DICOM PS3.15 2017d - Security and System Management Profiles

A.5.3.10 Query

This message describes the event of a Query being issued or received. The message does not record the response to the query, but merely records the fact that a query was issued. For example, this would report queries using the DICOM SOP Classes:

  1. Modality Worklist

  2. UPS Pull

  3. UPS Watch

  4. Composite Instance Query

Note

  1. The response to a query may result in one or more Instances Transferred or Instances Accessed messages, depending on what events transpire after the query. If there were security-related failures, such as access violations, when processing a query, those failures should show up in other audit messages, such as a Security Alert message.

  2. Non-DICOM queries may also be captured by this message. The Participant Object ID Type Code, the Participant Object ID, and the Query fields may have values related to such non-DICOM queries.

Table A.5.3.10-1. Audit Message for Query

Real World Entities

Field Name

Opt.

Value Constraints

Event

EventID

M

EV (110112, DCM, "Query")

EventActionCode

M

Shall be: E = Execute

EventDateTime

M

not specialized

EventOutcomeIndicator

M

not specialized

EventTypeCode

U

not specialized

Active Participant:

Process Issuing the Query (1)

UserID

M

not specialized

AlternativeUserID

U

not specialized

UserName

U

not specialized

UserIsRequestor

M

not specialized

RoleIDCode

M

EV (110153, DCM, "Source Role ID")

NetworkAccessPointTypeCode

U

not specialized

NetworkAccessPointID

U

not specialized

Active Participant:

The process that will respond to the query (1)

UserID

M

not specialized

AlternativeUserID

U

not specialized

UserName

U

not specialized

UserIsRequestor

M

not specialized

RoleIDCode

M

EV (110152, DCM, "Destination Role ID")

NetworkAccessPointTypeCode

U

not specialized

NetworkAccessPointID

U

not specialized

Active Participant:

Other Participants that are known, especially third parties that requested the query (0..N)

UserID

M

not specialized

AlternativeUserID

U

not specialized

UserName

U

not specialized

UserIsRequestor

M

not specialized

RoleIDCode

U

not specialized

NetworkAccessPointTypeCode

U

not specialized

NetworkAccessPointID

U

not specialized

Participating Object:

SOP Queried and the Query (1)

ParticipantObjectTypeCode

M

Shall be: 2 = system

ParticipantObjectTypeCodeRole

M

Shall be: 3 = report

ParticipantObjectDataLifeCycle

U

not specialized

ParticipantObjectIDTypeCode

M

DT (110181, DCM, "SOP Class UID")

ParticipantObjectSensitivity

U

not specialized

ParticipantObjectID

M

If the ParticipantObjectIDTypeCode is (110181, DCM, "SOP Class UID"), then this field shall hold the UID of the SOP Class being queried

ParticipantObjectName

U

not specialized

ParticipantObjectQuery

M

If the ParticipantObjectIDTypeCode is (110181, DCM, "SOP Class UID"), then this field shall hold the Dataset of the DICOM query, xs:base64Binary encoded. Otherwise, it shall be the query in the format of the protocol used.

ParticipantObjectDetail

MC

Required if the ParticipantObjectIDTypeCode is (110181, DCM, "SOP Class UID")

A ParticipantObjectDetail element with the XML attribute "TransferSyntax" shall be present. The value of the Transfer Syntax attribute shall be the UID of the transfer syntax of the query. The element contents shall be xs:base64Binary encoding. The Transfer Syntax shall be a DICOM Transfer Syntax.

ParticipantObjectDescription

U

not specialized

SOPClass

U

See Table A.5.2-1

Accession

U

not specialized

NumberOfInstances

U

not specialized

Instances

U

not specialized

Encrypted

U

not specialized

Anonymized

U

not specialized


DICOM PS3.15 2017d - Security and System Management Profiles