gms | German Medical Science

Introduction: Data anonymization refers to the removal or encoding of identifiers that link individuals to the stored data in order to preserve private or confidential information. This protects the privacy of individuals and corporations while ensuring that the data collected and exchanged is credible. The use of anonymized data allows data to be shared with a secondary audience, such as other institutions, research organizations, or individuals.

The anonymization algorithms can be applied to research documents and datasets, such as trial results. The patient records are often in document form whereas the clinical trial data is usually in quantitative tabular form. Images and videos of patients, however, need to be considered and anonymized separately before they can be used for research and investigation.

Although there are several researches and projects done in medical tabular data anonymization [1] and semi-automatic DICOM image anonymization [2], to the best of our knowledge, there is no work done on the automatic anonymization pipeline of non-tabular medical datasets. In this work, we focus on medical image datasets and introduce a concept towards an automatic DICOM anonymization pipeline for medical datasets such as CT and Ultrasound.

Methods: The proposed method involves three main parts:

• Pipeline structure: Talend studio software is used to read, call the anonymization methods and transfer images.
• Anonymization of DICOM headers: In the US for instance, the Health Insurance Portability and Accountability Act (HIPAA), provides the standard for the de-identification of protected health information and lists 18 identifiers that must be treated with special care [3]. The list varies between organizations and countries. In this study, DICOM header anonymization is done by applying algorithms based on any customized input list of headers to delete sensitive personal data.
• Fade-out information burned on image pixels: some types of images, particularly ultrasound images contain additional, partly sensitive information burned into the pixel data, which must be faded out or blurred.

Results: The proposed method was successfully tested on two publicly available datasets [4], [5]. First, the DICOM headers are anonymized based on an input list of identifiers. Next, all bounding boxes and coordinations of texts in the image are extracted and saved as a CSV file using the text-detection method CRAFT [6]. As a last step, the information inside the extracted bounding boxes faded out in the original image.

Discussion: The introduced method was successfully tested on two publicly available datasets, however, some important points should be considered for the next studies to address real-world problems. The anatomical structures in the image can be used for identification. The manipulation of anatomical connectivity might be considered a possible solution to this issue. Furthermore, since there is no standard for the data burned onto images, a further step should be designed to modify selected bounding boxes and prevent text from being detected incorrectly.

Conclusion: We proposed a pipeline to anonymize medical images focusing on DICOM headers as well as burned data on images, making the data suitable for use by research institutes.

The authors declare that they have no competing interests.

The authors declare that an ethics committee vote is not required.