Storing DICOM headers in SQL & HIPAA
Question
I am reading DICOM headers and storing them in a database. Is there a list of DICOM objects that need to be store encrypted or anonymized in order to be HIPAA compliant?
This is the sort of list of DICOM tags we are storing: PatientID, PatientsName, PatientsBirthDate, StudyDate, StudyInstanceUid, SopInstanceUid, etc...
Solution
Interesting question. I've never come across a specific list that is ordered by dicom tag.
There is a dicom header anonymizer written as a Ruby gem (Ruby-Dicom).
Looking at it's source code here, I see that these are the fields they chose to address starting around line #663:
["0008,0012", "20000101", false], # Instance Creation Date ["0008,0013", "000000.00", false], # Instance Creation Time ["0008,0020", "20000101", false], # Study Date ["0008,0023", "20000101", false], # Image Date ["0008,0030", "000000.00", false], # Study Time ["0008,0033", "000000.00", false], # Image Time ["0008,0050", "", true], # Accession Number ["0008,0080", "Institution", true], # Institution name ["0008,0090", "Physician", true], # Referring Physician's name ["0008,1010", "Station", true], # Station name ["0008,1070", "Operator", true], # Operator's Name ["0010,0010", "Patient", true], # Patient's name ["0010,0020", "ID", true], # Patient's ID ["0010,0030", "20000101", false], # Patient's Birth Date ["0010,0040", "N", false], # Patient's Sex ["0020,4000", "", false], # Image Comments
OTHER TIPS
The GDCM project has a tool called gdcmanon that also annonymizes the data. The description in the man page describes that the tool claims that it's following a section out of the DICOM specification.
The gdcmanon tool is an implementation of PS 3.15 / E.1 / Basic Application Level Confidentiality Profile (Implementation of E.1.1 De-identify & E.1.2 Re-identify)
The man page has some further links to the DICOM spec.
The DICOM Standard at the time of releasing gdcmanon is:
ftp://medical.nema.org/medical/dicom/2008/
Direct link to PS 3.15-2008:
ftp://medical.nema.org/medical/dicom/2008/08_15pu.pdf