Dicom anonymization policies - DICOM

This is a discussion on Dicom anonymization policies - DICOM ; Hi there, Because of some projects I'm related with I wanted to transfer some radiological information (this is DICOM instances plus some additional related information) outside of healthcare center bounds. Obviously this (headaches apart) brought us to look for some ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Dicom anonymization policies

  1. Dicom anonymization policies

    Hi there,

    Because of some projects I'm related with I wanted to transfer some
    radiological information (this is DICOM instances plus some additional
    related information) outside of healthcare center bounds.
    Obviously this (headaches apart) brought us to look for some
    information about security and anonymization, and pointed us to the
    "Teaching file and Clinical trial Export" IHE Profile (which is since
    2005 in a draft status!) and also to the annex E of the part 15 of the
    DICOM standard, "Attribute Confidentiality Profiles". Where there's an
    attributes list proposed for the standard to guarantee the
    confidentiality of the patient's identity.
    That's fine for me but as said in the standard text these may not be
    enough attributes to ensure this confidentiality and "National and
    local regulations, which may vary, might require that additional
    attributes be de-identified". So, I ask:

    Since what I'm trying to do involves centers in different EU countries
    and hoping maybe some of you have some information regarding with that
    i want to know if there are some specific policies for that at
    European level? There's something "official" I can point at to prove
    I'm working correctly? Or i just have to negotiate with every center
    which information can and which can not be exported out of the center
    itself at our own ethical criteria.

    Any information or resource related with this would be gladly
    appreciated. Feel free to contact me for any extra information about
    that.

    Thanks in advanced,
    Jordi

  2. Re: Dicom anonymization policies

    Hello Jordie,

    As you can see, this is not an easy topic to reply to.

    If I had to find a correct answer, I would start with the target markets
    and find out their requirements - e. g. the EC regulations (
    http://ec.europa.eu/justice_home/fsj/privacy/ ) or the US HIPAA (
    http://www.cms.hhs.gov/HIPAAGenInfo/ ).

    It is always a good idea to remove and replace anything that may give
    hints that make it possible to find out about the Patient, the device
    and the date and time of the procedure (UIDs, they may contain Device
    identifiers in their "extended" root!), and so on.

    Remember to remove attributes where you do not really know if they
    contain identification information - especially private attributes!

    I know that the Department of Veteran Affairs in the USA has very strict
    regulations, so this is a good point to start researching.

    Another idea would be to review post discussions in this newsgroup,
    there have been several threads dealing with the issue.

    Finally, in many countries you will have to get the patient's clearance
    that his clinical data may be used in anonymized form for research or
    similar. I heard about hospitals that add default terms to their privacy
    contracts to be signed by the patients.

    Sorry not to be able to provide a complete list of attributes off the
    cuff, but if a client would ask me for that research, I would surely
    quote more than a week's work for that study and refuse to guarantee for
    completeness ;-)

    Hope this helps,


    Peter

  3. Re: Dicom anonymization policies

    You should know that it may be more complicated than you expect.

    It is not enough to remove all identifying attributes from single
    objects!
    Many objects have references to others
    - FOR PRESENTATION objects refer to their FOR PROCESSING ones
    - presentation states refer to objects whihc took part on the
    presentation
    - structured report reference other objects
    etc.

    Depending on how complete your objects shall continue to work you have
    to correct all references too!

  4. Re: Dicom anonymization policies

    Thanks to both of you, I've been out for holidays and didn't noticed
    about the late replies to my question. In fact, i didn't expect them
    so was a nice surprise
    As I thought seems to be a bit unclear what to do in that case I'm on
    even if one can apply common sense and do it at her/his own.

    Peter:

    I'll take in consideration your tips, definitively I'll look at the
    links you posted for more institutional info. In addition I'll
    continue my work by checking specific privacy policies in the
    Healthcare centers we are dealing with. They will mark our
    restrictions and configure the specification sheet we have.

    Sascha:

    You are right, is not easy plain anonymization. Some kind of recursive
    search shall be applied in order to check that all the satellite
    objects referenced by the object itself taken out of the center not
    only have their information anonymized but also it is done in a
    coherent manner (same anonymized UID shall be used both in the
    referencing object and in the referenced one).

    cheers,
    Jordi

    On Jun 24, 4:38 pm, Sascha Bohnenkamp wrote:
    > You should know that it may be more complicated than you expect.
    >
    > It is not enough to remove all identifying attributes from single
    > objects!
    > Many objects have references to others
    > - FOR PRESENTATION objects refer to their FOR PROCESSING ones
    > - presentation states refer to objects whihc took part on the
    > presentation
    > - structured report reference other objects
    > etc.
    >
    > Depending on how complete your objects shall continue to work you have
    > to correct all references too!



  5. Re: Dicom anonymization policies

    On Jun 30, 1:18*pm, Jordi wrote:
    > Thanks to both of you, I've been out for holidays and didn't noticed
    > about the late replies to my question. In fact, i didn't expect them
    > so was a nice surprise
    > As I thought seems to be a bit unclear what to do in that case I'm on
    > even if one can apply common sense and do it at her/his own.
    >
    > Peter:
    >
    > I'll take in consideration your tips, definitively I'll look at the
    > links you posted for more institutional info. In addition I'll
    > continue my work by checking specific privacy policies in the
    > Healthcare centers we are dealing with. They will mark our
    > restrictions and configure the specification sheet we have.
    >
    > Sascha:
    >
    > You are right, is not easy plain anonymization. Some kind of recursive
    > search shall be applied in order to check that all the satellite
    > objects referenced by the object itself taken out of the center not
    > only have their information anonymized but also it is done in a
    > coherent manner (same anonymized UID shall be used both in the
    > referencing object and in the referenced one).
    >
    > cheers,
    > Jordi
    >
    > On Jun 24, 4:38 pm, Sascha Bohnenkamp wrote:
    >
    >
    >
    > > You should know that it may be more complicated than you expect.

    >
    > > It is not enough to remove all identifying attributes from single
    > > objects!
    > > Many objects have references to others
    > > - FOR PRESENTATION objects refer to their FOR PROCESSING ones
    > > - presentation states refer to objects whihc took part on the
    > > presentation
    > > - structured report reference other objects
    > > etc.

    >
    > > Depending on how complete your objects shall continue to work you have
    > > to correct all references too!- Hide quoted text -

    >
    > - Show quoted text -


    Hi Jordi,

    I have a little anonimizer that we have developed here that does
    exactly this. Is it of any interest for you?

    Roni

  6. Re: Dicom anonymization policies

    Hi Jordi

    Your timing is excellent, since in various different groups we having
    been discussing the need to address standards for what to remove for
    what purposes during de-identification to address global clinical
    trials, both to guide software implementers but also to provide
    consensus standards about how to balance the need for privacy with
    the need for the images to remain useful for the intended purpose.

    To this end, the DIA/phRMA roundtable sub-group on site interfaces
    encouraged us (DICOM) to come up with a standard, and a draft of
    the work is now available at:

    ftp://medical.nema.org/medical/dicom.../sup142_02.pdf
    ftp://medical.nema.org/medical/dicom.../sup142_02.doc

    This is only an early draft, but it does reflect a considerable
    amount of discussion over the details that has preceded it, and
    so may be helpful in making your own assessment.

    The bottom line is that there will be profiles that define how
    to remove "everything" such that all local and nationally
    specific requirements for privacy can be satisfied, and specific
    options for dealing with high risk material (like burned in
    identification) and retaining critical personal information
    that might otherwise be removed but is required to do the job
    (like weight for PET).

    The goal is indeed to remove the need to negotiate with individual
    centers, particularly at the individual attribute level.

    Anyone is welcome to join WG 18 to work on this, or contribute
    comments as they see fit.

    David

    jhuguetn@gmail.com wrote:
    > Hi there,
    >
    > Because of some projects I'm related with I wanted to transfer some
    > radiological information (this is DICOM instances plus some additional
    > related information) outside of healthcare center bounds.
    > Obviously this (headaches apart) brought us to look for some
    > information about security and anonymization, and pointed us to the
    > "Teaching file and Clinical trial Export" IHE Profile (which is since
    > 2005 in a draft status!) and also to the annex E of the part 15 of the
    > DICOM standard, "Attribute Confidentiality Profiles". Where there's an
    > attributes list proposed for the standard to guarantee the
    > confidentiality of the patient's identity.
    > That's fine for me but as said in the standard text these may not be
    > enough attributes to ensure this confidentiality and "National and
    > local regulations, which may vary, might require that additional
    > attributes be de-identified". So, I ask:
    >
    > Since what I'm trying to do involves centers in different EU countries
    > and hoping maybe some of you have some information regarding with that
    > i want to know if there are some specific policies for that at
    > European level? There's something "official" I can point at to prove
    > I'm working correctly? Or i just have to negotiate with every center
    > which information can and which can not be exported out of the center
    > itself at our own ethical criteria.
    >
    > Any information or resource related with this would be gladly
    > appreciated. Feel free to contact me for any extra information about
    > that.
    >
    > Thanks in advanced,
    > Jordi


+ Reply to Thread