Within the pixels of this X-ray, it is possible to hide information about the person whose hand is pictured. This is the principle behind watermarking.

In the near future, watermarking data could be the best traceability technique in the healthcare domain. It involves hidding information into medical images with the aim at reinforcing data security for patients and healthcare professionals. After being developed for nearly ten years in the laboratories of IMT Atlantique and Medecom, watermarking has now reached a level of maturity that allows its integration into professional products. Yet it still must be approved by standardization bodies.


Are you sure that is really your body on the latest X-ray from your medical exam? The question may seem absurd, yet it is crucial that you, your doctor and the radiologist can all answer this question with a resounding “yes”. To ensure this level of certainty, healthcare professionals must rely on the latest technological advances. This is a matter of ensuring the right patient gets the right diagnosis—no one wants an X-ray of their lungs to be switched with one from a chain-smoker!

To ensure an X-ray is correctly associated with the patient and to return a lost X-ray to its rightful owner, the name printed on the X-ray film is not sufficient. An ill-intentioned individual or an administrative error could cause the unfortunate exchange of two patients’ images. Medecom and researchers from IMT Atlantique, part of the Télécom & Société Numérique Carnot Institute, have been working on a more secure system based on the watermarking. For over ten years the two entities have been collaborating on this technology and four years ago they inaugurated SePEMeD, a joint laboratory focused on this area, with support from the French National Agency for Research (ANR).  Since then, the maturity and viability of the watermark technology have become increasingly convincing.

A Secret Message

The watermark draws on the principle of steganography, the art of hidden writing, which is almost as old as cryptography,” explains Gouenou Coatrieux, a researcher in imagery and information processing at IMT Atlantique. “In the case of X-rays, we change some pixels in the image to hide a message and leave an invisible mark,” he continues (see box below). The value of the watermark is that the protection is independent from the storage format. The X-ray can therefore be exchanged between departments and hospitals, each with its own unique system for processing X-ray images, yet this will not affect the watermark, which will continue to contain the information related to the patient.

In addition to traceability, watermarking has other advantages. First, it can help detect insurance fraud. If an X-ray is tampered with by an ill-intentioned individual, for example to fake a disease, the secretly watermarked pixels will also be modified, revealing the attempted fraud. Next, the watermark can be added to data that is already encrypted using a method that has been patented by Medecom and IMT Atlantique. It is therefore possible to ensure traceability while maintaining the confidentiality of medical information the image contains. This also makes it possible to write information about certain doctors’ access authorizations directly on the encrypted data.

Moving towards standardization?

While this watermark technology is now mature, it still must pass the test of standardization procedures in order to be implemented in software and the information systems of healthcare professionals. “Our goal now is to show that altering the image with the watermark does not have any effect on the quality of the image and the doctors’ diagnostic capacity,” says Michel Cozic, R&D director at Medecom. The SePEMeD team is therefore working to conduct qualitative studies on watermarked data with physicians.

At the same time, they must convince certain healthcare professionals of the value of watermarking.  The protection of personal data, and medical data in particular, is not always viewed the same way throughout the healthcare world. “In the hospital environment, professionals tend to believe that the environment is necessarily secure, which is not always the case,” Michel Cozic explains. In France, and in Europe in general, attitudes about data security are changing. The new General Data Protection Regulation (GDPR) established by the European Commission is proof of this. However, it will be some time before the entire medical community systematically takes data protection into account.

Ten years of research… and ten more to come?

Since there is still a long way to go before healthcare professionals begin using watermarks, the SePEMeD story is not over yet. Founded in 2014 to solidify the collaboration between IMT Atlantique and Medecom, which has lasted over ten years, SePEMeD was originally intended to run only three years. However, following the success of the research which led to promising applications, this first joint laboratory accredited by the ANR on data security will continue its work until at least 2020. Beyond data traceability, SePEMeD is also seeking to improve the security of remotely processed encrypted images in cloud storage.

We update our focus areas based on our results,” Gouenou Coatrieux notes, explaining why the SePEMeD laboratory has been extended. Michel Cozic agrees: “We are currently focusing our research on issues related to browsers’ access to data, and the integration of watermarking modules in existing products used by professionals.” The compatibility of algorithms with healthcare institutions’ computer configurations and systems will be a major issue involved in the adoption of this technology. Last but not least: ease of use.  “No one wants to have to enter passwords in the software,” observes Medecom’s R&D Director. We must therefore succeed in integrating watermarking as a security solution that is straightforward for doctors.


The benefit of collaborating with IMT Atlantique: “The human aspect”

Michel Cozic

One of Télécom & Société Numérique Carnot Institute’s objectives is to professionalize the relationships between companies and researchers.  Michel Cozic, Medecom’s R&D Director shares his experience: “There is also a human aspect to these collaborations. Our exchanges with IMT Atlantique go very smoothly, we understand each other. On both sides we accept our differences, constraints and we compromise. We come from two different environments and this means we must have discussions. There must be an atmosphere of trust, a good relationship and a common understanding of the objectives. This is what we have been able to accomplish through the SePEMeD laboratory.



0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply