While the Integrating the Healthcare Enterprise (IHE) initiative's Cross-Enterprise Document Sharing for Imaging (XDS-I) integration profile supports image and report sharing between institutions, privacy concerns limit its use in the cloud. Portuguese researchers may have found a way to make it work, however.
A team from the University of Aveiro has developed a new approach that enables key XDS-I functions to be performed in the cloud. Called XDS for Protected Imaging (XDS-π), this concept allows users to take advantage of the benefits of cloud computing, whilepreserving data privacy, confidentiality, and integrity for sharing of images and reports, according to the group led by Luís Ribeiro from the department of electronics, telecommunications and informatics.
"We believe that our solution brings an agile new approach to the old problem of exchanging clinical information across institutions in a transparent and efficient manner," the researchers wrote in their paper that was presented recently at the Medinfo 2013 meeting in Copenhagen.
An old problem
The distribution of clinical documents such as images and reports across independent organizations isn't a new topic. Several recent projects have focused on enabling cross-sharing communities, typically pushed by the technology being hyped at the moment, such as grid computing, peer-to-peer, cluster computing, and now cloud computing, Ribeiro told AuntMinnieEurope.com.
"Besides the many technical challenges such as interoperability, availability, or access control, we detected a common trend justifying the lack of effective permeation in the field: Projects were unable to transition from a grant funding model to a self-sustaining model," he said.
The cloud's flexible business model, combined with lower prices, drove the group to study its potential to support such sharing communities, he said. For an insitution, the idea of subscribing to a document sharing service is more attractive than having to plan, maintain, and make a heavy upfront investment in IT infrastructure, Ribeiro said.
On the downside, the use of the public cloud as a bridge or repository of clinical documents such as images and reports brings other risks, including confidentiality, latency issues, or data locking, Ribeiro said. The XDS-I integration profile also assumes that architectural components are owned and maintained by healthcare institutions, which is not the case in the cloud.
Bringing XDS-I to the cloud
To resolve these issues, the University of Aveiro team developed an XDS-I approach that, rather than just using the cloud as a repository of blob-encyrpted data, enables the cloud deployment of XDS-I actors such as repository, registry, and Web Access to DICOM Objects (WADO) server.
Caption: XDS for Protected Imaging enables XDS-I Document Registry, Document Repository, and WADO Server actors to function securely in the cloud. All images courtesy of Luis Ribeiro."The main idea behind our solution is to perform encryption/decryption in the client-side to the uploaded DICOM objects and related reports," the researchers wrote. "Nevertheless, it goes further by still enabling searching mechanisms over the encrypted data on the Document Registry/Repository in a transparent manner for the server-side."
Calling it XDS for Protected Imaging (XDS-π), the group's model uses the same transactions handled by the standard XDS Document Repository and Document Registry. The XDS-I Image Document Source and Image Document Service perform some additional actions, however.
XDS-I actors in the cloud retain interoperability and the same search capabilities as if they were operating in plain text, yet still ensuring data confidentiality, Ribeiro said.
A novel searchable encryption scheme developed by the group called Posterior Playfair Searchable Encryption (PPSE) allows queries over encrypted datasets, while also hiding the access/search patterns from the cloud service provider, Ribeiro said.
Encryption process for a XDS Document Entry using the the group's Posterior Playfair Searchable Encryption (PPSE) encryption scheme.The open-source XDS-π plug plug-in has been developed for use with the Dicoogle PACS platform, which can be downloaded here. A user interface on Dicoogle allows users to add intended recipients, related documents to the imaging study, and set confidentiality level for the documents.
Current status
Developing affinity domains, or a group of healthcare enterprises that have agreed to work together using a common set of policies and share a common infrastructure, for XDS-π is a necessary milestone for achieving the group's final goal of launching affinity domains on-demand, Ribeiro said.
"We are developing a framework (XADi framework) that offers a set of affinity domains templates that can be customized according to the community's needs," he said. "These affinity domains follow the XDS-π approach."
In addition, the group is deploying a distributed PACS connecting two private healthcare institutions in north Portugal. The central servers that are in the cloud use the PPSE scheme, Ribeiro said.
