It is very likely that DICOM objects contain Protected Health Information. Privacy regulations in the United States (HIPAA), Europe (GDPR), and elsewhere, require that Individually Identifiable Information be kept private. It is the responsibility of implementers of the DICOM Standard to ensure that governmental regulations for security and privacy are satisfied.

See, for example, [ONC Privacy Security Guide].