Get started with the DICOM service

This article outlines the basic steps to get started with the DICOM service in Azure Health Data Services.

As a prerequisite, you'll need an Azure subscription and have been granted proper permissions to create Azure resource groups and to deploy Azure resources. You can follow all the steps, or skip some if you have an existing environment. Also, you can combine all the steps and complete them in PowerShell, Azure CLI, and REST API scripts. You'll need a workspace to provision a DICOM service. A FHIR service is optional and is needed only if you connect imaging data with electronic health records of the patient via DICOMcast.

Screenshot of Get Started with DICOM diagram.

Create a workspace in your Azure Subscription

You can create a workspace from the Azure portal or using PowerShell, Azure CLI, and REST API. You can find scripts from the Azure Health Data Services samples.

Note

There are limits to the number of workspaces and the number of DICOM service instances you can create in each Azure subscription.

Create a DICOM service in the workspace

You can create a DICOM service instance from the Azure portal or using PowerShell, Azure CLI, and REST API. You can find scripts from the Azure Health Data Services samples.

Optionally, you can create a FHIR service and MedTech service in the workspace.

Access the DICOM service

The DICOM service is secured by Azure Active Directory (Azure AD) that can't be disabled. To access the service API, you must create a client application that's also referred to as a service principal in Azure AD and grant it with the right permissions.

Register a client application

You can create or register a client application from the Azure portal, or using PowerShell and Azure CLI scripts. This client application can be used for one or more DICOM service instances. It can also be used for other services in Azure Health Data Services.

If the client application is created with a certificate or client secret, ensure that you renew the certificate or client secret before expiration and replace the client credentials in your applications.

You can delete a client application. Before doing that, ensure that it's not used in production, dev, test, or quality assurance (QA) environments.

Grant access permissions

You can grant access permissions or assign roles from the Azure portal, or using PowerShell and Azure CLI scripts.

Perform create, read, update, and delete (CRUD) transactions

You can perform create, read (search), update and delete (CRUD) transactions against the DICOM service in your applications or by using tools such as Postman, REST Client, cURL, and Python. Because the DICOM service is secured by default, you must obtain an access token and include it in your transaction request.

Get an access token

You can obtain an Azure AD access token using PowerShell, Azure CLI, REST CLI, or .NET SDK. For more information, see Get access token.

Access using existing tools

DICOMweb standard APIs and change feed

You can find more details on DICOMweb standard APIs and change feed in the DICOM service documentation.

DICOMcast

DICOMcast is currently available as an open source project, and it's under private preview as a managed service. To enable DICOMcast as a managed service for your Azure subscription, request access by creating an Azure support ticket by following the guidance in the article DICOMcast access request.

Next steps

This article described the basic steps to get started using the DICOM service. For information about deploying the DICOM service in the workspace, see

FHIR® is a registered trademark of HL7 and is used with the permission of HL7.