Protecting Protected Health Information from DICOM images

3
votes

I am new to PACS and I would like to get some clarification about the web-based PACS system. Almost all the articles in internet talks about the Protected Health Information (PHI) that is associated with a DICOM image and recommending to rip off this information before sharing the image to someone else. I would like to understand how it can be done.

I am aware that if we convert the DICOM image into a PNG or JPEG image the DICOM header information will be removed. But, I wonder what if we need the original DICOM image any time and how do we re-create the PHI into a PNG image and get it as a DICOM

I have an apache web server and a MySQL database, both are installed in separate ubuntu servers. I want to know how can I securely share the patient scan/X-ray images via internet.

I really appreciate if someone could explain me in detail and thank you for your time and consideration.

2
dicom
If you share the image (with accompanying PHI) with someone else, aren't you then acting as a de facto PACS server? Doesn't that defeat the purpose of the PACS API? It isn't that it is recommended to remove the PHI, it's a requirement unless you have HIPAA ageements in place with the people you're sharing with, and protect the PHI per statute.Tim
Thanks. But in case if I need to protect the PHI, what is the best way to it? Just use a converter at that place to convert DICOM to PNG or JPG and then provide the converted image to the viewer? I guess I may need to encode a converter into a php script when the "protect PHI" option is selected by a user. Please advise.Manny
DICOM anonymizer would be a relevant keyword to google. These are programs and libraries, that remove PHI from DICOM images, but leave the images themselves still formatted as DICOM.Tarmo R
Please note that the image itself may have patient identifying information (typical in Ultrasound). Are you planning anyone to see your images or restricted only for the authorized user? Why not implement an access control.LEADTOOLS Support
Yes, I would like to share the image to a doctor when needed via e-mail or send a link to the file from the website.Manny

2 Answers

1
votes

PHI stands for Personal Health Information, not Protected Health Information.

A scan stored in the DICOM format contains many tags, some of which could identify the subject. There are some anonymizer programs you could incorporate in your setup.

Two programs I have tested are:

  • the CTP program by the RSNA project. (free and open source java)

  • Neologica's Dicom Anonymizer (free to use trial)

    I'd post the link, but need 10 rep to post more than two links which is completely stupid, but please try it out.

Both have an understandable interface and easy configuration wherein you can decide which tag content to remove, or what to replace it with.

You should really read up on the tags and possibilities, but to give you an idea:

CTP anonymizer

CTP anonymizer

Neologica's anonymizer

Neologica's anonymizer

1
votes

You need to make a distinction in between :

  • An Anonymization process
  • A de-identification process

In the case of Anonymization everything is lost for good as you mentionned. In the case of de-identification everything is hidden. This is described specifically within the DICOM Standard E.1 Application Level Confidentiality Profiles.

While there are plenty of non-standard DICOM anonymizer out there (use dd or hexedit in the worse case), there are very few de-identifiers out there. gdcmanon implement a previous DICOM release (before Supp 142 came out) in the command line tool.

You may want to read also: An Open Source Toolkit for Medical Imaging De-Identification.

And if this still not enough reading, I suggest you also dive into the world of 'Private Attributes' (!= Public attributes), with the particular issue explained here regarding PHI.