DICOM Encryption and Anonymization
Dicom encryption is an important consideration for healthcare organizations. Dicom Systems offers full disk encryption. Full disk or partition encryption is one of the best ways to protect data at rest. Full disk encryption protects all files so end-users don’t have to selectively choose what should or should not be protected, and thereby possibly miss important files.
Unifier natively supports LUKS Encryption. LUKS bulk-encrypts hard drive partitions so that data are protected while the computer is off. Full disk encryption solutions like LUKS only protect data when the computer is off. Once the computer is on and LUKS has decrypted the disk, the files on that disk are available to anyone with valid credentials and who normally would have access to the data.
Encrypting files while the computer is running is possible, but highly impractical and resource-intensive; it requires the deployment of a separate, secure server containing the encryption keys allowing end-users to continuously authenticate for access to encrypted files. This process is needlessly onerous, adding substantial overhead and infrastructural complexity.
To protect files when the computer is on, we recommend full disk encryption in conjunction with other measures such as file-based encryption. The Unifier’s default implementation of LUKS is AES 128 with a SHA256 hashing.
- AES – Advanced Encryption Standard – FIPS PUB 197
- Twofish (A 128-bit Block Cipher)
- cast5 – RFC 2144
- cast6 – RFC 2612
Dicom Encryption: Data in Motion
Dicom system offers encryption for all outgoing and incoming traffic. Secure DICOM communication according to Supplement 31, based on the Transport Layer Security (TLS) protocol standard. Authentication is achieved by verification through a secure handshake protocol of the entities involved in the interchange of DICOM objects and HL7 such as images, orders and diagnostic reports in DICOM and HL7 formats. We support up to 4,096-bit RSA encryption keys. There is no additional cost involved in setting this up, as all certificates can be managed within the DCMSYS Unifier platform.
More information available at NEMA Standards