EVALUATION OF HIPAA SECURITY REQUIREMENTS ON ENCRYPTION FOR RADIOLOGY THROUGHPUT RATESEVALUATION OF HIPAA SECURITY REQUIREMENTS ON ENCRYPTION FOR RADIOLOGY THROUGHPUT RATESSpencer B. Gay, M.D., Andrew M. Snyder, M.S., Alfred C. Weaver, Ph.D., Matthew J. Bassignani, M.D., Samuel J. Dwyer, III, Ph.D.Spencer B. Gay, M.D., Andrew M. Snyder, M.S., Alfred C. Weaver, Ph.D., Matthew J. Bassignani, M.D., Samuel J. Dwyer, III, Ph.D.

University of Virginia Health System, Charlottesville, VAUniversity of Virginia Health System, Charlottesville, VA

As expected, DES was fastest because it has the shortest key and is therefore the least secure. Predictably, the RSA public key algorithm was slowest because it was never meant to be used with large files such as images. The significance of Table 7 is that it reveals for the first time (in a .NET environment) what computational price is being paid for the superior protection of the new AES-256 encryption algorithm. AES is many orders of magnitude more secure than the other techniques, and we have shown that its use entails acceptable computational costs.

Applying the data flow model as shown in Figure 1, we were able to predict the radiology department’s expected throughput when images were and were not encrypted and decrypted upon storage and transmission (Table 8).

BACKGROUNDBACKGROUND

Almost a decade after the passage of the Health Insurance Portability and Accountability Act of 1996 [1], HIPAA will require compliance with its Security Standards (Section 164, 68 Fed. Reg. 8333) by April 20, 2005, for all entities covered by these rules (except small health plans which have an additional year). The Security Standards guard electronic Protected Health Information (PHI), which includes any health care or health payment information that identifies or could be used to identify the individual to whom it pertains and that is stored or transmitted using electronic media.

The structure of the security rule is based upon three standards:1. Administrative safeguards (section 164.308)2. Physical safeguards (section 164.310)3. Technical safeguards (section 164.312)

and two administrative standards:1. Organizational requirements (section 164.314)2. Policies and procedures and documentation requirements (section 164.316).

The HIPAA security matrix (Appendix A, 45 CFR Part 164, Subpart C, Security Standards for the Protection of Electronic Protected Health Information, published Feb. 20, 2003, 68 Fed. Reg. 8334) identifies the standards, the sections, and the implementation specifications which are either required (R) or addressable (A). Under the technical safeguard section, encryption and decryption (section 164.312 (a)(1)) and transmission security (section 164.312 (e)(1)) are both marked as “addressable.”

A number of security protection schemes which proclaim HIPAA compliance are currently in use. Passwords and biometric devices provide limited authentication; firewalls are often employed for intra-hospital security; digital signatures are used to prove message integrity. Modern data encryption and decryption algorithms are powerful techniques for data security, but their impact on throughput is not yet known. This study provides an estimate of the performance impact of data encryption/decryption when applied to PACS throughput.

EVALUATION METHODSEVALUATION METHODS

The metric selected for this study is “throughput.” To determine the “addressable” implementation specifications of encryption on access control and transmission security, we conducted testbed experiments to evaluate the effect of several popular methods on radiology workflow. The methods we evaluated are shown in Table 1.

Method Comments

Data Encryption Standard (DES) Twenty years of use

Triple DES (3-DES) Successor to DES

Advanced Encryption Standard (AES) Newest technique approved by the National Institute of Standards and Technology (NIST)

Rivest, Shamir, and Adleman (RSA) The most popular public key cryptosystem

Table 1ENCRYPTION METHODS SELECTED FOR EVALUATION

Table 3 shows the resources utilized in a typical patient encounter.

STEP

R1 R2 R3 R4 R5 R6 R7 R8 R9 R10 R11 R12 Time

A 1 0 0 0 0 0 0 0 0 0 0 0 T1

B 1 1 0 0 1 0 0 0 0 0 0 0 T2

C 0 0 1 1 1 0 0 0 0 0 0 0 T3

D 0 1 1 0 1 0 0 0 0 1 0 0 T4

E 0 0 1 0 0 1 1 0 0 0 0 0 T5

F 0 0 0 0 0 0 1 0 0 0 0 0 T6

G 0 0 0 0 0 1 1 1 0 0 0 0 T7

H 0 0 0 0 0 1 0 1 1 0 0 0 T8

I 0 0 0 0 0 1 0 1 0 1 0 0 T9

J 0 0 0 0 0 1 0 0 0 1 1 0 T10

K 0 0 0 0 0 0 0 0 0 0 0 1 T11

L 0 0 1 0 1 0 0 0 0 0 0 1 T12

M 0 1 1 0 1 0 0 0 0 0 0 0 T13

B1 B2 B3 B4 B5 B6 B7 B8 B9 B10 B11 B12

RADIOLOGY DEPARTMENT WORKFLOW MODELRADIOLOGY DEPARTMENT WORKFLOW MODEL

The use of a radiology workflow model details how the department operates and how data flows throughout the department (Figure 1). Models are valuable performance prediction tools, because modification of an operational PACS would disrupt the daily work of the department. The selected workflow model is a resource allocation table for estimating throughput and identifying bottlenecks. The resource allocation table (Table 2) is constructed with columns labeled for each of the particular resources (HIS, RIS, Networks, PACS Archive, etc.). The successive rows of the table represent the successive steps of a job or process. The right-most column of a row identifies the average time needed for the step. The matrix entries are Boolean, with a one signifying that the resource is used in the step and a zero signifying that it is not. The “bottleneck” of a job is identified by inspecting each column in the table and determining the average limitation of the resource throughput for each resource (the reciprocal of the sum of the execution times of the resources involved).

Table 2RESOURCE ALLOCATION TABLE

R1 = Hospital registration system

R2 = HIS (hospital information system)

R3 = RIS (radiology information system)

R4 = Examination schedule system

R5 = HL7 communications for text data

R6 = DICOM communications for image data

R7 = Image modality unit

R8 = DICOM gateway

R9 = Relational database

R10 = PACS archive

R11 = Workstation

R12 = Reporting system

Steps

A. Patient registration by hospital registration system

B. Notify HIS of patient and data using HL7

C. Schedule exam and notify RIS

D. Patient data to RIS and to PACS archive

E. DICOM worklist to image modality

F. Conduct patient exam

G. Patient image data to gateway using DICOM

H. Relational data to gateway (required prior images)

I. DICOM image data from gateway to PACS archive

J. DICOM image data to workstation from PACS archive

K. Patient report generated in reporting system

L. Patient report sent to RIS from reporting system

M. Patient report sent from RIS to HIS

Table 4STEPS IN WORKFLOW MODEL

Table 3RESOURCES TO BE MODELED

T1 = 15 min (900 sec) – Patient registration by hospital registration system

T2 = 5 sec – Notify HIS of patient and data using HL7

T3 = 30 sec – Schedule exam and notify RIS

T4 = 10 sec – Patient data to RIS and to PACS archive

T5 = 10 sec – DICOM worklist to image modality

T6 = 20 min (1200 sec) – Conduct patient exam

T7 = 3 min (180 sec) – Patient image data to gateway via DICOM

T8 = 3 min (180 sec) – Relational database image data to gateway (prior exam)

T9 = 3 min (180 sec) – Image data from gateway to PACS archiving

T10 =

2 min (120 sec) – Image data to workstation

T11 =

2 min (120 sec) – Patient report generated in reporting system

T12 =

30 sec – Patient report to RIS from reporting system

T13 =

30 sec – Patient report sent from RIS to HIS

Table 5ESTIMATED TIMES FOR COMPLETION OF THE STEPS PER JOB

B1 = 1/(T1 + T2)

B2 = 1/(T2 + T4 + T13)

B3 = 1/(T3 + T4 + T5 + T12 + T13)

B4 = 1/(T3)

B5 = 1/(T2 + T3 + T4 + T12 + T13)

B6 = 1/(T5 + T7 + T8 + T9 + T10)

B7 = 1/(T5 + T6 + T7)

B8 = 1/(T7 + T8 + T9)

B9 = 1/(T8)

B10 =

1/(T4 + T9 + T10)

B11 =

1/(T10)

B12 =

1/(T11 + T12)

Table 6RESOURCE BOTTLENECKS

Encryption MB/s Percent ofFastest

Algorithm

Decryption MB/s Percent ofFastest

Algorithm

DES 56-bit 8.51 100.00% DES 56-bit 7.68 100.100%

3-DES 112-bit 7.23 84.90% AES 128-bit 6.96 90.61%

AES 128-bit 7.19 84.50% 3-DES 112-bit 6.56 85.42%

3-DES 168-bit 7.16 84.12% 3-DES 168-bit 6.45 83.88%

AES 192-bit 6.63 77.93% AES 192-bit 6.41 83.42%

AES 256-bit 6.24 63.36% AES 256-bit 5.95 77.40%

RSA 512-bit 0.90 10.53% RSA 512-bit 0.11 1.38%

RSA 1024-bit 0.62 7.34% RSA 1024-bit 0.04 0.47%

Table 7THROUGHPUT OF ENCRYPTION AND DECRYPTION ON 3 GHz PENTIUM 4

Time Average time without

Encryption

Average time with

Encryption

Short Description

T1 900 seconds 900 seconds Patient registration

T2 5 seconds 5 seconds Notify HIS of patient

T3 30 seconds 30 seconds Schedule exam

T4 10 seconds 11 seconds Patient data to RIS and PACS

T5 10 seconds 10 seconds Worklist to image modality

T6 1200 seconds 1200 seconds Conduct patient exam

T7 180 seconds 240 seconds Patient image data to gateway

T8 180 seconds 240 seconds Relational DB images to gateway

T9 180 seconds 240 seconds Image data from gateway to PACS

T10 120 seconds 180 seconds Image data to workstation

T11 120 seconds 120 seconds Patient report generation

T12 30 seconds 30 seconds Patient report to RIS

T13 30 seconds 30 seconds Patient report from RIS to HIS

Table 8AVERAGE TIMES FOR EACH STEP IN THE SYSTEM

CONCLUSIONCONCLUSION

Our study shows that when using the Department of Radiology dataflow model (Figure 1), a resource allocation table (Table 2) analysis, and using symmetric key encryption on all patient data and images, throughput would be reduced 5-7%. Knowing that the impact of encryption is small, a department could embrace it without fearing disastrous consequences. Alternatively, if encryption were applied only to the patient data and not to the images, then the impact of encryption would be negligible. Either way, we have demonstrated that symmetric key encryption, especially the new AES algorithm with 256-bit keys, is a highly secure technique that achieves HIPAA’s goals with minimal disturbance to the radiology department’s throughput.

TESTING THE PERFORMANCE OF THE ENCRYPTION ALGORITHMSTESTING THE PERFORMANCE OF THE ENCRYPTION ALGORITHMS

Each encryption technique shown in Table 1 was tested using four file sizes. The first file size was one byte—the smallest possible file, and thus the one that will provide a lower bound on the overhead associated with invoking each algorithm. The second file was 1 MB, which represents a single, compressed, 2000x1500x16 screen image. The third file size was 3 MB, which represents an uncompressed 4000x3000x16 image. The fourth file was a 500 image MRI set, each image being 256x256x16, yielding a total file size of 68 MB. Each file size was processed using DES with its 56-bit key, 3-DES using 128- and 192-bit keys, AES using 128-, 192-, and 256-bit keys, and RSA with key sizes of 512 and 1024 bits. Each experiment performed 100 encryptions and decryptions on a given file size using a particular technique and key size, and then averaged the results. The throughput of each algorithm was calculated from the resulting data logs. Figure 2 shows the results for the three symmetric key algorithms while Table 7 shows the results for all experiments, sorted by throughput.

Figure 2

The encryption step is included in T4 (patient data to RIS and PACS archive) and the decryption step is included in T10 (image data to workstation). Table 5 shows the expected average times for completion of each step of the job. These mean values were measured from an operational PACS.

Thirteen steps in a typical information flow are shown in Table 4.

The bottleneck(s) can also be obtained from the resource allocation table, and that calculation is shown in Table 6. The smallest value of Bi identifies the bottleneck because resource i is operating at full capacity and therefore step i is the rate-limiting procedure.

THE COMPUTING ENVIRONMENTTHE COMPUTING ENVIRONMENT

Our experiments were performed using the Microsoft .NET framework and our test scenarios were developed in C# using Visual Studio .NET. By using a web services approach, we ensured that we are moving along a language-neutral, platform-independent path. The testbed consisted of a network of 3 GHz Pentium 4 computers with 1 GB RAM each, connected via 100 Mbps Ethernet.

Figure 1MODEL FOR DATA FLOW ABOUT

DEPARTMENT

REFERENCES:REFERENCES: 1. Public Law 104-191, “Health Insurance Portability and Accountability Act of 1996.”

http://aspe.hhs.gov/admnsimp/pl104191.htm2. “Standards for Electronic Transactions.” Federal Registry, Volume 65, Number 160, August 17, 2000,

http://aspe.hhs.gov/admnsimp/final/txfin00.htm3. Stallings W. “Cryptography and Network Security.” Prentice Hall, 1999.4. King CM, Dalton CE, Osmanoglu TE. “Security Architecture.” Osborne/McGraw-Hill, New York, 2001.5. Wagner N. “The Laws of Cryptography: The RSA Cryptosystem.” http://www.cs.utsa.edu/~wagner/laws/6. Andriole KP, Arvin DE, Yin L, Gould RG, Arenson RL. “PACS database and enrichment of the folder manager

concept.” J Digital Imaging 2000; 13:3-12.7. Stuck BW, Arthurs E. “A Computer and Communication Network Performance Analysis Primer.” Prentice-

Hall Inc., Englewood Cliffs, NJ, 1985.8. Gay SB, Sobel AH, Young LQ, Dwyer SJ III. “Processes involved in reading imaging studies: workflow analysis

and implications for workstation development.” J Digital Imaging 2002; 15(3):171-177.