DICOM Tag-based Authentication?

Hello Sébastien

Congrats for the new release!

We have been testing Orthanc for several months and have found It absolutely polite and really easy to deploy.

In Venezuela, where I live and work as a Radiology Consultant, there is a severe lack of radiology films, and hospital administrators simply do not want to give relevance to RIS/PACS, due to the severe situation, all the computers in almost every medical departments in the hospitals have been theft or removed.

As a result, residents take pictures of the CR and CT operator screens with their mobiles, and then share the pictures with the help of Whatsapp. It really hurts to see how digital images, downgraded through this misuse of technology, can impact the health services.

That is why we want to install a web server at the Maturin Central Hospital Manuel Nuñez Tovar. We want to to upload the images to an Orthanc Server from the CT and CR equipment and make the files available to the residents.

We tried with several options, but Orthanc was the only one that actually worked.

However, due to ethics concerns, we want to limit the access of the studies to the patient, and to those who the patient is willing to grant access.

We set up several concurrent Orthanc servers, assigning different ports and aliases to each server, but this is very limited. Besides, each the browser stays logged in, and this affects the use of the solution.

So we thought about setting up a database of patient UID and a system generated password, displayed as soon as the images are stable in the server. A splashscreen would warn that without this password, only the system administrator and the involved physicians, would be able to access the images. Then, the radiologist would give the password to the patient (or the requesting practitioner) along with the patient UID in the final written report.

Furthermore, a QR code containing the server address with the patient UID (login)/password, could be included in the report.

All the data images would be in a common repository, and the database would limit the access to one patient only, at the moment of login.

Another practical implementation would consider granting access to

0008, 0080 | Institution Name |

  • | - |
    0008, 0090 | Referring Physician’s Name |
    0008, 0116 | Responsible Organization |
    0008, 1050 | Performing Physician’s Name |
    0008, 1060 | Name of Physician(s) Reading Study |

All the info could be the same table into the DICOM archive database (Authorized), each with a predefined password, common to all the instances with compatible info in the corresponding DICOM tags.

We read a lot in your forums and we understand that it is possible, with the aid of lua, as well as authentication and database plugins, but we have no clue about how to implement it. Our IT support has already reviewed the available info and he doesn’t know how solve this.

Please help us, or give us some advice about who can develop this implementation and how much could it cost.

We are using Ubuntu 18.04.


Ludwig Moreno, MD