Privacy & Compliance

Why Your DICOM Viewer Should Work 100% Offline

Updated April 2026 · 5 min read

Many modern DICOM viewers require uploading medical images to cloud servers for viewing. While convenient, this approach raises serious privacy, compliance, and practical concerns. Here's why offline-first DICOM viewing should be the default.

The HIPAA Problem with Cloud Viewers

HIPAA (Health Insurance Portability and Accountability Act) regulates how Protected Health Information (PHI) is stored and transmitted. DICOM files are rich with PHI — patient name, date of birth, medical record number, referring physician, and the images themselves.

When you upload a DICOM file to a cloud viewer, you're transmitting PHI to a third-party server. This requires:

A Business Associate Agreement (BAA) with the cloud provider
Encryption in transit and at rest
Access controls and audit logging
Data retention and deletion policies
Breach notification procedures

Many free cloud DICOM viewers don't offer BAAs or meet these requirements. Using them with real patient data is a compliance risk.

The Practical Problem

Beyond compliance, cloud viewers have practical issues:

Upload time: A 500-slice CT study is 200-500 MB. Uploading on hospital WiFi can take minutes.

Internet dependency: Hospital basements, rural clinics, and airplanes have no reliable internet.

Data residency: Some jurisdictions require medical data to remain within national borders.

Server downtime: Cloud services have outages. Local processing never goes down.

Speed: Network latency adds seconds to every operation. Local processing is instant.

The MedScan Approach: Offline-First

MedScan was designed from the ground up for offline operation:

All DICOM parsing, rendering, and navigation happens locally on your device

No account registration — no user database to breach

No telemetry on medical images — only anonymous app usage analytics

AI analysis (Pro) sends only the current slice — never the full study or DICOM metadata

Cloud vs Offline: Quick Comparison

Aspect	Cloud Viewers	MedScan (Offline)
PHI transmitted	Yes — to cloud	No — stays on device
Works without internet	No	Yes
Upload required	Yes (minutes)	No (instant open)
BAA required	Yes	Not applicable
Speed	Network-dependent	33ms cached reopen
Account required	Usually yes	No

When Online is Acceptable

Offline-first doesn't mean never-online. MedScan's AI analysis feature requires internet to send the current slice for processing. But it's designed with privacy in mind: only the rendered image is sent (as JPEG), stripped of all DICOM metadata. The AI provider doesn't store the image beyond the request.

This hybrid approach gives you the best of both worlds: complete offline capability for viewing and analysis, with optional AI assistance when you need a second opinion.