S. and Ph.D. degrees in computer science from the University of Texas, Dallas, in 1990 and 1992, respectively. He was an Assistant Engineer at the Institute of Information Industry, Taipei, Taiwan, from 1985 to 1987. He is currently an Associate Professor with the Department of Computer Science and Communication Engineering, Providence University, Taichung, Taiwan. His current research interests include image processing, neural computation, distributed computing, scheduling theory, and information security.

Wei-Bin Lee (M03) received the B.S degree from the Department of Information and Computer Engineering, Chung-Yuan Christian University, Chungli, Taiwan, in 1991 and the M.S. degree in computer science and information engineering from the National Chung Cheng University, Chiayi, Taiwan, in 1993. He received the Ph.D. degree from the National Chung Cheng University, in 1997. He has been with the Department of Information Engineering, Feng Chia University, Taichung, Taiwan, since 1999, where he is currently a Professor. Meanwhile, he is the Dean of Ofce of Information Technology, Feng Chia University. His current research interests include cryptography, information security management, steganography, and network security. Dr. Lee is an honorary member of the Phi Tau Phi Scholastic Honor Society.