Adopting DICOM Encryption
October 28, 2020 | Evaluations & Guidance
The Digital Imaging and Communications in Medicine (DICOM) standard is almost universally used to transfer/share imaging data in healthcare facilities. Despite the fact that the DICOM standard has defined mechanisms for encryption for over 20 years,1ECRI has noted that most medical imaging devices still do not possess capabilities to encrypt all DICOM messages over a network.
Some imaging systems have expected life spans of over 10 years. Replacing aging systems that are still clinically functional but that do not possess current encryption capabilities may not be economically warranted.
What's more, encryption of DICOM data within a network requires that both sides of the transmission have encryption and that the two nodes can use the same encryption protocols. For example, a new ultrasound scanner may support DICOM encryption, but if the receiving picture archiving and communication system (PACS) does not, the scanner must transmit data in unencrypted plaintext. It's important to note that claiming conformance to DICOM does not mean that a device conforms to the...