Maturity and HIPAA compliance

[Christian-e-S]

Are there any statements about the maturity of the current state of the project? In particular, I would be interested in the following two questions:

• Is the solution already mature enough for production use cases (e.g., managing the data of real clinical trails)?
• Would would be required to set-up a HIPAA-compliant archive with dicom-server? Is following the quickstarts for deployment and enabling AD authorization (https://github.com/microsoft/dicom-server/blob/main/docs/how-to-guides/enable-authentication-with-tokens.md) enough?

[StevenBorg]

@Christian-e-S, thank you so much for the comment. The OSS repo is currently in production use to host medical imaging data. Additionally, the codebase forms the foundation to the DICOM service (https://docs.microsoft.com/en-us/azure/healthcare-apis/dicom/dicom-services-overview), which is part of the Azure Healthcase APIs - a platform-as-a-service which is currently in Public Preview and will shortly move to general availability. At this time, it will be certified for PHI data and will hold several certifications, including HIPAA and HITRUST.

In the case of the Azure Healthcare APIs, Microsoft handles much of the certification burden. The OSS solution, on the other hand, requires the consumer to take responsibility for certifications.