WG-14: Security

SecretariatMedical Imaging & Technology Alliance (MITA)
Shayna Knazik, sknazik@dicomstandard.org
ChairsLawrence Tarbox, PhD, University of Arkansas for Medical Sciences
Robert Horn, Fairhaven Technologies
wg14chairs@dicomstandard.org
Last strategy update2019-10-02
MinutesWG-14 minutes
Email list linkWG-14 Discourse email list
Must be on the list to send/receive messages. Please contact the Secretariat to be added.

Scope:

  • To develop extensions to DICOM that addresses the technical details of providing secure information exchange.

Current Supplements, Work and Objectives:

  • Several CPs, some originating from WG-14, some originating in WG-06, are in process with WG-14 consulting with WG-06.
  • Updating, modernizing existing security sections in DICOM. 
  • Ensuring that security for DICOMweb is covered, and in harmonization with security for DIMSE services. 
  • Creating a supplement with expanded security examples (part of a current work item). 
  • A journal article and/or presentation outlining best practices for secure DICOM communications using TLS and the ACME protocol for certificate management. 
  • Additional presentations at conferences educating the community about security in DICOM

Challenges and Opportunities (Environment):

  • Mechanisms that are appropriate for one regulatory body are inappropriate for another.
  • The mechanisms utilized become obsolete or broken.
  • Clearly understanding the level of security required by local and governmental regulations.
  • Resolving differences between seemingly conflicting regulations from different bodies.
  • Specifying mechanisms that are easily incorporated and do not conflict with work done by other bodies.
  • DICOM could be at the forefront of medical device security.
  • Maintaining coordination with other groups considering security, including IHE and the MITA Security and Privacy committee.

Future Roadmap and Objectives (Committee Direction):

  • The WG expects to leverage existing Standards, insofar as possible.
  • The WG has closely cooperated with HL7 in the past, and expect to continue to monitor what is happening in that space (e.g. FHIR).
  • The WG is moving towards guidance documents and additional examples.

Past Work:

  • Supplement 31, FT 1999, specifying secure connections for networks.
  • Supplement 41, FT 2000, specifying a general purpose Digital Signature mechanism. Was demonstrated at RSNA Inforad, winning an award.
  • Supplement 51, FT 2000, addressing security on interchange media.
  • Supplement 55, FT 2001, describing mechanisms for de-identification with possible re-identification.
  • WG-14 was also consulted on security issues during the creation of Supplement 85, FT 2003, Web Access to DICOM Persistent Objects (WADO),
  • Supplement 86, FT 2004, clarifying the use of the Digital Signature mechanism in Structured Reports.
  • IETF RFC 3881, which provides the base message format used by Supplement 95 for audit trails, developed in conjunction with HL7 and ASTM, with input from IHE.
  • Supplement 95, FT 2009, Audit Trail Messages, done in conjunction with the NEMA Security and Privacy Committee. This supplement was a frozen draft for several years before being finalized, to incorporate user experience from implementing audit trails within the IHE ATNA (Audit Trail and Node Authentication) profile.
  • Supplement 99, FT 2004, Extended Negotiation of User Identity.
  • Supplement 113, FT 2006, Email Transport. Note that WG-23 only provided suggestions regarding secure transport of e-mail to WG-6; WG-6 was responsible for creating this supplement.
  • Supplement 204, FT 2018, with revamped TLS Secure Communications Profiles is balloted and part of the Standard.
  • Supplement 206, FT 2018, with the CRYPTREC TLS Profile, in support of new Japanese security regulations is balloted and part of the Standard.