DICOM PS3.15 2020c - Security and System Management Profiles

A.5.2 General Message Format Conventions

The following table lists the primary fields from the message schema specified in A.5.1, with additional instructions, conventions, and restrictions on how DICOM applications shall fill in the field values. The field names are leaf elements and attributes that are in the DICOM Audit Message Schema (see Section A.5.1). Note that these fields may be enclosed in other XML elements, as specified by the schema.

Note

This schema, codes, and content were originally derived from [RFC 3881]. [RFC 3881] is not being maintained or updated by the IETF, and has gradually diverged from the DICOM schema and codes. Other documents exist that refer to [RFC 3881] as the underlying standard. [RFC 3881] does not include corrections and additions to the audit schema made in DICOM since 2004.

In subsequent tables the following notation Is used for optionality:

M

This element or attribute is mandatory

U

This element or attribute is user optional. The creator may include it or omit it.

MC

This element or attribute is mandatory if a specified condition is true.

UC

This element or attribute may be present only if a specified condition is true, if the user chooses to include it.

Table A.5.2-1. General Message Format

Field Name

Opt.

Description

Additional Conditions on Field Format/Value

Event

EventID

M

Identifier for a specific audited event.

The identifier for the family of event. E.g., "User Authentication".

DCID 400 “Audit Event ID”

EventActionCode

U

Indicator for type of action performed during the event that generated the audit.

C

Create a new database object, such as Placing an Order

R

Read/View/Print/Query Display or print data, such as a Doctor Census

U

Update data, such as Revise Patient Information

D

Delete items, such as a master file record

E

Perform a system or application function such as log-on, program execution, or use of an object's method

EventDateTime

M

Universal coordinated time (UTC), i.e., a date/time specification that is unambiguous as to local time zones.

The time at which the audited event occurred.See Section A.5.2.5

EventOutcomeIndicator

M

Indicates whether the event succeeded or failed.

0

Success

4

Minor failure; action restarted, e.g., invalid password with first retry

8

Serious failure; action terminated, e.g., invalid password with excess retries

12

Major failure; action made unavailable, e.g., user account disabled due to excessive invalid log-on attempts

When a particular event has some aspects that succeeded and some that failed, then one message shall be generated for successful actions and one message for the failed actions (i.e., not a single message with mixed results).

EventTypeCode

U

Identifier for the category of event.

The specific type(s) within the family applicable to the event, e.g., "User Login".

DCID 401 “Audit Event Type Code”

Active Participant (multi-valued)

UserID

M

Unique identifier for the user actively participating in the event.

See Section A.5.2.1.

AlternativeUserID

U

Alternative unique identifier for the user.

See Section A.5.2.2.

UserName

U

The human-meaningful name for the user.

See Section A.5.2.3.

UserIsRequestor

M

Indicator that the user is or is not the requestor, or initiator, for the event being audited.

Used to identify which of the participants initiated the transaction being audited. If the audit source cannot determine which of the participants is the requestor, then the field shall be present with the value FALSE in all participants.

The system shall not identify multiple participants as UserIsRequestor. If there are several known requestors, the reporting system shall pick only one as UserIsRequestor.

RoleIDCode

U

Specification of the role(s) the user plays when performing the event, as assigned in role-based access control security.

DCID 402 “Audit Active Participant Role ID Code”

Note

Usage of this field is refined in the individual message descriptions below. Other additional roles may also be present, since this is a multi-valued field.

NetworkAccessPointTypeCode

U

An identifier for the type of network access point.

See Section A.5.2.4.

NetworkAccessPointID

U

An identifier for the network access point of the user device This could be a device id, IP address, or some other identifier associated with a device.

Audit Source

AuditEnterpriseSiteID

U

Logical source location within the healthcare enterprise network, e.g., a hospital or other provider location within a multi-entity provider group.

Serves to further qualify the Audit Source ID, since Audit Source ID is not required to be globally unique.

AuditSourceID

M

Identifier of the source.

The identification of the system that detected the auditable event and created this audit message. Although often the audit source is one of the participants, it could also be an external system that is monitoring the activities of the participants (e.g., an add-on audit-generating device).

AuditSourceTypeCode

U

Code specifying the type of source.

See Section A.5.1.2.1.

E.g., an acquisition device might use "2" (data acquisition device), a PACS/RIS system might use "4 "(application server process).

Participant Object (multi-valued)

ParticipantObjectTypeCode

U

Code for the participant object type being audited. This value is distinct from the user's role or any user relationship to the participant object.

1

Person

2

System Object

3

Organization

4

Other

ParticipantObjectTypeCodeRole

U

Code representing the functional application role of Participant Object being audited.

See Section A.5.1.2.2.

ParticipantObjectDataLifeCycle

U

Identifier for the data life-cycle stage for the participant object. This can be used to provide an audit trail for data, over time, as it passes through the system.

See Section A.5.1.2.3.

ParticipantObjectIDTypeCode

M

Describes the identifier that is contained in Participant Object ID.

See Section A.5.1.2.4 and CID 404 “Audit Participant Object ID Type Code”

Note

Usage of this field is refined in the individual message descriptions below. Multiple roles may also be present, since this is a multi-valued field.

ParticipantObjectSensitivity

U

Denotes policy-defined sensitivity for the Participant Object ID such as VIP, HIV status, mental health status, or similar topics.

Locally defined terms.

ParticipantObjectID

M

Identifies a specific instance of the participant object.

Usage refined by individual message descriptions

ParticipantObjectName

U

An instance-specific descriptor of the Participant Object ID audited, such as a person's name.

Usage refined by individual message descriptions

ParticipantObjectQuery

U

The actual query for a query-type participant object.

Usage refined by individual message descriptions

ParticipantObjectDetail

U

Implementation-defined data about specific details of the object accessed or used.

This element is a Type-value pair. The "type" attribute is an implementation-defined text string. The "value" attribute is base 64 encoded data. The value is suitable for conveying binary data.

SOPClass

MC

The UIDs of SOP classes referred to in this participant object.

Required if ParticipantObjectIDTypeCode is (110180, DCM, "Study Instance UID") and any of the optional fields (AccessionNumber, ContainsMPPS, NumberOfInstances, ContainsSOPInstances,Encrypted,Anonymized) are present in this Participant Object. May be present if ParticipantObjectIDTypeCode is (110180, DCM, "Study Instance UID") even though none of the optional fields are present.

Accession

U

An Accession Number(s) associated with this participant object.

MPPS

U

An MPPS Instance UID(s) associated with this participant object.

NumberOfInstances

U

The number of SOP Instances referred to by this participant object.

Instance

U

SOP Instance UID value(s)

Note

Including the list of SOP Instances can create a fairly large audit message. Under most circumstances, the list of SOP Instance UIDs is not needed for audit purposes.

Encrypted

U

A single value of True or False indicating whether or not the data was encrypted.

Note

If there was a mix of encrypted and non-encrypted data, then create two event reports.

Anonymized

U

A single value of True or False indicating whether or not all patient identifying information was removed from the data

ParticipantObjectContainsStudy

U

A Study Instance UID, which may be used when the ParticipantObjectIDTypeCode is not (110180, DCM, "Study Instance UID").


A.5.2.1 UserID

If the participant is a person, then the User ID shall be the identifier used for that person on this particular system, in the form of loginName@domain-name.

If the participant is an identifiable process, the UserID selected shall be one of the identifiers used in the internal system logs. For example, the User ID may be the process ID as used within the local operating system in the local system logs. If the participant is a node, then User ID may be the node name assigned by the system administrator. Other participants such as threads, relocatable processes, web service end-points, web server dispatchable threads, etc. will have an appropriate identifier. The implementation shall document in the conformance statement the identifiers used, see Section A.6. The purpose of this requirement is to allow matching of the audit log identifiers with internal system logs on the reporting systems. .

When importing or exporting data, e.g., by means of media, the UserID field is used both to identify people and to identify the media itself. When the Role ID Code is EV(110154, DCM, "Destination Media") or EV(110155, DCM, "Source Media"), the UserID may be:

  1. a URI (the preferred form) identifying the source or destination,

  2. an email address of the form "mailto:user@address"

  3. a description of the media type (e.g., DVD) together with a description of its identifying label, as a free text field,

  4. a description of the media type (e.g., paper, film) together with a description of the location of the media creator (i.e., the printer).

The UserID field for Media needs to be highly flexible given the large variety of media and transports that might be used.

DICOM PS3.15 2020c - Security and System Management Profiles