Indications for Use
DICOM DS is a locally installed, cross-platform application which facilitates transfer of patient data from on-premise clinical systems to the cloud-based ProKnow DS RT-PACS.
Users of DICOM DS should be trained radiation therapy professionals familiar with the different sources of input data (such as images, structure sets, treatment plans, and calculated dose).
The specific intended uses of DICOM DS are summarized below.
1. DICOM DS facilitates the transfer of patient data from on-premise clinical systems to the cloud-based ProKnow DS RT-PACS.
It is the responsibility of those utilizing this application to ensure all that all usages of this product relating to patient treatments are performed by trained and qualified personnel and that such personnel are aware that the quality of any generated patient data is highly dependent on the quality and correctness of the input data. If any questions or uncertainties exist regarding the quality, units, or identification of input data, they must be investigated and resolved before the data are used. It is the user's responsibility to validate the correctness of all patient data within the context of their normal treatment planning workflow. This general liability on the end users should be understood and communicated to all users, and a representative with signatory authority from each organization using ProKnow DS must sign an End User License Agreement on behalf of the organization indicating understanding of the responsibilities for quality, accuracy, and security described herein.
CAUTION: It is critical that all users read these Instructions for Use and the associated support material carefully and completely and consult the provided Online Help and other training materials to ensure proper use of the application and proper interpretation of results.
- Windows 7 or later (preferably Windows 10) or Windows Server
- Java - For a free version of Java, visit https://java.com/download, and click on the Free Java Download button to install it.
DICOM DS is built to interface with ProKnow DS, which is built on Microsoft Azure, and follows Azure security best practices pertaining to the design of its network architecture and access model. As a cloud-based vendor, it is our responsibility to design, develop, and deploy a secure system to help protect the confidentiality of both our customers and their patients. However, realizing a secure, cloud-based environment is ultimately a shared responsibility shared between ProKnow and our customers. ProKnow can relieve customers' operational burden as it pertains to managing the information technology infrastructure, but it is the customer's responsibility to employ responsible access rights, manage the security of individual client workstations (including the operating systems and browsers used to access ProKnow DS), and ensure that their users have the necessary training related to safe computer usage. These Cybersecurity Requirements describe the recommended and suggested cybersecurity controls that should be employed by organization administrators and users of DICOM DS to ensure a safe and secure environment. By extension, the Cybersecurity Requirements for ProKnow DS have a great amount of relevance to the Cybersecurity Requirements for DICOM DS and can be found here.
Principal of Least Privilege
The principle of least privilege (PoLP, also commonly referred to as the principle of minimal privilege or the principle of least authority) requires that within a particular environment, every agent (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate business purposes. Practically speaking, this principle implies that user accounts should only be granted access to the specific functions that they require to perform their assigned job duties.
Use of DICOM DS requires a credentials.json file, which is obtained by creating an API key in ProKnow DS. Since this API key inherits all of the permissions of the user that created it, it is imperative that the key be stored in a safe location. It is the responsibility of the creator of the API key to limit access to the credentials.json file to only qualified individuals whose access to the file satisfies a legitimate need for the organization. Should an API key be compromised, it is the responsibility of the creator of the API key to revoke the key.
Users of DICOM DS have the ability to configure services and options within the DICOM DS Management Console. It is the responsibility of the organization administrator to limit access to the Management Console of DICOM DS to only qualified individuals whose use of the Management Console satisfies a legitimate need for the organization.
It is important to understand that a system is only as secure as the least secure component in the system. Imagine that you are in a public place working on sensitive information on your laptop. What is more likely: that a hacker halfway across the world is able to intercept and decode your network packets or that the person sitting behind you looks over your shoulder at your computer screen? This simple example illustrates the importance of being aware of basic workstation security. Workstation security involves being mindful of simple but critical safety measures related to your physical workstation. All personnel using DICOM DS should be aware of and abide by the following guidelines and best-practices:
- Do not open, browse, or compose content in DICOM DS in public areas where it would be easy for others to eavesdrop.
- Do not open, browse, or compose content in DICOM DS while connected to insecure or public wireless networks.
- All computing devices used to access DICOM DS should be secured with a password-protected screensaver with the automatic activation feature set to 10 minutes or less.
- Users should be instructed to always lock the screen or log off when leaving a device unattended.
In addition to utilizing proper secure workstation behavior, it is also critical that:
- All client workstations used to access DICOM DS are up to date with necessary operating system security patches and updates,
- All client workstations utilize one of the supported browsers and that all browsers are updated to the latest version,
- All client workstations employ sufficient anti-virus and malware protection to ensure that client operations or behavior is not compromised.
Ultimately, it is the responsibility of each user to employ safe computer-use practices to help ensure that the entire system remains secure.
Coordinates and Units of Measure
The following is a list of several important items that users should understand in regards to the information displays in ProKnow:
- All timestamps are presented in UTC (Coordinated Universal Time) and denoted with Z at the end of the timestamp string.
- DICOM DS only accepts DICOM objects with the following modalities: CT, MR, RTSTRUCT, RTPLAN, RTDOSE
For questions, comments, support requests, bug reporting, or to schedule a training session, please contact our customer support team at: firstname.lastname@example.org. We believe we can provide the most effective assistance via email versus the phone. The main reasons for this are as follows:
- With email support we can thoroughly investigate an issue before replying without putting you on hold.
- With email support we are able to join forces with other engineers to get to the bottom of a tricky issue or question. This is much harder with phone support and our 100% remote team.
- With email support we can easily respond to an email sent outside of our business hours. Following up with voice messages can often become a game of phone tag.
- With email support we have access to entire threads of conversation that we use to continuously improve our products and services. Generally with phone support, only a limited number of notes are available.
DICOM DS is developed by ProKnow, LLC.