How it Works
Medweb
Loading...
D
Loading...
Loading...
DICOM
User manual
93 pgs2.26 Mb1

Medweb DICOM User manual

Medweb Secure DICOM
Medweb Secure DICOM
Medweb Secure DICOM Medweb Secure DICOM
Proxy Webserver
Proxy Webserver
Proxy WebserverProxy Webserver
Administrator Guide and User Manual
667 Folsom Street
San Francisco, CA 94107
Tel: 415.541.9980
Prepared By:
Medweb
Version 2.0
June 2003
l
ADMINISTRATOR GUIDE AND USER MANUAL
1.0 INTRODUCTION……………………………………………………………
1.1 Copyright 7
1.2 Limited Product Warranty 7
1.3 Safety Operating Instructions 8
1.4 Assistance and Problem Reporting 8
1.4.1 User Manual Accessibility 8
2.0 PRODUCT OVERVIEW……………………………………………………
2.1 Introduction 9
2.2 DICOM Introduction 9
3.0 SERVER BASICS AND ORIGINAL SETUP……………………………...
3.1 Requirements 10
3.2 Physical Description 10
3.3 Powering On the Medweb Server 11
3.4 Powering Off the Medweb Server 11
3.5 Rebooting the Medweb Server 11
3.6 Assigning Network Properties to the Server 11
3.7 Changing Disk Drives 12
4.0 LOGGING INTO THE MEDWEB SERVER……………………………...
4.1 Administrator 13
4.2 Logon Using Web Interface 13
4.3 Telnet/SSH Access 13
5.0 USERS, GROUPS AND MAILING LISTS………………………………...
5.1 User Management 15
5.1.1 Access Control Levels (ACL) 15
5.1.1.1 Groups 15
5.1.2 Passwords and Login 16
5.2 User Accounts 17
5.1.2.1 Remote Access Restriction by User 16
5.1.2.2 Remote Access Restriction by Interface 16
5.1.2.3 Remote Access Restriction Based on Originating IP Address
5.1.2.4 File System Access 16
5.2.1 Maintain User Accounts 17
5.2.1.1 Add a New User 17
5.2.1.2 Set User Defaults 18
5.2.1.3 Deleting a User 19
7
9
10
13
15
16
- 2 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
5.2.1.4 Check Login Status 19
5.2.1.5 Change a User Password Or Access Level 20
5.3 Logging and Auditing of User Activity 21
5.4 Remote Access Protection and File Protection 21
5.5 Groups 21
5.5.1 Set Group Defaults 21
5.5.2 Add a Group 21
5.5.3 Delete or Modify a Group 22
5.6 Mailing Lists 22
5.6.1 Add a Mailing List 22
5.6.2.Delete or Modify a Mailing List 23
6.0 ADMINISTRATIVE PROCEDURES/SERVICES………………………..
6.1 Network Configuration 25
6.1.1 Modifying Network Settings 25
25
6.1.2 Modem Settings 26
6.1.3 Domain Name Service - DNS 26
6.1.3.1 Add Forward Lookup 27
6.1.3.2 Add Reverse Lookup 27
6.1.3.3 Add Mail Server Lookup 27
6.1.3.4 Add Alias Lookup 28
6.1.3.5 Add Secondary Forward Domain 28
6.1.3.6 Add Secondary Reverse Lookup Domain 28
6.1.4 Dynamic Host Configuration Protocol - DHCP 29
6.1.4.1 Forward DHCP Requests 29
6.1.4.2 Set DHCP Clients 29
6.1.4.3 Add Dynamic Address Assignment 30
6.1.4.4 Add Static Address Assignment 30
6.2 Server Upgrades 31
6.2.1 Upgrading the Server 31
6.2.1.1 Scheduling Upgrades 31
6.2.1.1.1 Diagnostic Messages 32
6.3 Access Rights 32
6.4 Time Settings/Synchronizing 32
6.5 Local Site Information 33
6.6 Services 33
6.6.1 Web Services 33
6.6.2 DICOM Server 34
6.6.3 DICOM Archive 34
6.6.4 Mediscribe HTI 35
6.6.5 Email Settings 36
6.6.6 File Transfer Protocol (FTP) Server 37
- 3 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
6.6.7 Windows File Sharing (SMB) 37
6.6.8 Apple File Sharing (AppleShare) 37
6.6.9 FrontPage Server Extensions 37
6.6.10 Simple Network Management Protocol (SNMP) Agent 37
6.6.11 Legato File Backup 38
6.7 Server Status 38
6.8 Server Backup Configuration 38
6.8.1 Scheduled Backup Configuration 39
6.8.2 Restoring Backup Data 40
6.9 Resetting the Administrator Password 40
7.0 DICOM………………………………………………………………………..
7.1 Optimized Network Transport and Image Compression 42
7.1.1 Self-Recovering File Transfer Protocol 42
7.1.2 Lossless or Lossy File Compression 42
7.1.3 Satellite Optimized Network Transfer 43
7.1.4 Time Window Delayed Transfer/Timed Forwarding 43
7.1.5 Wavelet Compressed Secure Web Access 43
7.2 Application Entity Titles (AE Titles) 43
7.3 DICOM Devices 44
7.4 Setting DICOM Destinations 44
7.5 Configuring and Using the CD Publisher 46
7.5.1 Introduction to CD Publishing 46
7.5.2 Rimage Software 46
7.5.3 Medweb CD Gateway 47
7.5.4 CD Publisher Settings 47
7.5.5 Starting the Publishing Process (for the Rimage only) 48
7.6 Modifying or Deleting Destinations 48
7.7 DICOM Route Editor: AE Title Forwarding and Element Matching 48
7.7.1 Application Entity Forwarding 48
7.7.2 Element Matching 49
7.8 DICOM Presets 50
7.8.1 Introduction 50
7.8.2 Configuring DICOM Presets 51
8.0 SECURITY SETUP FOR SECURE DICOM ROUTING………………...
8.1 Introduction 52
8.2 Secure Server Operation and Image Routing 52
8.2.1 Using the IPSEC VPN Function 52
8.2.1.1 IPSEC Configuration 53
8.2.2 Secure Tunneling – Routing DICOM Studies 54
8.2.2.1 Application Specific Secure Proxy Tunnels 54
42
52
- 4 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
8.2.2.2 Secure Tunneling Configuration 54
8.2.2.3 Scheduling Transfer Times 55
8.2.2.4 Network Optimization for Image Transfer 55
8.2.2.4.1 Setting Compression Settings for Image Transfer
8.2.2.5 Secure Tunnel Step-by-Step 55
8.2.3 Workflow Proxy 56
8.2.3.1 Workflow Proxy Introduction 56
8.2.3.2 Example of Workflow Proxy 56
8.2.3.3 Configuration of First (A) Workflow Proxy (Based on Example in 8.2.3.2)
8.2.3.4 Configuration of Second (B) Workflow Proxy (Based on Example in 8.2.3.2)
8.2.4 IP Filters 57
8.2.4.1 IP Filters Introduction 57
8.2.4.2 Resetting IP Filters 57
8.2.5 Secure Operation - SSL 58
8.2.5.1 SSL Introduction 58
8.2.5.2 SSL Security Certificate Generation 59
8.2.5.3 Enable All Ports Configuration 60
9.0 PROCEDURES FOR VIEWING STUDIES……………………….………
9.1 Medweb Image Viewer Plugin 61
9.1.1 Introduction 61
9.1.2 Plugin Installation 61
9.2 View Patients Page 62
9.2.1 Management Toolbar 62
9.2.1.1 New Study 62
9.2.1.1.1 Creating a New Study 62
9.2.1.1.1.1 Acquiring Images from a Kodak Digital Camera
9.2.1.1.1.2 Acquiring Images from TWAIN Devices and Scanners
9.2.1.1.1.3 Special Note on Using the Vidar Scanner TWAIN Drivers
9.2.1.2 The On Call Function 65
9.2.1.2.1 Configuring On Call 65
9.2.1.3 Preferences 66
9.2.1.4 Save Settings 66
9.2.1.5 View Changes 66
9.2.1.6 Statistics 66
9.2.2 Study Search Bar 66
55
56
57
61
63
64
65
- 5 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
9.3 Study Information and Manipulation 67
9.3.1 Viewing a Study 67
9.3.1.1 Image Management Tools 68 Change Access Permissions 69 Burn Study To CD/Burning Multiple Studies 69 Send To DICOM Storage Device, Printer, Email and Fax 70 Add, Modify or View Web Reports 71 Delete Study 73 Hold/UnHold Study 73 Compression Settings 73
9.4 Plugin Tools/Image Manipulation 73
9.4.1 Supplementary Help Tools 76
9.4.1.1 Plugin Help Screen 76
10.0 THE MEDWEB RIS AND WEB SCHEDULER…...……………………
10.1 RIS Introduction
10.2 RIS Basics 78
10.3 Configuring and Using the RIS 79
10.3.1 HL7 Server
10.3.2 Adding a Scheduler User 79
10.3.3 Adding Machines/Modalities 80
10.3.4 Adding/Editing/Deleting Modalities 81
10.3.5 Scheduling Doctors/Operators on the Modalities 81
10.3.6 Changing the Date 83
10.3.7 Managing Schedules 84
10.3.7.1 Editing Schedules 84
10.3.7.2 Deleting Schedules 84
10.3.8 Creating Patient Orders 84
10.3.9 Managing Existing Orders 87
10.3.9.1 Editing Orders 87
10.3.9.2 Deleting Orders 87
10.3.9.3 Cloning Orders 87
10.3.9.4 Moving Orders 87
10.3.10 Available Time Mode 87
10.3.11 Patient Order Search 88
10.3.12 Viewing All Orders for all Machines 89
10.3.13 Central Radiology 89
10.4 Resolving Schedule Conflicts 90
10.4.1 Order Schedule Conflicts 90
10.4.2 Machine Event Conflicts 91
10.5 System Messages, Errors and Solutions 92
APPENDIX A – DICOM SOP CLASSES……………………………………...
78
78
79
93
- 6 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
1.0 Introduction
Thank you for purchasing your Medweb Server. Medweb appreciates your business and continual support.
The following user manual has been created to assist in operating and configuring Medweb servers.
1.1 Copyright
Medweb Secure DICOM Proxy Webserver. Copyright 1995-2003 Nexsys Electronics, Inc (d.b.a. Medweb). All rights reserved. Operating instructions and manuals are protected by copyright. No part of this document may be reproduced, stored in retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, edited or translated, without the prior written or verbal consent of Nexsys Electronics, (d.b.a. Medweb) Inc.
1.2 Limited Product Warranty
Medweb warrants that this product and all components thereof, will be free of defects in workmanship and materials for a period of one year from the date of delivery to the original consumer/purchaser (the “Warranty Period”). This warranty will not apply to repair or replace necessitated by:
Any damage caused during shipment except by the original consumer/purchaser.
Any damage caused by natural acts such as fire, flood, wind, earthquake, lightening or similar
disaster.
Damage from use outside the product usage parameters.
Damage from upgrade outside the product upgrade parameters, and unauthorized
modifications or incorporation into another product.
Damage caused by improper use, environment, installation or electrical supply; improper maintenance; or any other misuse, abuse or mishandling.
Any modification of files from a telnet or console shell (this includes, but is not limited to configuration files, software programs and data that are part of the product’s operating system) that results in improper or impaired function of the product or system failure. This excluded modification of files by employees of Medweb.
Non-Conforming Products. Upon discovery of any failure of a Medweb product or component thereof, to conform to the above warranty during the Warranty Period, the consumer/purchaser will promptly contact Medweb and seek a return merchandise authorization (“RMA”) number. Each requested RMA number will be issued within three days after the consumer/purchaser requests thereof. The allegedly defective Medweb product, or component thereof, will be returned to Medweb, securely and properly packaged, freight and insurance prepaid, with the RMA number prominently displayed. Medweb will have no obligation to accept any Medweb product, which is returned without an RMA number and will not accept returns from anyone other than the original consumer/purchaser.
- 7 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
Medweb will use diligent efforts to either replace or repair, as its option, within (10) days any Medweb product or component found to be non-complying and will return such Medweb product or component to the original consumer/purchaser, freight and insurance prepaid. In the event that Medweb, in its sole discretion, determines that it is unable to replace or repair the Medweb product or component, it will refund to the original consumer/purchaser the F.O.B. price paid by the consumer/purchaser for such defective product. The foregoing constitutes the original consumer/purchaser’s sole remedy for Medweb’s breach of the warranty provided herein.
1.3 Safety and Operating Instructions
It is important that the following safety and operating instructions be observed to ensure safe and reliable operation your Medweb product.
Install equipment in a dry, cool place.
Clean the equipment with a dry cloth only.
Do not use the components and cables outdoors.
To prevent overheating, do not expose to direct sunlight.
Never open the equipment yourself.
1.4 Assistance and Problem Reporting
Points of contact and procedures for obtaining assistance and reporting problems encountered in using the software and/or hardware, should be reported to Medweb Technical Support at ts@medweb.com in the case of emergency, please call (1-800-8 Medweb or 415.541.9980). Medweb is responsible for the deployment and long-term support of the Medweb Server, including equipment installation at operational sites, as well as installation of product upgrades.
1.4.1 User Manual Accessibility
This user manual is provided for the Administrator of every Medweb Server. It can be found under Administrator Site/Manuals. You can also contact Medweb or your Reseller for a copy of our User Manual.
or
- 8 ­Medweb Secure DICOM Proxy Webserver
Confidentia
Administrator Guide and User Manual
June 2003
l
2.0 Product Overview
2.1 Introduction
The Medweb Server is a compact, full-featured Picture Archiving and Communications System, Teleradiology and/or Telemedicine System for any facility that provides medical imaging services; it is ideal for multi-chain imaging centers, hospitals with satellite clinics, regional healthcare enterprises and small, rural sites.
A complete all-in-one hardware and software server solution for acquisition, compression and routing of DICOM and non-DICOM studies, the Medweb Server integrates with existing PACS and DICOM modalities to facilitate low-cost, high-performance management solution. Powerful image and web technology, dynamic email and low maintenance design make it ideally suited for a distributed environment.
Users only require a PC, browser and the free Medweb Image Viewer Plugin, which is essentially an image manager that decompresses, opens and displays studies from within a web browser. The Server may also be administered locally from a PC on the LAN, or remotely from a central site, greatly reducing administration costs.
2.2 DICOM Introduction
DICOM is a medical imaging standard that allows the transmission of medical images and all of their relationship data from hundreds of different types of medical devices. It includes the complete suite of Radiology devices, and now included imaging devices from Dentistry, Ophthalmology, Pathology, and Orthopedic Surgery etc.
It is designed to provide DICOM work list, DICOM routing, DICOM storage, and DICOM reports for multiple devices in a department or clinic. The number is based on the hardware configuration; however, any version of server can easily handle a dozen devices.
The Server provides a rich feature set of DICOM services, these include:
DICOM Worklist (Query, Retrieve, Forwarding) DICOM Routing DICOM Storage DICOM Reports DICOM Print DICOM Webserver DICOM Tunnels (Compressed and Encrypted)
- 9 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
3.0 Server Basics and Original Setup
3.1 Requirements
1. An Ethernet-based local area network (LAN). 10/100 Base TX network cables are ok.
2. Network Parameters, including the Server’s assigned IP address, subnet mask of the local network, and a gateway/router address (if necessary).
3. A personal computer attached to the network with Windows 2000, Win XP, UNIX or Macintosh OS
9.1 and higher.
PC Requirements: Pentium 3 or better (750 MHz or greater)
128MB of RAM Minimum 1024x768 Resolution Monitor at 32 bit color depth
4. A browser on the computer is also necessary. Internet Explorer 5.5 Service Pack 2 or later OR Netscape Navigator 6.0 or later is desired (if using PC Image Viewing Workstation). The browser must have Java/JavaScript enabled.
5. The Medweb Image Viewer Plugin (if using PC Image Viewing Workstation).
3.2 Physical Description
1. The Status Indicators signal Ethernet and hard drive activity
Tx/Rx (Transmit/Receive) blinks when there is a network traffic on the primary interface. Link indicates an active network connection on the primary interface. Col blinks when a collision is detected on the primary interface. 100 M indicates that 100 BaseT Ethernet is being used on the primary interface. Disk indicates activity on the hard disk drive.
2. The Web indicator blinks to indicate Web activity.
3. The LCD Screen displays messages and values entered.
1
2
3
4
5
4. You can use the recessed Reset Password button if you forget the Server Administrator password.
5. The LCD Arrow buttons allow you to enter the network configuration information, configure a UPS unit, and reboot the server and power down the Server. Use the Arrow buttons to toggle between
- 10 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
choices or to enter values. The S (Select) button displays the next option. The E (Enter) button accepts the information entered or the option displayed.
3.3 Powering On the Medweb Server
Turn on the power by pressing the On/Off switch on the back of the Server. The LCD screen on the front should light up and a number of status messages should appear on the LCD screen as the Server completes the boot process. This may take a few minutes.
3.4 Powering Off the Medweb Server
NOTE: Never attempt an improper shutdown
detailed below, can result in damage to your hardware and the possible loss of data.
1. On the LCD screen, hold down the Select button for approximately 3 seconds.
2. The LCD screen should display:
SELECT:
. Turning off the server before completing the procedure
SETUP NETWORK
3. Press the S button until POWER DOWN appears in the LCD screen and press the Enter button.
4. Use the left and right arrows to toggle the cursor between [Y]es and [N]o. Select [Y] to power down the system by pressing the E button when [Y]es is blinking.
5. The OK to Power Off light on the back panel should blink. The LCD screen will display:
PLEASE SWITCH
POWER OFF NOW
Toggle the On/Off Switch on the back panel to the Off position.
3.5 Rebooting the Medweb Server
Use the same steps as Powering off to toggle the selection to REBOOT on the LCD Screen and press the E button.
Use the arrow buttons to toggle the cursor between [Y]es and [N]o. Select [Y] to Reboot the system by pressing the E button when [Y]es is blinking.
The Server will now automatically reboot itself; no further action is needed. This may take a few minutes.
3.6 Assigning Network Properties to the Server
Make sure you have the following information before proceeding:
The IP address assigned to the Server (at least one static IP Address)
- 11 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
The Subnet mask of your network
The Gateway/Router address (if necessary)
1. Using the same instructions in “Powering down the Server”, toggle to ENTER IP ADDR using the S button.
2. Enter the IP address assigned to the Server using the arrow buttons to input the numbers. Press E once finished.
3. If the IP address is valid, the prompt for ENTER NETMASK appears on the LCD screen. Enter the subnet mask using the arrow buttons assigned to the server. Press E once finished.
4. If the netmask is valid, the prompt for ENTER GATEWAY appears on the LCD screen. Enter the IP address of the gateway for your network using the arrow buttons. If your network does not have a gateway, do not enter any numbers and simple select the default value of 000.000.000.000 and press E.
5. The LCD should display a [S] AVE and [C] ANCEL option. Use the left and right arrows to toggle between the two choices. Select [S] to save by pressing the E button when [Y]ES is blinking.
6. The LCD will display VERIFYING AND SAVING. The Server will automatically reboot. The LCD Screen should display the IP address of the Server once finished booting.
To reset the IP address or change any values in the network configuration of the Server, please follow the directions above.
For more Instructions on Network setup, Visit Section 6.0, Administrative Procedures.
3.7 Changing Disk Drives
In some cases, the server will be equipped with a redundant or backup hard drive. In the event of a failure of the primary hard drive, you will need to make a switch to the back up drive. The administrator is sole person permitted to perform this function.
1. Power Down the Server using the instructions provided above.
2. Disconnect all cables and power supply from the Server. Please assure that it is OFF before disconnecting anything.
3. Unscrew all screws on the side and the back and proceed to lift the top off the Server.
4. The hard drives are located directly behind the LCD Screen on the inside of the Server. Disconnect the power supply (red, orange and yellow wire) and the ribbon cable from the primary drive.
5. Connect the ribbon cable and the power supply cable into the appropriate port in the backup hard drive.
6. Snap the top back into place and put in all the screws.
7. Power on the Server using the instructions provided above.
- 12 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
4.0 Logging In To the Medweb Server
4.1 Administrator
The Administrator obtains their initial password from the installation team. The default login is set to Username: Admin Password: Admin. The Administrator must, upon initial login, proceed to the Administrator Site, and change the Administrator Settings. The Administrator may change password or profile by going to their web site address and:
Click on Administrators Site
Click on Administrator Settings
You must click Save Changes
After changing the password, the Administrator may need to authenticate himself through the web browser with the new password.
Procedures for adding, deleting, or changing passwords are contained in Section 7, Maintaining User Accounts Procedures. For the instructions for users to change their passwords, also refer to Section 11, Maintain User Accounts Procedures.
4.2 Logon Using Web Interface
1. Assure that power has been provided to the server and an Ethernet cable (CAT 5) has been plugged in to the Primary interface on the back of the server.
2. Network properties must be assigned using the LCD Screen (Section 3.6 Assigning Network Properties to the Server).
3. Sign on to the Medweb Server by typing the http address of the server into the URL field of the browser.
Ex: http://xxx.xxx.xxx.xxx
Note: If you use https on the Medweb server.
4. Click the View Patients button or the Administrator Site button, and the user will be prompted to fill in the appropriate username and password.
5.Enter a Username and Password assigned into the adjacent textboxes.
The Server Administrator is assigned a username of admin and a password of admin by default.
6.Press OK. Note*: If an invalid username or password is entered an identical screen will reappear for a second try. The amount of times a user may try is dependent upon Administrator Settings.
(IP Address) or http://www.medweb.com (host and domain name).
at the beginning of the URL, then the browser will automatically access port 443
4.3 Telnet/SSH Access
The Medweb Server permits Telnet Access or SSH into the Server. Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over
- 13 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
insecure channels. It is a replacement for rlogin, rsh, rcp, and rdist. SSH protects a network from attacks such as IP spoofing, IP source routing, and DNS spoofing. An attacker who has managed to take over a network can only force SSH to disconnect. He/she cannot play back the traffic or hijack the connection when encryption is enabled. All configuration and operation of the Server is done via the website interface, so typically there is no need to establish telnet or SSH access to the server. Although Medweb permits telnet access into the server, it is specifically discouraged and is therefore disabled by default.
- 14 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
5.0 Users, Groups and Mailing Lists
5.1 User Management
The Medweb Server Administrator provides users with valid user IDs and initial passwords. The user role set for the individual username determines the level and scope of access to the server. Only the Administrator may add, modify or delete users.
The user management page of the administrator web site allows the administrator to create new users, assign or change passwords, and choose which ACL groups or (access control group) to assign the users. Please see Section 7.0 Maintaining User Accounts for Information on how to create and manage user accounts.
If the facility has an LDAP server, then the central LDAP server instead of using the administrator page can control User access and password management.
5.1.1 Access Control Levels (ACL)
The Medweb server has several access control levels. The server administrator creates a user login account. The administrator assigns the level of access based on the user’s clinical requirements.
5.1.1.1 Groups
The Medweb server has several access control groups that have varying access to the server functions and to specific patient data groups. Access control levels include, Radiologist, Technologist, Referring MD, Transcriptionist, Provider, Demo and Administrator. The control functions for each group are as follows:
Radiologist
Allowed to access Server
Allowed to attach reports to studies
Allowed to open On Call window
Allowed to view changes
Allowed to view access logs and usage
statistics
Allowed to view/write/attach web reports
Allowed to change Read/Unread status of Study
Allowed to change Hold/Unhold status of Study
Allowed to delete Study
Allowed to view/change security
permissions
Administrator:
Allowed to access Server
User can view all studies assigned only
to him
Allowed to burn study to CD ROM
Allowed to open study in Plugin
Allowed to use Query/Retrieve function
Allowed to send study as HTML
document by e-mail
Allowed to send study as PDF document by e-mail
Allowed to send study as MWW (plugin format) by e-mail
Allowed to send study to remote device
Allowed to print study on DICOM
printer
Allowed to write study to USB drive
Allowed to delete Study
Allowed to view/change security
permissions
- 15 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
Allowed to create new studies
Allowed to attach reports to studies
Allowed to open On Call window
Allowed to view changes
Allowed to view access logs and usage statistics
Allowed to view/write/attach web reports
Allowed to change Read/Unread status of Study
Allowed to change Hold/Unhold status of Study
Guest: Allowed to access Server Allowed to view changes
No Access: Has no permissions
Provider:
Allowed to access Server
Allowed to view/change security permissions
Allowed to open study in Plugin
Allowed to send study as HTML document by e-mail
Allowed to send study as PDF document by e-mail
Allowed to send study as MWW (plugin format) by e-mail
Transcriptionist:
Allowed to access Server
User can view all studies assigned only to him
Allowed to attach reports to studies
Allowed to view changes
Allowed to view/write/attach web reports
Allowed to send study as HTML document by e-mail
Allowed to send study as PDF document by e-mail
Allowed to send study as MWW (plugin format) by e-mail
Allowed to send study to remote device
Allowed to print study on DICOM printer
Allowed to write study to USB drive
Referring M.D.:
Allowed to burn study to CD ROM
Allowed to open study in Plugin
Allowed to use Query/Retrieve function
Allowed to send study as HTML
document by e-mail
Allowed to send study as PDF document by e-mail
Allowed to send study as MWW (plugin format) by e-mail
Allowed to send study to remote device
Allowed to print study on DICOM
printer
Allowed to write study to USB drive
- 16 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
Allowed to access Server
User can view all studies assigned only to
him
Allowed to attach reports to studies
Allowed to open On Call window
Allowed to view changes
Allowed to change Hold/Unhold status of
Study
Allowed to open study in Plugin
Scheduler (For the RIS Application): Allowed to access Server Display RIS page instead of Patient Page
Technologist:
Allowed to access Server
Allowed to create new studies
Allowed to attach reports to studies
Allowed to view changes
Allowed to delete Study
Allowed to view/change security
permissions
Allowed to burn study to CD ROM
Allowed to open study in Plugin
Allowed to use Query/Retrieve function
Administrator
Complete access
Allowed to send study as HTML document by e-mail
Allowed to send study as PDF document by e-mail
Allowed to send study as MWW (plugin format) by e-mail
Allowed to send study to remote device
Allowed to print study on DICOM
printer
Allowed to write study to USB drive
Allowed to send study as HTML
document by e-mail
Allowed to send study as PDF document
by e-mail
Allowed to send study as MWW (plugin
format) by e-mail
Allowed to send study to remote device
Allowed to print study on DICOM
printer
Allowed to write study to USB drive
5.1.2 Passwords and Login
All users of the Medweb server are required to have individual passwords. The password and login limit user access to designated areas of the server. This includes limiting access to specific patient files.
5.1.2.1 Remote Access Restriction by User
All login and password entry’s are via encrypted SSL access. No password or login is ever entered in the clear.
5.1.2.2 Remote Access Restriction by Interface
The admin user has access to the administrator section of the webserver via a separate port from regular users. As such, access to the admin site is not only limited to a specific user login, but can also be limited to a particular interface of the Medweb server so that
- 17 ­Medweb Secure DICOM Proxy Webserver
Confidentia
Administrator Guide and User Manual
June 2003
l
administration can be limited only to someone accessing the server from the internal LAN interface.
5.1.2.3 Remote Access Restriction Based on Originating IP Address
The Medweb server has a packet filter that can limit access to specific TCP port numbers and specific interfaces, and specific originating IP addresses. Typically only port 443 is open on the outside for encrypted remote web access.
5.1.2.4 File System Access
Neither admin user nor regular users have direct file system access. All access is through an application guided web interface with mandatory access controls based on user, group, and task. File system access is only available to root or admin via SSH. However, this is not required for regular maintenance of the server. User, date, and time log all activities whether access is via shell, or via web interface as part of the standard UNIX logging function. SSH access is not required for operation and can be disabled, thereby disabling direct file system access.
5.2 User Accounts
This section contains procedures for creating and maintaining user accounts.
5.2.1 Maintain User Accounts
This section provides information on how to maintain Medweb Server user accounts by performing the following:
Check login status
Setting User defaults
Modify a user password
Create user accounts
Delete user accounts
Modify a User Access Level
The administrator is, by default, the only person able to add or delete a user, change passwords and access levels. All users of the Medweb server are required to have individual passwords. The password and login limit user access to designated areas of the server. This includes limiting access to specific patient files.
5.2.1.1 Add a New User
1. Sign on to the Medweb Server and login as the Administrator. Click on Administrator Site on the Navigation Menu and then click the User Button.
- 18 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
2. Click the Add User button.
3. Fill in the user information and provide a password. The username used by the Server to identify the user. It also appears in the URL of the web site and the email address of the user. Only lowercase alphanumeric characters, periods (.), hyphens (-) and underscores (_) are allowed.
4. The Administrator must to assign a password for the user account being created. Enter a password containing 3 to 16 characters. A string password is one that is difficult to guess, not found in any dictionary, and is 5 or more characters with at least one non­alphabetical character. Passwords are case sensitive.
5. Assign the user to a particular ACL group. Medweb has coined 5 groups that possess certain permissions. These groups are described in Section 6.1.1.1, Administrative and Security Roles.
6. Click Confirm New User
5.2.1.2 Set User Defaults
Only the Administrator may assign User defaults. Follow the steps below to set user defaults.
1. To configure your user defaults (password rules, expiration etc) click the Set User Defaults Button at the top of the table.
2. The Administrator may customize the following properties for all user accounts:
Allowable disk space per user (typically 30MB)
The username format for all users
Enabling password expiration and setting time limits
Password authentication/failure options
- 19 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
3. Click Save Changes to accept new defaults.
5.2.1.3 Deleting a User
1. Sign on to the Medweb Server and login as the Administrator.
2. Click on the Administrator Site button on the Navigation Menu. The next screen will present a table of all current users on the Server.
3. Beside each user listed, the administrator has the option to modify the Users’ Profile, Modify the email Address or Delete the study.
4. Click the trashcan icon to delete a user.
5. The Server will generate a default message.
6. Click OK to confirm the deletion of a particular user.
5.2.1.4 Check Login Status
The Administrator as well as a User with a Radiologist Access level will be able to access the Server Statistics. The Statistics page details the rate at which a user may access studies, user information, studies being viewed, and study information (name, modality etc).
1. Sign on to the Medweb Server and login using as the Administrator or as a User with Radiologist Level Access.
2. Click on View Patients on the Navigation Menu.
3. Click on Statistics in the top right hand corner of the View Patients Page.
- 20 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
4. Click View Full Web Statistics. Information about users accessing the studies, such as IP Address of the user’s machine, username, studies viewed, and actions performed are listed in a table.
These statistics would be updated under the local direction of the Administrator.
5.2.1.5 Change a User Password Or Access Level
Changing a user’s password will ensure that data are kept secure on the system. Please obtain local direction to determine official password policy.
Passwords should be changed regularly in accordance with local policy regarding the maximum number of days allowable between changes.
If the Administrator changes a password, the old password will be expired so that the user is forced to change the password the next time the user logs onto the system.
Only the Server Administrator may change a user password. Follow the directions below to change the password.
1. Sign on to the Medweb Server and login using as the Administrator.
2. Click on the Administrator Site button on the Navigation Menu. The next screen will present a table of all current users on the Server.
3. Beside each user listed, the administrator has the option to modify the Users’ Profile, Modify the email Address or Delete the study.
4. Click the pencil icon to modify the password of a user.
5. Enter the new password into the textboxes.
- 21 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
6. To change the Access Level, click the ACL Group drop down menu and choose the appropriate level.
7. Click Confirm Modify.
5.3 Logging and Auditing of User Activity
The Medweb server logs all activity by Date, time, user, and user actions. The administrator can easily see who has accessed the server, and what machine was used to login to the server from the web logging screen. The administrator can also see what patient studies the user accessed from the web interface. All regular user activities are visible from the web-logging screen. The administrator can search for activities of a specific user as well as activities around a specific patient record.
5.4 Remote Access Protection and File Protection
Remote access is only accomplished through a 128-bit SSL connection. After the encrypted connection is established, the remote access user is able to enter a login and password in the SSL link established by the browser.
After entering an incorrect password 3 times in a row, a user account will be disabled and needs to be restarted by the administrator (this rule can be modified, Section 7.1).
File protection is achieved by limiting each user only to specific application guided functions that relate to their particular access need. Therefore the user does not have access to view or modify any file or application that is not “owned” by that user login, or is part of the class of applications that the particular user is allowed to access. Since ALL ACCESS is through the web interface, the user is extremely limited in what applications or files they can access. Web-only access is also effective in restricting direct access to database and OS files. Additional file protection is afforded by leaving ownership of root files separate from ownership of data files associated with the Medweb applications. No user may modify these files directly
except root. All modifications are logged.
5.5 Groups
Groups are meant to further categorize users.
5.5.1 Set Group Defaults Begin by setting the default parameters for new groups.
- 22 ­Medweb Secure DICOM Proxy Webserver
Confidentia
Administrator Guide and User Manual
June 2003
l
1. Go to Administrators Site – Groups.
2. Click the Set Group Defaults Button.
3. Enter maximum allowed disk space for the group by default.
4.Click Save Changes to save or Cancel to return to the previous page.
5.5.2 Add a Group 1 Go to Administrators Site – Groups.
2. Click the Add Group Button.
3. Enter a distinct group name.
4. Enter the maximum allowed disk space or accept the default.
5. Click the boxes adjacent to select the users to add to the group.
6. Click Confirm New Group or Cancel to return to the previous screen.
5.5.3 Delete or Modify a Group
Once a group is added it appears on the Groups List and may be modified or deleted via the pen or trashcan icons.
1.
Go to Administrators Site - Groups
2. Click the pen icon to modify the group
3. The same screen as the Add a group appears. Make the changes and click Confirm Modify to save the changes.
To delete a group, use the Trashcan icon to perform the delete.
5.6 Mailing Lists
Mailing lists are meant to distribute emails to local and remote addresses via one named list.
- 23 ­Medweb Secure DICOM Proxy Webserver
Confidentia
Administrator Guide and User Manual
June 2003
l
5.6.1 add a Mailing List
Add a mailing list of local and remote users.
1.
Go to Administrators Site – Groups
2.
Enter a distinct name for the mailing list.
3. Enter the full email addresses of any remote recipients to be included in the list.
4. Select the name of any local users to be included in the list.
5. Click Confirm New Mailing List to save or Cancel to go back to previous page.
5.6.2 Delete or Modify a Mailing List
1. Go to Administrators Site - Groups
2. Click the pen icon to modify the group
3. The same screen as the Add a Mailing List appears. Make the changes and click Confirm Modify to save
the changes.
To delete a group, use the Trashcan icon to perform the delete.
Note: Any groups you add will be listed as a mailing list as well and may be modified via the pen icon, but not deleted. To delete these group-based mailing lists, remove the group entirely. In either case the mailing list may exist with no users added.
- 24 ­Medweb Secure DICOM Proxy Webserver
Confidentia
Administrator Guide and User Manual
June 2003
l
6.0 Administrative Procedures/Services
6.1 Network Configuration
The server is equipped with a Primary Interface and a Secondary Interface. The primary port is the IP address of the primary interface, which connects to your Intranet and the secondary interface is used to connect out to the Internet or to the Medweb network.
6.1.1 Modifying Network Settings
The web interface should be used to make any changes to existing Ethernet settings. (A gateway address is required to connect to systems outside the local network. It may be left empty if you do not wish to access outside networks. If you are using a modem, the word modem will be in this field.)
1. Sign on to the Medweb Server and login using as the Administrator.
2. Go to Administrator Site - Network
3. Enter the unique name for this server on your network.
4. Enter the domain name for your network.
5. Enter your primary DNS server IP address.
6. Enter an optional secondary DNS server IP address.
7. Enter the default gateway IP address for the network.
8. Select the check box to enable IP forwarding.
9. Enter the unique IP address for the primary interface of this server.
10. Enter the subnet mask for this interface.
11. Select to enable Network Address Translation.
- 25 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
12. The hardware or MAC address of your interface is listed.
13. Enter the unique IP for the secondary interface (optional).
14. Enter the subnet mask for the secondary interface (optional).
15. The hardware or MAC address of the secondary interface is listed.
16. Click Save Changes to save.
6.1.2 Modem Settings
Manage the phone line dial out settings from your server.
1. Click the Modem Button at the top of the screen (Administrator Site – Network).
2. Select the connection mode; ‘Not used’ if you do not use a modem, ‘Dial-on-demand’ to dial
only when there is data to send, ‘Always connected’ to maintain a modem connection at all times.
3. Enter the phone number to dial.
4. Enter the User name to connect to your ISP.
5. Enter the Password used to connect to your ISP. Repeat.
6. Enter any modem initialization strings for dialup (optional).
7. Enter the Fixed Local IP address, if one is assigned.
8. Enter the network’s subnet mask if assigned a fixed IP.
-----Manage the phone line dial up settings to your server:
9. Select to enable Dial-in to your server by checking the check box.
10.Click Save Changes to save or Cancel to return to the previous screen.
6.1.3 Domain Name Service - DNS
Obtain the IP address of the primary Domain Name Service server (DNS server). The DNS server converts between IP addresses and the host names of devices on the network. It is required to receive email.
1. Go to Administrators Site – Control Panel - Domain Name Service (DNS) Server.
- 26 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
2. Select the check box beside DNS to enable DNS serving.
3. Click Parameters to manage settings for DNS server
6.1.3.1 Add Forward Lookup
1. Click the Add Forward Lookup Button.
2.Enter the hostname and domain name for resolution to an IP address.
3.Select the check box to enable Automatic Reverse Lookup Generation to automatically create the Reverse Lookup record (below).
4. Click Update List to save or Cancel to return to the previous screen.
6.1.3.2 Add Reverse Lookup
1. Click the Add Reverse Lookup Button.
2. Enter IP Address, Network Mask number for resolution to a hostname and domain name.
3. Select Automatic Forward Lookup Generation to automatically create the Forward Lookup record (above).
4. Click Update List to save or Cancel to return to the previous screen.
Note: The DNS Settings table should contain 2 hostname/IP address associations for each record. Forward lookups will resolve hostname to IP address; Reverse lookups will resolve IP’s to hostnames
- 27 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
June 2003
l
6.1.3.3 Add Mail Server Lookup
1. Click the Add Mail Lookup button.
2. Enter the name of the host.
3. Enter the domain name of the host.
4. Enter the name of the mail server that will handle mail for accounts on this host.
5. Select a delivery preference: Very Low, Low, High or Very High.
6. Click Update List to save or Cancel to return to the previous screen.
6.1.3.4 Add Alias Lookup
1. Click the Add Alias Lookup button.
1. Enter the alias hostname.
2. Enter the alias domain name.
3. Enter the target hostname.
4. Enter the target domain name.
5. Click Update List to save or Cancel to return to the previous screen.
6.1.3.5 Add Secondary Forward Domain
1. Click the Add Secondary Forward Domain button.
2. Enter the domain name you wish to DNS serve with another host.
3. Enter the hostname of the DNS server for that domain.
4. Click Update List to save or Cancel to return to the previous screen.
6.3.6 Add Secondary Reverse Lookup Domain
1. Click the Add Secondary Reverse Domain button.
- 28 ­Medweb Secure DICOM Proxy Webserver Administrator Guide and User Manual
Confidentia
Loading...
+ 65 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use