...
Following industry best-practices, TCIA uses a standards-based approach to de-identification of DICOM images to ensure that images are free of protected health information (PHI). The TCIA de-identification process ensures that the HIPAA de-identification standard is met by following the Safe Harbor Method as defined in section 164.514(b)(2) of the HIPAA Privacy Rule. The standard for de-identification of DICOM objects is defined by Attribute Confidentiality Profile – DICOM PS 3.15: Appendix E. At At the submitting site, a DICOM PS 3.15 compliant script removes or modifies DICOM tags deemed to be unsafe (See table 1 for a complete listing). TCIA incorporates the “Basic Application Confidentiality Profile” which is amended by inclusion of the following profile options: Clean Pixel Data Option, Clean Descriptors Option, Retain Longitudinal With Modified Dates Option, Retain Patient Characteristics Option, and Retain Safe Private Option. The de-identification rules applied to each object are recorded by TCIA in the DICOM sequence Method Code Sequence [0012,0063] by entering the Code Value, Coding Scheme Designator, and Code Meaning for each profile and option that were applied to the DICOM object during de-identification. The DICOM standard for de-identification of objects defines a minimum set of elements to de-identify to be in compliance with the standard. TCIA complies with the DICOM standard for data de-identification and applies additional review measures to insure that PHI is removed or cleaned according to the laws and practices in place at the time de-identification occurs. A CTP Script is provided for reference. Please note that use of this script does not ensure the data are free of PHI.
Base level de-identification
...