Paras Lakhani MD, Presenter: Nothing to Disclose

James Y. Chen MD, Abstract Co-Author: Nothing to Disclose

Paul G. Nagy PhD, Abstract Co-Author: Nothing to Disclose

Nabile M. Safdar MD, Abstract Co-Author: Partner, iVirtuoso, Inc Research support, General Electric Company

To determine the efficacy of freely available DICOM software for anonymizing protected health information (PHI) and other patient-specific information from DICOM headers.

A fictitious DICOM file was created that had 11 attributes directly containing PHI as defined by the Health Insurance Portability and Accountability Act (HIPAA).  In addition, the file contained 38 tags with information specific to the patient or study that could lead to the detection of the patient's identity.  This included information about the referring physician, institution, accession number, study id, study date/time, patient's gender, ethnicity, unique service-object pairs (SOP) and other unique identifiers (UID).  We then anonymized the DICOM fields using one of 7 freely available DICOM anonymization tools.  The DICOM headers of pre- and post-processed files were then analyzed, and any modifications, deletions, or lack thereof were tabulated on a spreadsheet.  Only the default anonymization settings were assessed.  The features of some programs that permitted modifications of any DICOM attributes after extra configuration were not assessed.

Only two DICOM programs anonymized 100% of tags directly containing PHI named by HIPPA.  DICOMWORKS anonymized the least PHI (18%), followed by MIRC (45%), DVTK (55%), RUBO (64%), OSIRIX (64%), FP IMAGE (100%), and DICOM ANON LIGHT (100%) using their default settings. All of the programs failed to anonymize some degree of patient- or study-specific information that could potentially represent or lead to discovery of PHI or patient identity.  MIRC anonymized the least of this information (16%), followed by DICOMWORKS (26%), OSIRIX (39%), FP IMAGE (50%), RUBO (53%), DVTK (66%), and DICOM ANON LIGHT (84%).

Many freely available DICOM anonymizers still leave PHI and other specific information that could represent or lead to the identity of a patient, and therefore vigilance should be used even after anonymization.  Knowledge of your institution's DICOM header information and utilization of tools customized to remove or alter any DICOM field will help ensure proper de-identification.

DICOM files are frequently shared among physicians or online, yet many still contain PHI or potential PHI after anonymization, which is important to consider regarding HIPAA and patient privacy.

Lakhani, P, Chen, J, Nagy, P, Safdar, N, Protecting Your Patient's Privacy: Is Your DICOM Anonymizer Working for You?.  Radiological Society of North America 2009 Scientific Assembly and Annual Meeting, November 29 - December 4, 2009 ,Chicago IL. http://archive.rsna.org/2009/8011488.html