SecretariatMedical Imaging & Technology Alliance (MITA)
Lisa Spellman, dicom@dicomstandard.org
ChairsLawrence Tarbox, PhD, University of Arkansas for Medical Sciences
Robert Horn, Fairhaven Technologies
wg14chairs@dicomstandard.org
Last strategy update2018-09-26
MinutesWG-14 minutes

Scope

  • To develop extensions to DICOM that addresses the technical details of providing secure information exchange.

Current Supplements, Work and Objectives

  • Supplement 204 with revamped TLS Secure Communications Profiles is balloted and part of the standard.
  • Supplement 206 with the CRYPTREC TLS Profile, in support of new Japanese security regulations will be balloted soon.
  • Several CPs current being put forward by WG-6, some of which WG-6 may push back to WG-14.
  • Updating, modernizing existing security sections in DICOM.
  • Insuring that security for DICOMweb is covered, and in harmonization with security for DIMSE services.
  • Creating a supplement with expanded security examples (part of a current work item).
  • A journal article and/or presentation outlining best practices for secure DICOM communications using TLS and the ACME protocol for certificate management.

Challenges and Opportunities (Environment)

  • Mechanisms that are appropriate for one regulatory body are inappropriate for another.
  • The mechanisms utilized become obsolete or broken.
  • Clearly understanding the level of security required by local and governmental regulations.
  • Resolving differences between seemingly conflicting regulations from different bodies.
  • Specifying mechanisms that are easily incorporated and do not conflict with work done by other bodies.
  • DICOM could be at the forefront of medical device security.
  • Maintaining coordination with other groups considering security, including IHE and the MITA Security and Privacy committee.

Future Roadmap and Objectives (Committee Direction)

  • One current work item regarding DICOM web security, with a revisit of DIMSE security.
  • The WG expects to leverage existing standards, insofar as possible. The WG has closely cooperated with HL7 in the past, and expect to continue to monitor what is happening in that space (e.g. FHIR).

Past Work

  • Supplement 31, FT 1999, specifying secure connections for networks.
  • Supplement 41, FT 2000, specifying a general purpose Digital Signature mechanism. Was demonstrated at RSNA Inforad, winning an award.
  • Supplement 51, FT 2000, addressing security on interchange media.
  • Supplement 55, FT 2001, describing mechanisms for de-identification with possible re-identification.
  • WG-14 was also consulted on security issues during the creation of Supplement 85, FT 2003, Web Access to DICOM Persistent Objects (WADO),
  • Supplement 86, FT 2004, clarifying the use of the Digital Signature mechanism in Structured Reports.
  • IETF RFC 3881, which provides the base message format used by Supplement 95 for audit trails, developed in conjunction with HL7 and ASTM, with input from IHE.
  • Supplement 95, FT 2009, Audit Trail Messages, done in conjunction with the NEMA Security and Privacy Committee. This supplement was a frozen draft for several years before being finalized, to incorporate user experience from implementing audit trails within the IHE ATNA (Audit Trail and Node Authentication) profile.
  • Supplement 99, FT 2004, Extended Negotiation of User Identity.
  • Supplement 113, FT 2006, Email Transport. Note that WG-23 only provided suggestions regarding secure transport of e-mail to WG-6; WG-6 was responsible for creating this supplement.