Skip to main content

Integration: DICOM

Integrate with your DICOM server to automate the pulling of data – such as from ultrasound scan machines.

Kiera Frances Martin avatar
Written by Kiera Frances Martin
Updated over 2 months ago

1. DICOM Integration

Wawa does not operate a DICOM server, but we are able to integrate with your DICOM server in order to automatically pull data – for example from ultrasound machines.

2. Prerequisites

DICOMWeb Support

The server must support the DICOMWeb standard (QIDO-RS, WADO-RS). This includes a set of tested endpoints for retrieving studies, series, instances, metadata, and images, which follow the standard.

DICOM Tag Compliance

The server should use standard DICOM tags for SR reports and measurement data. If custom tags are used, documentation or sample data must be provided.

Secure Service Account

  1. Unique Service Account: Create a dedicated service account that will only be used by Wawa, and no other human or machine users. Do not use shared or admin credentials.

  2. Principle of Least Privilege: Only grant read-only access to the specific DICOMWeb endpoints and no other administrative or system-level rights.

  3. Strong, Random Password: The password must be a long (20+ characters), complex, and randomly generated string, not a human-memorable word.

  4. Regular Rotation: We recommend rotating these credentials at least annually, or immediately if a compromise is suspected.

IP Allowlisting

For servers exposed publicly on the Internet, only allow our egress IPs access to your servers. This ensures that only requests originating from Wawa's systems are allowed access to your servers.

Wawa's Egress IPs to allowlist (choose your region)

# EU (clinic.wawafertility.com)
52.19.76.222
52.48.12.42
99.81.219.122

# US (clinic.us.wawafertility.com)
34.234.250.165
52.1.93.23
44.207.184.58

# Australia (clinic.au.wawafertility.com)
13.55.103.40
13.236.243.243
52.62.67.46

# Canada (clinic.ca.wawafertility.com)
15.157.152.202
15.157.231.135
3.98.65.111

# UAE (clinic.uae.wawafertility.com)
40.172.28.215
40.172.33.38
51.112.129.160

HTTPS Support

Wawa connects to the DICOM Web Server using an HTTPS protocol. To protect your data, we cannot access insecure HTTP protocol, even on VPN, as that still transmits data without end-to-end encryption.

2.1. Connection via a Cloudflare Tunnel (example)

⚠️ Before starting, make sure that your DICOM server (PACS/Orthanc...) is accessible on the local network (e.g., http://127.0.0.1:8042).

Since the DICOM Web Server is usually hosted on an internal IP address, it must be securely exposed to the internet. Note that without allowlisting our IPs, anyone on the Internet will be able to find and route to your web server.

Steps to configure:

  1. Create an account in Cloudflare and register a domain. Configure IP Access Rules to deny requests from all Internet IPs on that domain, except Wawa's Egress IPs:

    34.234.250.165
    52.1.93.23
    44.207.184.58

  2. Install cloudflared 

    # Debian / Ubunto
    wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
    sudo apt-get install ./cloudflared-linux-amd64.deb
    cloudflared -v

    # Windows
    winget install Cloudflare.cloudflared

  3. Authenticate

    It opens a browser login page and you need to select the domain you have created

    cloudflared tunnel login

  4. Create a tunnel

    Generates a Tunnel UUID and a JSON credentials file.

    cloudflared tunnel create dicom-wawa

  5. Configure the tunnel

    /etc/cloudflared/config.yml

    tunnel: <TUNNEL-UUID>
    credentials-file: /etc/cloudflared/<TUNNEL-UUID>.json

    ingress:
      - hostname: dicom.yournewdomain.com
        service: http://127.0.0.1:8042
      - service: http_status:404

  6. Route DNS

    $ cloudflared tunnel route dns dicom-wawa dicom.yournewdomain.com

  7. Run as a Service

    # Linux
    sudo cloudflared --config /etc/cloudflared/config.yml service install
    sudo systemctl enable --now cloudflared
    systemctl status cloudflared

    #Windows
    cloudflared service install

3. Configuring the Integration

Once the prerequisites are met, you are in a position to configure the integration, so you need to navigate to the "Integrations" section in the settings of your wawa account.

From here, you select the "DICOM" integration.

  1. Enter Authentication Details

    1. Provide your username and password

    2. Enter the base URI for your DICOM server (must support HTTPS).

  2. Configure Standard Paths

    1. Studies Path

    2. Series Path

    3. Instances Path

    4. Metadata Path

    5. Image Path

    These paths follow DICOM standards and should align with commonly used open-source configurations (e.g., Orthanc).

  3. Save and test the connection

⚠️ The %{study_uid}, %{series_uid}, %{instance_uid}, and %{frame_number} are placeholders.

3.1. Default Orthanc DICOMWeb Paths

If you are using Orthanc as your PACS server, please make sure the integration is configured with the following paths:

base_uri: "https://<your-domain>/dicom-web/" all_studies_uri: "studies" all_series_uri: "studies/%{study_uid}/series" all_instances_uri: "studies/%{study_uid}/series/%{series_uid}/instances" instance_metadata_uri: "studies/%{study_uid}/series/%{series_uid}/instances/%{instance_uid}/metadata" instance_image_uri: "studies/%{study_uid}/series/%{series_uid}/instances/%{instance_uid}/frames/%{frame_number}"

👉 For example, if your domain is https://dicom.yourclinic.com, then your Base URI should be: https://dicom.yourclinic.com/dicom-web/

You should not replace them manually — Wawa automatically fills these values when querying the PACS.

4. Testing and Validation

After configuration and access are in place, you can perform a simple test by inputting a patient ID of choice in the test field, and clicking "Test Connection".

→ Successful configuration will result in a green box, informing you how many studies were found for that patient.

For a full guided walkthrough, see the video below:

Did this answer your question?