• To develop extensions to DICOM that addresses the technical details of providing secure information exchange.

Current Supplements, Work and Objectives:

• Several CPs, some originating from WG-14, some originating in WG-06, are in process with WG-14 consulting with WG-06.
• Updating, modernizing existing security sections in DICOM. 
• Ensuring that security for DICOMweb is covered, and in harmonization with security for DIMSE services. 
• Creating a supplement with expanded security examples (part of a current work item). 
• A journal article and/or presentation outlining best practices for secure DICOM communications using TLS and the ACME protocol for certificate management. 
• Additional presentations at conferences educating the community about security in DICOM
  

Challenges and Opportunities (Environment):

• Mechanisms that are appropriate for one regulatory body are inappropriate for another.
• The mechanisms utilized become obsolete or broken.
• Clearly understanding the level of security required by local and governmental regulations.
• Resolving differences between seemingly conflicting regulations from different bodies.
• Specifying mechanisms that are easily incorporated and do not conflict with work done by other bodies.
• DICOM could be at the forefront of medical device security.
• Maintaining coordination with other groups considering security, including IHE and the MITA Security and Privacy committee.

Future Roadmap and Objectives (Committee Direction):

• The WG expects to leverage existing Standards, insofar as possible.
• The WG has closely cooperated with HL7 in the past, and expect to continue to monitor what is happening in that space (e.g. FHIR).
• The WG is moving towards guidance documents and additional examples.

Past Work:

• Supplement 31, FT 1999, specifying secure connections for networks.
• Supplement 41, FT 2000, specifying a general purpose Digital Signature mechanism. Was demonstrated at RSNA Inforad, winning an award.
• Supplement 51, FT 2000, addressing security on interchange media.
• Supplement 55, FT 2001, describing mechanisms for de-identification with possible re-identification.
• WG-14 was also consulted on security issues during the creation of Supplement 85, FT 2003, Web Access to DICOM Persistent Objects (WADO),
• Supplement 86, FT 2004, clarifying the use of the Digital Signature mechanism in Structured Reports.
• IETF RFC 3881, which provides the base message format used by Supplement 95 for audit trails, developed in conjunction with HL7 and ASTM, with input from IHE.
• Supplement 95, FT 2009, Audit Trail Messages, done in conjunction with the NEMA Security and Privacy Committee. This supplement was a frozen draft for several years before being finalized, to incorporate user experience from implementing audit trails within the IHE ATNA (Audit Trail and Node Authentication) profile.
• Supplement 99, FT 2004, Extended Negotiation of User Identity.
• Supplement 113, FT 2006, Email Transport. Note that WG-23 only provided suggestions regarding secure transport of e-mail to WG-6; WG-6 was responsible for creating this supplement.
• Supplement 204, FT 2018, with revamped TLS Secure Communications Profiles is balloted and part of the Standard.
• Supplement 206, FT 2018, with the CRYPTREC TLS Profile, in support of new Japanese security regulations is balloted and part of the Standard.