1. DICOM Integration
Wawa does not operate a DICOM server, but we are able to integrate with your DICOM server in order to automatically pull data – for example from ultrasound machines.
2. Prerequisites
DICOMWeb Support
The server must support the DICOMWeb standard (QIDO-RS, WADO-RS). This includes a set of tested endpoints for retrieving studies, series, instances, metadata, and images, which follow the standard.
DICOM Tag Compliance
The server should use standard DICOM tags for SR reports and measurement data. If custom tags are used, documentation or sample data must be provided.
Secure Service Account
Unique Service Account: Create a dedicated service account that will only be used by Wawa, and no other human or machine users. Do not use shared or admin credentials.
Principle of Least Privilege: Only grant read-only access to the specific DICOMWeb endpoints and no other administrative or system-level rights.
Strong, Random Password: The password must be a long (20+ characters), complex, and randomly generated string, not a human-memorable word.
Regular Rotation: We recommend rotating these credentials at least annually, or immediately if a compromise is suspected.
IP Allowlisting
For servers exposed publicly on the Internet, only allow our egress IPs access to your servers. This ensures that only requests originating from Wawa's systems are allowed access to your servers.
Wawa's Egress IPs to allowlist (choose your region)
# EU (clinic.wawafertility.com)
52.19.76.222
52.48.12.42
99.81.219.122
# US (clinic.us.wawafertility.com)
34.234.250.165
52.1.93.23
44.207.184.58
# Australia (clinic.au.wawafertility.com)
13.55.103.40
13.236.243.243
52.62.67.46
# Canada (clinic.ca.wawafertility.com)
15.157.152.202
15.157.231.135
3.98.65.111
# UAE (clinic.uae.wawafertility.com)
40.172.28.215
40.172.33.38
51.112.129.160
HTTPS Support
Wawa connects to the DICOM Web Server using an HTTPS protocol. To protect your data, we cannot access insecure HTTP protocol, even on VPN, as that still transmits data without end-to-end encryption.
2.1. Connection via a Cloudflare Tunnel (example)
⚠️ Before starting, make sure that your DICOM server (PACS/Orthanc...) is accessible on the local network (e.g., http://127.0.0.1:8042).
Since the DICOM Web Server is usually hosted on an internal IP address, it must be securely exposed to the internet. Note that without allowlisting our IPs, anyone on the Internet will be able to find and route to your web server.
Steps to configure:
Create an account in Cloudflare and register a domain. Configure IP Access Rules to deny requests from all Internet IPs on that domain, except Wawa's Egress IPs:
34.234.250.165
52.1.93.23
44.207.184.58Install
cloudflared# Debian / Ubunto
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo apt-get install ./cloudflared-linux-amd64.deb
cloudflared -v
# Windows
winget install Cloudflare.cloudflaredAuthenticate
It opens a browser login page and you need to select the domain you have created
cloudflared tunnel login
Create a tunnel
Generates a Tunnel UUID and a JSON credentials file.
cloudflared tunnel create dicom-wawa
Configure the tunnel
/etc/cloudflared/config.ymltunnel: <TUNNEL-UUID>
credentials-file: /etc/cloudflared/<TUNNEL-UUID>.json
ingress:
- hostname: dicom.yournewdomain.com
service: http://127.0.0.1:8042
- service: http_status:404Route DNS
$ cloudflared tunnel route dns dicom-wawa dicom.yournewdomain.com
Run as a Service
# Linux
sudo cloudflared --config /etc/cloudflared/config.yml service install
sudo systemctl enable --now cloudflared
systemctl status cloudflared
#Windows
cloudflared service install
3. Configuring the Integration
This section explains how to configure the DICOM integration inside the Wawa web app, so that a clinic's imaging flows automatically between its PACS server and Wawa.
3.1. Overview
The integration connects a clinic's PACS server to Wawa over DICOMweb, which runs on top of HTTPS. It does two things.
First, it imports ultrasound studies into Wawa. Pregnancy scans and follicle-tracking scans flow across automatically, so that measurements and images appear on the patient record without anyone keying them in.
Second, if using an Orthanc server, it can optionally push scheduled appointments back as DICOM Modality Worklist entries. With this turned on, the ultrasound machines pull the day's patient list automatically rather than relying on operators to type patient details in at the machine.
Before any of this works, PACS server must already be deployed and reachable over HTTPS with the DICOMweb plugin enabled (see Orthanc instructions)
3.2. Prerequisites
You will need the following in place before configuring the integration in Wawa.
An PACS server reachable over HTTPS, with DICOMweb served under a path such as /dicom-web/
The DICOMweb plugin (if needed).
A username and password.
For worklists only: the Orthanc worklists plugin enabled on the server.
For context, a standard Orthanc server listens for DICOM on port 4242 and serves HTTP and DICOMweb on port 8042. In practice external access is normally fronted by an HTTPS reverse proxy, so Wawa talks to the proxy's HTTPS address rather than to those ports directly.
3.3. Enabling the integration
In Wawa, go to Settings, then Integrations, then DICOM, and click Enable DICOM Integration.
Once enabled, the DICOM settings page shows three tabs: Configuration, DICOM Servers and Clinic Assignments. A fourth tab, Worklist Groups, appears only after worklists are switched on, which is covered later in this guide.
3.4. Adding a DICOM Server
Wawa supports more than one DICOM server. A clinic group can register several Orthanc servers, typically one per site, each with its own connection details and paths, although this is not a requirements. Some clinics share the same PACS server even on different locations.
On the DICOM Servers tab, add a server and fill in the following.
Name. A label for the server, for example the name of the clinic site.
Connection. The URL (the Base URI) is the DICOMweb root. It must use HTTPS. The trailing slash matters, because the standard paths described in section 5 are appended to it.
Username and Password for Orthanc here.
DICOM Configuration. Set the Timezone to the local time zone of the DICOM server and its modalities. Wawa uses it to interpret study timestamps correctly and to format the scheduled date and time on worklist entries. This section also holds the five standard paths, covered in detail in section 5.
Default DICOM server. This toggle marks the server as the fallback used for any clinic that has not been given a specific server on the Clinic Assignments tab. Only one server can be the default.
3.5. Standard paths and placeholders
The five paths follow DICOMweb conventions. Queries use QIDO-RS and retrieval uses WADO-RS, and the defaults align with a standard Orthanc setup. Wawa fills these in with sensible Orthanc defaults, so most clinics never need to change them.
The Base URI for a standard Orthanc server is https://<your-domain>/dicom-web/, and each path above is appended to it.
The fragments written as %{study_uid}, %{series_uid}, %{instance_uid} and %{frame_number} are placeholders. Wawa fills them in automatically each time it queries the server, substituting the relevant identifier. They are not literal text, and the clinic must never replace them by hand. They simply mark where Wawa inserts each identifier.
3.6. Clinic Assignments
On the Clinic Assignments tab, assign a DICOM server to each clinic. This determines which server receives and serves imaging data for patients at that location.
A patient's imaging is synchronised from the server or servers assigned to that patient's clinic or clinics. Any clinic without an assignment falls back to the default DICOM server. If no servers are configured at all, nothing is synchronised.
3.7. Testing the connection
Each DICOM server has a Test Connection action that checks Wawa can reach it and read studies. A successful test reports how many studies were found.
The most common failure is the test reporting that the server returned plain study IDs instead of structured DICOM+JSON objects.
There is also an important warning to understand about Structured Reports. Ultrasound measurements, for example follicle measurements, are carried in DICOM Structured Report (SR) data. If the studies found contain only images and no SR data, the test warns that those studies will be skipped, because Wawa needs the SR to import measurements. Plain image-only studies are not imported as measurements.
3.8. Worklists: how to set them up
On the Configuration tab, switch on Orthanc worklists enabled. When this is on, Wawa sends scheduled appointments to Orthanc as DICOM worklist entries, so scanners can pull patient lists automatically. This requires the Orthanc worklists plugin to be enabled on the server.
Switching it on reveals the Worklist Groups tab.
A Worklist Group groups worklist entries for a clinic and addresses them to a particular modality. Each group has the following.
Group name. A label, for example "Theatre 1".
AE Title. The Application Entity Title the worklist entries are addressed to. It must match the AE Title configured on the target ultrasound machine, otherwise the device will not see its patient list.
Clinic. Which clinic the group belongs to.
Set as this clinic's default. One group per clinic can be the default, used when a scheduled appointment does not pick a specific group.
In plain terms: when an appointment is scheduled at a clinic, Wawa creates a worklist entry addressed to the AE Title of the appointment's worklist group, or the clinic's default group. If no group applies, the entry is addressed to a wildcard AE Title (`*`), meaning any querying device can retrieve it.
3.9. Worklists: how they work
Here is the round trip from a scheduled appointment to images on the patient record.
When an appointment is scheduled and worklists are enabled, Wawa sends the worklist entry to Orthanc over DICOMweb. Sending the same appointment again updates the existing entry rather than creating a duplicate.