DICOM Audit Trail Repository

In DICOM, all information you need to implement auditing is defined/specified in DICOM supp. 95. This standard is associated with the IHE standards, IHE technical framework vol. 1 and vol. 2, search for ATNA profile.

The ATNA profile is more than just auditing, but for now, I am for only interested in the auditing part:

  1. store all audit messages, formated as specified in RFC-3881, to a centralized repository. This repository will be accessed by the processes publishing audit messages.
  2. implement in all components that will publish audit messages the syslog protocol as specified by RFC-3195 and the BSD syslog protocol as defined in RFC-3164

Implementation of the BSD syslog protocol is for backward compatibility with older components/servers: it lacks security services (authentication, encryption etc.) and messages acknowledgment – which is just bad when you try to implement any kind of auditing stuff.

I still don’t get why IHE specifies such non reliable protocol, doesn’t make any sens when one tries to improve accountability (legacy apps or devices ?).

If you have to work/implement the IHE specification, well actually any auditing specification, remember that you also need to solve issues like:

  1. storage failure, what should you do: stall the application or ignore the failure and process without auditing any event ? Should you store these messages on your local disk and try to store them again later ?
  2. archival, storage is not infinite and hence from time to time you will have to clean-up your repository to free some space how will you do that (tape, dvd, another hd)?

Quite interesting.


About this entry