Indications for Use
ProKnow DICOM Agent is a locally installed Windows application which facilitates transfer of patient data from on-premise clinical systems to the cloud-based ProKnow RT-PACS.
Users of ProKnow DICOM Agent should be trained radiation therapy professionals familiar with the different sources of input data (such as images, structure sets, treatment plans, and calculated dose).
The specific intended uses of ProKnow DICOM Agent are summarized below.
- ProKnow DICOM Agent facilitates the transfer of patient data from on-premise clinical systems to the cloud-based ProKnow RT-PACS.
- The ProKnow DICOM Agent provides the ability to remove or replace attributes within a DICOM dataset that may contain protected health information (PHI) or personally identifiable information (PII), prior to the transfer to ProKnow.
It is the responsibility of those utilizing this application to ensure all that all usages of this product relating to patient treatments are performed by trained and qualified personnel and that such personnel are aware that the quality of any generated patient data is highly dependent on the quality and correctness of the input data. If any questions or uncertainties exist regarding the quality, units, or identification of input data, they must be investigated and resolved before the data are used. It is the user's responsibility to validate the correctness of all patient data within the context of their normal treatment planning workflow. This general liability on the end users should be understood and communicated to all users, and a representative with signatory authority from each organization using ProKnow must sign an End User License Agreement on behalf of the organization indicating understanding of the responsibilities for quality, accuracy, and security described herein.
CAUTION: It is critical that all users read these Instructions for Use and the associated support material carefully and completely and consult the provided Online Help and other training materials to ensure proper use of the application and proper interpretation of results.
- Windows 10 or Windows Server 2016 or newer
- .NET Framework 3.5 - For a free version, visit https://www.microsoft.com/en-us/download/details.aspx?id=21, select your preferred language, and click on the Download button to install it.
ProKnow DICOM Agent is built to interface with ProKnow, which is built on Microsoft Azure, and follows Azure security best practices pertaining to the design of its network architecture and access model. As a cloud-based vendor, it is our responsibility to design, develop, and deploy a secure system to help protect the confidentiality of both our customers and their patients. However, realizing a secure, cloud-based environment is ultimately a shared responsibility shared between ProKnow and our customers. ProKnow can relieve customers' operational burden as it pertains to managing the information technology infrastructure, but it is the customer's responsibility to employ responsible access rights, manage the security of individual client workstations (including the operating systems and browsers used to access ProKnow), and ensure that their users have the necessary training related to safe computer usage. These Cybersecurity Requirements describe the recommended and suggested cybersecurity controls that should be employed by organization administrators and users of ProKnow DICOM Agent to ensure a safe and secure environment. By extension, the Cybersecurity Requirements for ProKnow have a great amount of relevance to the Cybersecurity Requirements for ProKnow DICOM Agent and can be found here.
Principle of Least Privilege
The principle of least privilege (PoLP, also commonly referred to as the principle of minimal privilege or the principle of least authority) requires that within a particular environment, every agent (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate business purposes. Practically speaking, this principle implies that user accounts should only be granted access to the specific functions that they require to perform their assigned job duties.
Use of ProKnow DICOM Agent requires a credentials.json file, which is obtained by creating an API key in ProKnow. Since this API key inherits all of the permissions of the user that created it, it is imperative that the key be stored in a safe location. It is the responsibility of the creator of the API key to limit access to the credentials.json file to only qualified individuals whose access to the file satisfies a legitimate need for the organization. Should an API key be compromised, it is the responsibility of the creator of the API key to revoke the key.
Users of ProKnow DICOM Agent have the ability to configure services and options within the ProKnow DICOM Agent Management Console. It is the responsibility of the organization administrator to limit access to the Management Console of ProKnow DICOM Agent to only qualified individuals whose use of the Management Console satisfies a legitimate need for the organization.
It is important to understand that a system is only as secure as the least secure component in the system. Imagine that you are in a public place working on sensitive information on your laptop. What is more likely: that a hacker halfway across the world is able to intercept and decode your network packets or that the person sitting behind you looks over your shoulder at your computer screen? This simple example illustrates the importance of being aware of basic workstation security. Workstation security involves being mindful of simple but critical safety measures related to your physical workstation. All using ProKnow DICOM Agent should be aware of and abide by the following guidelines and best-practices:
- Do not open, browse, or compose content in ProKnow DICOM Agent in public areas where it would be easy for others to eavesdrop.
- Do not open, browse, or compose content in ProKnow DICOM Agent while connected to insecure or public wireless networks.
- All computing devices used to access ProKnow DICOM Agent should be secured with a password-protected screensaver with the automatic activation feature set to 10 minutes or less.
- Users should be instructed to always lock the screen or log off when leaving a device unattended.
In addition to utilizing proper secure workstation behavior, it is also critical that:
- All client workstations used to access ProKnow DICOM Agent are up to date with necessary operating system security patches and updates,
- All client workstations utilize one of the supported browsers and that all browsers are updated to the latest version,
- All client workstations employ sufficient anti-virus and malware protection to ensure that client operations or behavior is not compromised.
Ultimately, it is the responsibility of each user to employ safe computer-use practices to help ensure that the entire system remains secure.
Coordinates and Units of Measure
The following is a list of several important items that users should understand with regards to the information displays in ProKnow DICOM Agent:
- All logged timestamps are in local time and include the offset from UTC (Coordinated Universal Time), e.g., "2021-02-10 9:26:06.330 -06:00."
For questions, comments, or support requests, please visit our customer support portal at https://support.proknow.com.
ProKnow DICOM Agent is developed by Elekta, AB.