Creating Secure Authenticated URLs for Single Study View in OHIF: Integration Challenges and Solutions

ohif · November 22, 2024, 2:08pm

View in #ohif on Slack

@Junaid_Kalia: Thread: Authenticated URL & Single Study/Patient View with one click inside an EHR/TeleHealth
We have successfully integrated OHIF (Open Health Imaging Foundation) with Next.js to view DICOM studies. However, we now require the ability to create authenticated URLs that allow users to open a specific study directly when the link is clicked inside an EHR or Telehealth portal. The primary issue is ensuring that the correct study opens upon clicking the URL, and not any other study, while maintaining secure access to the study data.
Challenges:

Study Identification: We need to generate a unique URL that accurately points to the specific study we intend to display.

Authentication: The URL should be secured and authenticated so that only authorized users can access the study. Unauthorized users should not be able to view or manipulate the study data.

User Experience: The URL should lead the user directly to the study, providing a seamless and intuitive user experience without requiring additional steps for selecting the study.

Security: The solution must ensure that sensitive medical data remains secure and complies with relevant privacy regulations (e.g., HIPAA).

https://example-hospital.viewer.net/e/viewer?applicationID=ANONYMIZED_APP&clientSessionTimeout=-1&CLOAccessKeyID=AnonymizedAccessKey123&expiry=1234567890&studyUID=1.2.3.4.5.6.7.8.9.10.11.12&serviceInstance=ANONYMIZED_SERVICE&signature=AnonymizedSignature123

@Bill_Wallace: I’d suggest downloading kheops.online and looking at how it is done there. A synopsis is that they create a JWT token containing the study/series details, and embed that in a URL DICOMweb link, something like:
The url is like /api/token/JWTToken/studies
which restricts the user to viewing just that study. This is validated as a JWT signed token, and is launched into OHIF with url=data-source-definition url
Honestly, the implementation there is pretty good and can easily be put in front of an existing system, and optionally extended for things like patient study search.

@Junaid_Kalia: Thanks!

Topic		Replies	Views
OHIF + Orthanc: token to access a single study General	16	2538	January 23, 2024
OHIF and dcm4chee-arc-light5 secured Support	1	31	November 29, 2024
How to download entire study in OHIF Viewer? Development	2	436	March 2, 2023
Connecting OHIF Viewer to Secure DCM4CHEE PACS Server with OAuth 2.0 Authorization Support	3	281	September 11, 2024
Internal redirect to OHIF standalone viewer invoked from a Website with Authorization Support	1	63	June 6, 2024

Creating Secure Authenticated URLs for Single Study View in OHIF: Integration Challenges and Solutions

Related topics