Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2015 May-Jun;35(3):727-35.
doi: 10.1148/rg.2015140244.

De-identification of Medical Images with Retention of Scientific Research Value

Stephen M Moore  1 David R MaffittKirk E SmithJustin S KirbyKenneth W ClarkJohn B FreymannBruce A VendtLawrence R TarboxFred W Prior
Affiliations

De-identification of Medical Images with Retention of Scientific Research Value

Stephen M Moore et al. Radiographics. 2015 May-Jun.

Abstract

Online public repositories for sharing research data allow investigators to validate existing research or perform secondary research without the expense of collecting new data. Patient data made publicly available through such repositories may constitute a breach of personally identifiable information if not properly de-identified. Imaging data are especially at risk because some intricacies of the Digital Imaging and Communications in Medicine (DICOM) format are not widely understood by researchers. If imaging data still containing protected health information (PHI) were released through a public repository, a number of different parties could be held liable, including the original researcher who collected and submitted the data, the original researcher's institution, and the organization managing the repository. To minimize these risks through proper de-identification of image data, one must understand what PHI exists and where that PHI resides, and one must have the tools to remove PHI without compromising the scientific integrity of the data. DICOM public elements are defined by the DICOM Standard. Modality vendors use private elements to encode acquisition parameters that are not yet defined by the DICOM Standard, or the vendor may not have updated an existing software product after DICOM defined new public elements. Because private elements are not standardized, a common de-identification practice is to delete all private elements, removing scientifically useful data as well as PHI. Researchers and publishers of imaging data can use the tools and process described in this article to de-identify DICOM images according to current best practices.

PubMed Disclaimer

Figures

Figure 1
Figure 1
TCIA image de-identification process. Flowchart shows image submission and full de-identification steps, with a detailed description in the text. Both the submitting site and receiving site participate in the process. Specialized open-source software is used at the receiving site with reports reviewed by senior analysts to ensure removal of all PHI.
Figure 2
Figure 2
Chart shows level of detail in our DICOM knowledge base. Each row represents one private element found in the conformance statement published by a manufacturer. From left to right, the columns contain the name of the element, hexadecimal tag of the element, value representation indicating the type of string or binary value used to encode the element, and value multiplicity defining the number of different values found in a single element. The five rightmost columns contain coded entries indicating that the element is referenced in the conformance statement for this model (*) or is no longer supported (X1). (This chart and others can be downloaded from reference .)
Figure 3
Figure 3
Screenshots show an example of the knowledge base’s Web-based user interface. In addition to internal use, the knowledge base allows external users to search for the definitions of private elements. A researcher who finds a private element in his or her own data can use this resource to understand the data without having to search through conformance statements.
See this image and copyright information in PMC

References

    1. Levin A, Nicholson MJ. Privacy law in the United States, the EU and Canada: the allure of the middle ground. Univ Ott Law Technol J 2005;2(2):357–395.
    1. U.S. Department of Health & Human Services . Business Associate Contracts: Sample Business Associate Agreement Provisions. U.S. Department of Health & Human Services Web site. http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contr.... Published January 25, 2013. Accessed May 28, 2014.
    1. Digital Imaging and Communications in Medicine (DICOM) . NEMA Web site. http://medical.nema.org. Accessed April 13, 2014.
    1. Prior FW. Specifying DICOM compliance for modality interfaces. RadioGraphics 1993;13(6):1381–1388. - PubMed
    1. Bidgood WD, Jr, Horii SC, Prior FW, Van Syckle DE. Understanding and using DICOM, the data interchange standard for biomedical imaging. J Am Med Inform Assoc 1997;4(3):199–212. - PMC - PubMed

Publication types