• To develop extensions to DICOM that addresses the technical details of providing secure information exchange.

Current Supplements, Work and Objectives:

• Several CPs, some originating from WG-14, some originating in WG-06, are in process with WG-14 consulting with WG-06.
• Updating, modernizing existing security sections in DICOM. 
• Ensuring that security for DICOMweb is covered, and in harmonization with security for DIMSE services. 
• Creating a supplement with expanded security examples (part of a current work item). 
• A journal article and/or presentation outlining best practices for secure DICOM communications using TLS and the ACME protocol for certificate management. 
• Additional presentations at conferences educating the community about security in DICOM
  

Challenges and Opportunities (Environment):

• Mechanisms that are appropriate for one regulatory body are inappropriate for another.
• The mechanisms utilized become obsolete or broken.
• Clearly understanding the level of security required by local and governmental regulations. Cybersecurity regulations are changing rapidly.  It used to be that FDA and EC regulations dominated but applied only to medical devices.  Now there are many regulators (EU, SEC, FTC, CISA, ASD, etc.) that write regulations that apply to all kinds of equipment and software.
• Resolving differences between seemingly conflicting regulations from different bodies.
• Specifying mechanisms that are easily incorporated and do not conflict with work done by other bodies.
• DICOM could be at the forefront of medical device security.
• Maintaining coordination with other groups considering security, including IHE and the MITA Security and Privacy committee.

Future Roadmap and Objectives (Committee Direction):

• The WG expects to leverage existing Standards, insofar as possible.
• The WG has closely cooperated with HL7 in the past, and expect to continue to monitor what is happening in that space (e.g. FHIR).
• The WG is moving towards guidance documents and additional examples.

Past Work:

• Supplement 31, FT 1999, specifying secure connections for networks.
• Supplement 41, FT 2000, specifying a general purpose Digital Signature mechanism. Was demonstrated at RSNA Inforad, winning an award.
• Supplement 51, FT 2000, addressing security on interchange media.
• Supplement 55, FT 2001, describing mechanisms for de-identification with possible re-identification.
• WG-14 was also consulted on security issues during the creation of Supplement 85, FT 2003, Web Access to DICOM Persistent Objects (WADO),
• Supplement 86, FT 2004, clarifying the use of the Digital Signature mechanism in Structured Reports.
• IETF RFC 3881, which provides the base message format used by Supplement 95 for audit trails, developed in conjunction with HL7 and ASTM, with input from IHE.
• Supplement 95, FT 2009, Audit Trail Messages, done in conjunction with the NEMA Security and Privacy Committee. This supplement was a frozen draft for several years before being finalized, to incorporate user experience from implementing audit trails within the IHE ATNA (Audit Trail and Node Authentication) profile.
• Supplement 99, FT 2004, Extended Negotiation of User Identity.
• Supplement 113, FT 2006, Email Transport. Note that WG-23 only provided suggestions regarding secure transport of e-mail to WG-6; WG-6 was responsible for creating this supplement.
• Supplement 204, FT 2018, with revamped TLS Secure Communications Profiles is balloted and part of the Standard.
• Supplement 206, FT 2018, with the CRYPTREC TLS Profile, in support of new Japanese security regulations is balloted and part of the Standard.