7.1. Security Profiles

7.1.1. Secure Transport Connection Profiles

dcm4che DICOM Archive 5 supports the Basic TLS Secure Transport Connection Profile and the AES TLS Secure Transport Connection Profile as specified in DICOM Standard, Part 15, Annex B.1 and Annex B.3.

By default configuration, TLS 1.0, TLS 1.1 and TLS 1.2 are enabled, use of TLS 1.2 is preferred.

Also other cipher suite options than the two in compliance with AES TLS Secure Transport Connection Profile:

• TLS_RSA_WITH_AES_128_CBC_SHA

• TLS_RSA_WITH_3DES_EDE_CBC_SHA

may be configured.

Beside DICOM DIMSE service connections, also HL7 v2 and HTTP connections can be secured by use of TLS.

IP ports on which an implementation accepts TLS connections are configurable.

The private key and the Certificate used by an instance of dcm4che DICOM Archive 5 to identify itself in the TLS negotiation with remote applications has to be provided in a local keystore file in PKCS12 or JKS (Java Key Store) format on the application host. Certificates of Certificate Authorities (CA) to validate Certificates received from remote applications during the TLS negotiation can also be provided in a local keystore file in JKS format or at the central LDAP server, used as configuration backend for all instances of dcm4che DICOM Archive 5.

7.1.2. Network Address Management Profiles

dcm4che DICOM Archive 5 supports the Basic Network Address Management Profile as DHCP Client and DNS Client actor utilizing network configuration options of the underlying operating system. S. DICOM Standard, Part 15, Annex F.1.

7.1.3. Time Synchronization Profiles

dcm4che DICOM Archive 5 supports the Basic Time Synchronization Profile as DHCP Client and NTP Client actor utilizing time synchronization options of the underlying operating system. S. DICOM Standard, Part 15, Annex G.1.

7.1.4. Application Configuration Management Profiles

dcm4che DICOM Archive 5 supports the Application Configuration Management Profile as LDAP Client actor. Any LDAP v3 compatible LDAP server can be used as configuration backend for multiple instances of dcm4che DICOM Archive 5 - and may also be shared with external DICOM applications which also supports the Application Configuration Management Profile as LDAP Client actor. S. DICOM Standard, Part 15, Annex H.1.

7.1.5. Audit Trail Profiles

7.1.5.1. Audit Trail Message Format Profile

dcm4che DICOM Archive 5 supports the Audit Trail Message Format Profile as specified in DICOM Standard, Part 15, Annex A.5.

7.1.5.1.1. Audit Messages

• 7.1.5.1.1.1. General Message Format Conventions
  • 7.1.5.1.1.1.1. Message Structure
• 7.1.5.1.1.2. Begin Transferring DICOM Instances
  • 7.1.5.1.1.2.1. Trigger Events
  • 7.1.5.1.1.2.2. Message Structure
  • 7.1.5.1.1.2.3. Sample Messages
    • 7.1.5.1.1.2.3.1. Retrieve Entities
      • 7.1.5.1.1.2.3.1.1. Using DICOM C-GET
      • 7.1.5.1.1.2.3.1.2. Using DICOM C-MOVE
      • 7.1.5.1.1.2.3.1.3. Export Study using REST API
      • 7.1.5.1.1.2.3.1.4. Export Study by Scheduler
      • 7.1.5.1.1.2.3.1.5. Using WADO-RS REST APIs
      • 7.1.5.1.1.2.3.1.6. Retrieve Multiple Studies of Patient
    • 7.1.5.1.1.2.3.2. XDSI Retrieve Imaging Document Set RAD-69 transaction
• 7.1.5.1.1.3. DICOM Instances Transferred
  • 7.1.5.1.1.3.1. Trigger Events
  • 7.1.5.1.1.3.2. Message Structure
  • 7.1.5.1.1.3.3. Sample Messages
    • 7.1.5.1.1.3.3.1. Studies Stored to archive
      • 7.1.5.1.1.3.3.1.1. Using DICOM C-STORE
      • 7.1.5.1.1.3.3.1.2. Using HL7 ORU
      • 7.1.5.1.1.3.3.1.3. Using HTTP STOW
    • 7.1.5.1.1.3.3.2. Study Reimport
    • 7.1.5.1.1.3.3.3. Retrieve Entities
      • 7.1.5.1.1.3.3.3.1. Using DICOM C-GET
      • 7.1.5.1.1.3.3.3.2. Using DICOM C-MOVE
      • 7.1.5.1.1.3.3.3.3. Export Study using REST API
      • 7.1.5.1.1.3.3.3.4. Export Study by Scheduler
      • 7.1.5.1.1.3.3.3.5. Using WADO-RS REST APIs
      • 7.1.5.1.1.3.3.3.6. Retrieve Multiple Studies of Patient
      • 7.1.5.1.1.3.3.3.7. Retrieve Instance using WADO-URI
    • 7.1.5.1.1.3.3.4. Storage Commitment
      • 7.1.5.1.1.3.3.4.1. Using REST API
      • 7.1.5.1.1.3.3.4.2. Scheduler Triggered
      • 7.1.5.1.1.3.3.4.3. Storage Commitment SCU triggered
      • 7.1.5.1.1.3.3.4.4. Storage Commitment referencing Instances of Multiple Studies
      • 7.1.5.1.1.3.3.4.5. Storage Commitment Failure
    • 7.1.5.1.1.3.3.5. Storage Verification
      • 7.1.5.1.1.3.3.5.1. Using REST API
      • 7.1.5.1.1.3.3.5.2. Scheduler Triggered
    • 7.1.5.1.1.3.3.6. Import Reports from AGFA IMPAX
    • 7.1.5.1.1.3.3.7. QStar
    • 7.1.5.1.1.3.3.8. XDSI Retrieve Imaging Document Set RAD-69 transaction
• 7.1.5.1.1.4. DICOM Instances Accessed
  • 7.1.5.1.1.4.1. Trigger Events
  • 7.1.5.1.1.4.2. Message Structure
  • 7.1.5.1.1.4.3. Sample Messages
    • 7.1.5.1.1.4.3.1. Update Entities
      • 7.1.5.1.1.4.3.1.1. Update Study
      • 7.1.5.1.1.4.3.1.2. Update Series
    • 7.1.5.1.1.4.3.2. Expiration Date Update
      • 7.1.5.1.1.4.3.2.1. Update Study Expiration Date - Triggered by HL7
      • 7.1.5.1.1.4.3.2.2. Update Study Expiration Date - Triggered by REST API
      • 7.1.5.1.1.4.3.2.3. Update Series Expiration Date - Triggered by REST API
    • 7.1.5.1.1.4.3.3. Access Control ID Update
      • 7.1.5.1.1.4.3.3.1. Update Study Access Control ID
      • 7.1.5.1.1.4.3.3.2. Update Access Control ID of Matching Studies
    • 7.1.5.1.1.4.3.4. Retrieve Entities from external archive
      • 7.1.5.1.1.4.3.4.1. Retrieve matching studies from external archive
      • 7.1.5.1.1.4.3.4.2. Retrieve study from external archive
    • 7.1.5.1.1.4.3.5. HL7 triggered Prefetch Studies
    • 7.1.5.1.1.4.3.6. Study Size Calculation
    • 7.1.5.1.1.4.3.7. Partial Rejection of Studies
      • 7.1.5.1.1.4.3.7.1. Using REST API
      • 7.1.5.1.1.4.3.7.2. On store of rejection note over DICOM C-Store
      • 7.1.5.1.1.4.3.7.3. On store of rejection note by STOW-RS REST API
      • 7.1.5.1.1.4.3.7.4. In external archive
    • 7.1.5.1.1.4.3.8. Expired study partially rejected by Reject Expired Studies Scheduler
    • 7.1.5.1.1.4.3.9. Previous study partially rejected on subsequent receive of objects with same SOP Instance UID but different Study/Series Instance UIDs
    • 7.1.5.1.1.4.3.10. Lifecycle Management
      • 7.1.5.1.1.4.3.10.1. Apply Retention Policy REST API
      • 7.1.5.1.1.4.3.10.2. Apply Retention Policy by HL7
    • 7.1.5.1.1.4.3.11. Retrieve of objects from fallback C-MOVE SCP
• 7.1.5.1.1.5. DICOM Study Deleted
  • 7.1.5.1.1.5.1. Trigger Events
  • 7.1.5.1.1.5.2. Message Structure
  • 7.1.5.1.1.5.3. Sample Messages
    • 7.1.5.1.1.5.3.1. Study completely rejected
      • 7.1.5.1.1.5.3.1.1. Using REST API
      • 7.1.5.1.1.5.3.1.2. On store of rejection note over DICOM C-Store
      • 7.1.5.1.1.5.3.1.3. On store of rejection note by STOW-RS REST API
      • 7.1.5.1.1.5.3.1.4. In external archive
    • 7.1.5.1.1.5.3.2. Study permanently deleted
      • 7.1.5.1.1.5.3.2.1. Using REST API
      • 7.1.5.1.1.5.3.2.2. On deletion of patient using REST API
      • 7.1.5.1.1.5.3.2.3. On reimporting a study using REST API
      • 7.1.5.1.1.5.3.2.4. Purge Storage Scheduler triggered
    • 7.1.5.1.1.5.3.3. Expired study completely rejected by Reject Expired Studies Scheduler
    • 7.1.5.1.1.5.3.4. Previous study completely rejected on subsequent receive of objects with same SOP Instance UID but different Study/Series Instance UIDs
• 7.1.5.1.1.6. Patient Record
  • 7.1.5.1.1.6.1. Trigger Events
  • 7.1.5.1.1.6.2. Message Structure
  • 7.1.5.1.1.6.3. Sample Messages
    • 7.1.5.1.1.6.3.1. Patient Record audits on DICOM transactions
      • 7.1.5.1.1.6.3.1.1. Patient created on receive of studies
      • 7.1.5.1.1.6.3.1.2. Patient created on receive of MPPS
    • 7.1.5.1.1.6.3.2. Patient Record audits on Incoming HL7 Messages
      • 7.1.5.1.1.6.3.2.1. Patient created on receive of HL7
      • 7.1.5.1.1.6.3.2.2. Patients demographics updated on receive of HL7
      • 7.1.5.1.1.6.3.2.3. Patients identifier changed
      • 7.1.5.1.1.6.3.2.4. Patients merged on receive of HL7
      • 7.1.5.1.1.6.3.2.5. Patients merged on receive of HL7 - Error
      • 7.1.5.1.1.6.3.2.6. Patient READ on receive of HL7 Appointments
    • 7.1.5.1.1.6.3.3. Patient Record audits on REST APIs invocation
      • 7.1.5.1.1.6.3.3.1. Patient Create
      • 7.1.5.1.1.6.3.3.2. Patient Create - On Study Stored
      • 7.1.5.1.1.6.3.3.3. Patient Update - Error
      • 7.1.5.1.1.6.3.3.4. Patients identifier changed
      • 7.1.5.1.1.6.3.3.5. Patients Merged
      • 7.1.5.1.1.6.3.3.6. Patient Delete
      • 7.1.5.1.1.6.3.3.7. Patient Delete on Delete Last Study
      • 7.1.5.1.1.6.3.3.8. Patient Create on imported MWL
    • 7.1.5.1.1.6.3.4. Patient Record audits on scheduler functions
      • 7.1.5.1.1.6.3.4.1. Patient Delete on Delete Last Study
      • 7.1.5.1.1.6.3.4.2. Patient Create on imported MWL
    • 7.1.5.1.1.6.3.5. Patient Record audits on Patient Demographics Query
      • 7.1.5.1.1.6.3.5.1. DICOM PDQ Supplier
      • 7.1.5.1.1.6.3.5.2. FHIR PDQ Supplier
      • 7.1.5.1.1.6.3.5.3. HL7 PDQ Supplier
      • 7.1.5.1.1.6.3.5.4. HL7 PDQ Supplier - Triggered by Scheduler
    • 7.1.5.1.1.6.3.6. Patient Record audits on Outgoing HL7 Messages
      • 7.1.5.1.1.6.3.6.1. HL7 Forwarding
      • 7.1.5.1.1.6.3.6.2. HL7 Forwarding - Merge
      • 7.1.5.1.1.6.3.6.3. Notify HL7 Receivers on PAM-RS
      • 7.1.5.1.1.6.3.6.4. Notify HL7 Receivers on PAM-RS - Merge
      • 7.1.5.1.1.6.3.6.5. Create Patient In External Archive
      • 7.1.5.1.1.6.3.6.6. Update Patient In External Archive
      • 7.1.5.1.1.6.3.6.7. Merge Patients In External Archive
      • 7.1.5.1.1.6.3.6.8. Notify HL7 Receivers on receive of MPPS
      • 7.1.5.1.1.6.3.6.9. Notify HL7 Receivers on receive of Study - Triggered by HL7 Procedure Status Update Scheduler
      • 7.1.5.1.1.6.3.6.10. Notify HL7 Receivers on receive of Study - Using DCM2HL7Exporter triggered by REST
      • 7.1.5.1.1.6.3.6.11. Notify HL7 Receivers on receive of Study - Using DCM2HL7Exporter triggered by Export Scheduler
• 7.1.5.1.1.7. Procedure Record
  • 7.1.5.1.1.7.1. Trigger Events
  • 7.1.5.1.1.7.2. Message Structure
  • 7.1.5.1.1.7.3. Sample Messages
    • 7.1.5.1.1.7.3.1. Procedure Record audits on DICOM transactions
      • 7.1.5.1.1.7.3.1.1. MWL’s SPS Status Update on MPPS receive
    • 7.1.5.1.1.7.3.2. Procedure Record audits on Incoming HL7 Messages
      • 7.1.5.1.1.7.3.2.1. Procedure created on receive of HL7
      • 7.1.5.1.1.7.3.2.2. MWL’s SPS Status Update on receive of HL7 ADT^A10
    • 7.1.5.1.1.7.3.3. Procedure Record audits on REST APIs invocation
      • 7.1.5.1.1.7.3.3.1. Update MWL
      • 7.1.5.1.1.7.3.3.2. Delete MWL
      • 7.1.5.1.1.7.3.3.3. Change MWL’s SPS state
      • 7.1.5.1.1.7.3.3.4. Update Study / Series attributes - Link Study with MWL
      • 7.1.5.1.1.7.3.3.5. Procedure Create on imported MWL
    • 7.1.5.1.1.7.3.4. Procedure Record audits on scheduler functions
      • 7.1.5.1.1.7.3.4.1. Procedure Create on imported MWL
    • 7.1.5.1.1.7.3.5. Procedure Record audits on MPPS Forwarding
    • 7.1.5.1.1.7.3.6. Procedure Record audits on Outgoing HL7 Messages
      • 7.1.5.1.1.7.3.6.1. HL7 Forwarding
      • 7.1.5.1.1.7.3.6.2. Notify HL7 Receivers on receive of MPPS
      • 7.1.5.1.1.7.3.6.3. Notify HL7 Receivers on receive of Study - Triggered by HL7 Procedure Status Update Scheduler
      • 7.1.5.1.1.7.3.6.4. Notify HL7 Receivers on receive of Study - Using DCM2HL7Exporter triggered by REST
      • 7.1.5.1.1.7.3.6.5. Notify HL7 Receivers on receive of Study - Using DCM2HL7Exporter triggered by Export Scheduler
• 7.1.5.1.1.8. Security Alert
  • 7.1.5.1.1.8.1. Trigger Events
  • 7.1.5.1.1.8.2. Message Structure
  • 7.1.5.1.1.8.3. Sample Messages
    • 7.1.5.1.1.8.3.1. Connection Events Failure
    • 7.1.5.1.1.8.3.2. Associations Events Failure
      • 7.1.5.1.1.8.3.2.1. Association FAILED
      • 7.1.5.1.1.8.3.2.2. Association REJECTED
    • 7.1.5.1.1.8.3.3. Software Configuration Changes
    • 7.1.5.1.1.8.3.4. Tasks Management
      • 7.1.5.1.1.8.3.4.1. Delete Tasks using REST API
      • 7.1.5.1.1.8.3.4.2. Delete Task using REST API
      • 7.1.5.1.1.8.3.4.3. Delete Tasks triggered by Scheduler
      • 7.1.5.1.1.8.3.4.4. Cancel Tasks using REST API
      • 7.1.5.1.1.8.3.4.5. Cancel Task using REST API
      • 7.1.5.1.1.8.3.4.6. Reschedule Tasks using REST API
      • 7.1.5.1.1.8.3.4.7. Reschedule Task using REST API
    • 7.1.5.1.1.8.3.5. Import Reports from AGFA IMPAX
    • 7.1.5.1.1.8.3.6. Keycloak Events
      • 7.1.5.1.1.8.3.6.1. User Password Update
      • 7.1.5.1.1.8.3.6.2. Super User Login
      • 7.1.5.1.1.8.3.6.3. Keycloak Admin Event
• 7.1.5.1.1.9. Query
  • 7.1.5.1.1.9.1. Trigger Events
  • 7.1.5.1.1.9.2. Message Structure
  • 7.1.5.1.1.9.3. Sample Messages
    • 7.1.5.1.1.9.3.1. Query
      • 7.1.5.1.1.9.3.1.1. Using QIDO-RS REST APIs
      • 7.1.5.1.1.9.3.1.2. Using DICOM C-FIND
    • 7.1.5.1.1.9.3.2. HL7 Patient Demographics Query
      • 7.1.5.1.1.9.3.2.1. Using REST API
      • 7.1.5.1.1.9.3.2.2. Scheduler triggered
    • 7.1.5.1.1.9.3.3. FHIR Patient Demographics Query
      • 7.1.5.1.1.9.3.3.1. Using REST API
      • 7.1.5.1.1.9.3.3.2. Scheduler triggered
• 7.1.5.1.1.10. Application Activity
  • 7.1.5.1.1.10.1. Trigger Events
  • 7.1.5.1.1.10.2. Message Structure
  • 7.1.5.1.1.10.3. Sample Messages
    • 7.1.5.1.1.10.3.1. Application Activity Message - Application Start
      • 7.1.5.1.1.10.3.1.1. Startup of archive / Deploy archive ear file
      • 7.1.5.1.1.10.3.1.2. Archive Startup by REST API
    • 7.1.5.1.1.10.3.2. Application Activity Message - Application Stop
      • 7.1.5.1.1.10.3.2.1. Shutdown of archive / Undeploy archive ear file
      • 7.1.5.1.1.10.3.2.2. Archive Stop using REST API
• 7.1.5.1.1.11. Data Export
  • 7.1.5.1.1.11.1. Trigger Events
  • 7.1.5.1.1.11.2. Message Structure
  • 7.1.5.1.1.11.3. Sample Messages
    • 7.1.5.1.1.11.3.1. Scheduler Triggered
    • 7.1.5.1.1.11.3.2. REST API Triggered
• 7.1.5.1.1.12. User Authentication
  • 7.1.5.1.1.12.1. Trigger Events
  • 7.1.5.1.1.12.2. Message Structure
  • 7.1.5.1.1.12.3. Sample Message
• 7.1.5.1.1.13. Audit Log Used
  • 7.1.5.1.1.13.1. Trigger Events
  • 7.1.5.1.1.13.2. Message Structure
  • 7.1.5.1.1.13.3. Sample Message

7.1.5.2. Audit Trail Message Transmission Profile - SYSLOG-TLS

dcm4che DICOM Archive 5 supports the Audit Trail Message Transmission Profile - SYSLOG-TLS as specified in DICOM Standard, Part 15, Annex A.6.

7.1.5.3. Audit Trail Message Transmission Profile - SYSLOG-UDP

dcm4che DICOM Archive 5 supports the Audit Trail Message Transmission Profile - SYSLOG-UDP as specified in DICOM Standard, Part 15, Annex A.7.

7.1.6. Attribute Confidentiality Profiles

7.1.6.1. Basic Application Level Confidentiality Profile

dcm4che DICOM Archive 5 supports the Basic Application Level Confidentiality Profile as specified in DICOM Standard, Part 15, Annex E.2 with the Basic Application Level Confidentiality Options:

• Retain Longitudinal Temporal Information Full Dates Option as specified in DICOM Standard, Part 15, Annex E.3.6

• Retain Device Identity Option as specified in DICOM Standard, Part 15, Annex E.3.8

• Retain UIDs Option as specified in DICOM Standard, Part 15, Annex E.3.9

• Retain Institution Identity Option as specified in DICOM Standard, Part 15, Annex E.3.11

7.1.6.1.1. Attributes removed or replaced

One can directly refer the table Application Level Confidentiality Profile Attributes with different action codes to see the list of attributes supported dependent on the applied Basic Application Level Confidentiality Option.

In addition to the above list of attributes, below table lists out the private attributes and some more DICOM attributes which are missing in Application Level Confidentiality Profile Attributes to be removed.

Table 7.81 Attributes removed during protection

Attributes
Private Attributes
Patient Create Date Time (7777,0010)
Patient Update Date Time (7777,0011)
Study Receive Date Time (7777,0020)
Study Update Date Time (7777,0021)
Study Access Date Time (7777,0022)
Study Expiration Date (7777,0023)
Study Rejection State (7777,0024)
Study Completeness (7777,0025)
Failed Retrieves Of Study (7777,0026)
Study Access Control ID (7777,0027)
Storage IDs of Study (7777,0028)
Study Size in KB (7777,0029)
Study Size Bytes (7777,002A)
Series Receive Date Time (7777,0030)
Series Update Date Time (7777,0031)
Series Expiration Date (7777,0033)
Series Rejection State (7777,0034)
Series Completeness (7777,0035)
Failed Retrieves Of Series (7777,0036)
Sending Application Entity Title Of Series (7777,0037)
Scheduled Metadata Update Date Time Of Series (7777,0038)
Scheduled Instance Record Purge Date Time Of Series (7777,0039)
Instance Record Purge State Of Series (7777,003A)
Series Metadata Storage ID (7777,003B)
Series Metadata Storage Path (7777,003C)
Series Metadata Storage Object Size (7777,003D)
Series Metadata Storage Object Digest (7777,003E)
Instance Receive Date Time (7777,0040)
Instance Update Date Time (7777,0041)
Rejection Code Sequence (7777,0042)
Instance External Retrieve AE Title (7777,0043)
Storage ID (7777,0050)
Storage Path (7777,0051)
Storage Transfer Syntax UID (7777,0052)
Storage Object Size (7777,0053)
Storage Object Digest (7777,0054)
Other Storage Sequence (7777,0055)
X Road Person Status (7777,00E0)
X Road Data Status (7777,00E1)
X - Remove (missing in Part 15)
Human Performer Code Sequence (0040,4009)
Issuer of Accession Number Sequence (0008,0051)
Issuer of Admission ID Sequence (0038,0014)
Issuer of Patient ID Qualifiers Sequence (0010,0024)
Patient’s Size Code Sequence (0010,1021)
Requesting Physician Identification Sequence (0032,1031)
Requesting Service Code Sequence (0032,1034)
Series Description Code Sequence (0008,103F)
X - Remove (missing in Part 15) if Retain Longitudinal Temporal Information Full Dates Option not configured
Instance Creation Date (0008,0012)
Instance Creation Time (0008,0013)

7.1.6.1.2. Inserted dummy values

Following table lists attributes and the dummy values which are used to replace the attributes’ values

Table 7.82 Dummy values used to replace the attributes’ values

Attributes	VR	Dummy Value
Series Date (0008,0021)	DA	19991111
Content Date (0008,0023)
Patient’s Birth Date (0010,0030)
Acquisition Date (0008,0022)
Admitting Date (0038,0020)
Study Date (0008,0020)
Acquisition Date Time (0008,002A)	DT	19991111111111
Start Acquisition Date Time (0018,9516)
End Acquisition Date Time (0018,9517)
Verification Date Time (0040,A030)
Series Time (0008,0031)	TM	111111
Content Time (0008,0033)
Acquisition Time (0008,0032)
Admitting Time (0038,0021)
Study Time (0008,0030)
Acquisition Device Processing Description (0018,1400)	LO	REMOVED
Contrast Bolus Agent (0018,0010)
Protocol Name (0018,1030)
Verifying Organization (0040,A027)
Device Serial Number (0018,1000)
Institution Name (0008,0080)
Filler Order Number / Imaging Service Request (0040,2017)
Patient ID (0010,0020)
Placer Order Number / Imaging Service Request (0040,2016)
Requested Procedure Description (0032,1060)
Patient’s Sex Neutered (0010,2203)	CS
Patient’s Sex (0010,0040)
Detector ID (0018,700A)	SH
Station Name (0008,1010)
Accession Number (0008,0050)
Study ID (0020,0010)
Dose Reference UID (300A,0013)	UI
Operators Name (0008,1070)	PN
Person Name (0040,A123)
Verifying Observer Name (0040,A075)
Consulting Physician’s Name (0008,009C)
Content Creator’s Name (0070,0084)
Patient’s Name (0010,0010)
Referring Physician’s Name (0008,0090)
Reviewer Name (300E,0008)

7.1.6.1.3. Encrypted Attributes Data Sets

Encryption of attributes data sets for later re-identification is not supported.

7.1.6.1.4. Scope of Referential Integrity of Replacement Values for UIDs

Replacement UIDs are derived from the original UID by using the algorithm for Creating Name-Based UUIDs as specified in RFC 4122: A Universally Unique Identifier (UUID) URN Namespace, encoded as UID according Object Identifier (OID) Repository. Therefore equal original UIDs in different DICOM objects also across Studies or Patients are replaced by equal new UIDs in resulting objects.