DICOM PS3.17 2022d - Explanatory Information

YYYY.6.4 Application Validation

Introduction of software applications into a healthcare organization IT network has the potential to open security vulnerabilities, and must be managed in accordance with institutional policy preventing unapproved applications being installed and obtaining access to patient data. Applications that deal with the Inventory and with its linked data (i.e., the entire DICOM repository) should be thoroughly validated with regard to appropriateness of data use, including ensuring patient data privacy, as well as conformance to the DICOM Standard.

As the Inventory provides links to stored SOP Instances that may not have been updated to current metadata (e.g., Patient Name may have been corrected or changed after the Instance was stored), an application accessing those files through a non-DICOM protocol needs to obtain the current metadata values from the Inventory SOP Instance. Applications for which current metadata is required should be specifically validated to ensure current metadata is applied.

DICOM PS3.17 2022d - Explanatory Information