Compliance

DICOM Security & HIPAA

DICOM is PHI by default. Every image object carries patient identifiers, often explicit ones (name, MRN, DOB) and sometimes implicit ones (burned-in pixel overlays, private tags with operator notes). A secure DICOM deployment treats transport, storage, access, and export as four separate problems — and the standard provides profiles for each.

Transport: TLS is non-negotiable

PS3.15 defines the Basic TLS Secure Transport Connection profile. It requires TLS 1.2+ with one of a short list of cipher suites, mutual certificate validation, and either AES-128-GCM-SHA256 or AES-256-GCM-SHA384 as the bulk cipher. In practice, an enterprise PACS should reject any clear-text association request on anything outside a fully isolated imaging VLAN.

Common misconfiguration: TLS is enabled on the PACS but the modalities are configured to connect to the clear-text port. The PACS logs show successful TLS from some clients and unencrypted from others; nobody notices until an auditor asks. Pull a wireshark capture of port 11112 monthly.

Practical walkthrough: DICOM over TLS with Mirth Connect

Authentication: AE Titles are not authentication

An AE Title is a name, not a credential. Any DICOM client can send any AE Title it likes. Without TLS mutual auth or an explicit User Identity sub-item in A-ASSOCIATE-RQ (PS3.7 Section D), authentication is effectively open. Treat the AE Title allow-list as a convenience layer, not a security boundary.

Modern options:

  • TLS client certificates (mutual TLS) — the standard pattern for machine-to-machine
  • User Identity sub-item with Kerberos, SAML assertion, or JWT — for user-facing workstations
  • DICOMweb + OAuth 2.0 / OpenID Connect — for browser-based and API integrations

Audit trail: the often-overlooked requirement

PS3.15 Section A.5 defines a DICOM Audit Trail using the IHE ATNA (Audit Trail and Node Authentication) format, itself based on RFC 3881 / DICOM Supplement 95. Each DICOM event — receive, send, query, delete, modify — produces an audit message sent to a Syslog collector over TLS-wrapped RELP or UDP. A HIPAA audit will ask for these logs going back 6 years.

What to capture at minimum:

  • Actor (AE Title + user, if available)
  • Active participant (source + destination IPs)
  • Participating object (Patient ID, Study Instance UID)
  • Event type (Import, Export, Query, Data Access, etc.)
  • Event outcome (Success / Minor Failure / Serious Failure / Major Failure)
  • Timestamp (always UTC, ISO 8601)

De-identification — Supplement 142

When DICOM data leaves the clinical environment — for research, teaching, vendor debugging, AI training — it must be de-identified. DICOM Supplement 142 ("Clinical Trial De-identification Profiles") defines 14 profile attributes that can be combined to produce de-identified data sets compliant with HIPAA Safe Harbor.

  • Basic Profile — removes or replaces over 300 identifying tags
  • Retain UIDs — keep Study/Series/SOP Instance UIDs so the anonymized set can be cross-referenced with the original
  • Retain Device Identity — preserve equipment info for research grouped by scanner
  • Retain Patient Characteristics — keep age, sex, body size when clinically relevant
  • Clean Pixel Data — hardest step; burned-in overlays with patient info need image-processing removal

Private tags are the trap. Vendors store arbitrary data in private tags (xxxx,xxxx) where the group number is odd. These are not covered by the Basic Profile's allow-list — a naive de-identifier will pass them through with PHI intact. Use a validated library (CTP from MIRC, pydicom's DeidentificationProfile, Innolitics' dicom-anonymizer) rather than rolling your own.

Data at rest

The DICOM standard doesn't dictate at-rest encryption — that's infrastructure-level. Modern archives should use full-disk encryption (LUKS, BitLocker) and, for object-storage-backed archives, server-side encryption with customer-managed keys (SSE-KMS on AWS, CMEK on GCP). A PACS that writes to plain NFS without underlying encryption is a failed audit waiting to happen.

Common vulnerabilities (and how to find them)

  • DICOM nodes on the internet — Shodan finds ~3,500 open DICOM endpoints on any given day. Run nmap -p 104,11112 --script dicom-ping against your public IP ranges.
  • Default credentials on PACS admin consoles — well-known defaults survive vendor software updates. Rotate at deploy time and audit quarterly.
  • Private tags with PHI in research exports — the Supplement 142 Basic Profile alone misses these. Always pair with a Private Tags Action of "remove unless specifically allow-listed."
  • Burned-in PHI in secondary capture — ultrasound and endoscopy especially bake patient data into the pixels. De-identification must include OCR + pixel-clean passes.
  • Unencrypted DICOMweb — WADO-RS endpoints reachable over HTTP rather than HTTPS. Catch via monthly infrastructure scan.

Explore further