De-Identification
The De-Identification module enables the automated detection and anonymization of Protected Health Information (PHI) from medical imaging datasets, specifically DICOM-formatted studies. Designed to support regulatory compliance (e.g., HIPAA, GDPR), clinical research, and data sharing, this module applies ontology-driven anonymization rules to both metadata and image pixels while offering visual quality assurance and structured export capabilities.
De-identification Process
This video demonstrates the interface visually without audio narration.
Key Capabilities
This module provides:
- Automated PHI detection in DICOM metadata and pixel content
- Configurable, standards-aligned anonymization profiles
- Side-by-side visual validation via DICOM viewer
- Support for both cohort- and source-based workflows
- Detailed audit and processing statistics
- Export options for research and regulatory workflows
De-Identification Dashboard
Summary Metrics
The dashboard offers real-time status tracking via system-wide indicators:
- Total De-Identifications: Cumulative jobs executed
- Completed: Successfully finalized workflows
- In Progress: Active anonymization processes
- Pending Review: Awaiting manual validation
- Failed: Jobs with processing or rule application errors
De-Identification Job Table
Each job includes:
- Name and Status (e.g., Completed, In Progress, Requires Review)
- Profile Applied (e.g., HIPAA, GDPR, trial-specific templates)
- Workflow Type (Cohort-based or Source-based)
- PHI Detection Metrics
- Processing Timestamps
- Actions (view details, export results, edit profile)
Launching a New De-Identification Workflow
To initiate a job:
- Click New De-Identification.
- Choose a data source:
- A defined Cohort (patient-level imaging collection), or
- A Source (e.g., external PACS or cloud imaging store).
- Select an Anonymization Profile aligned with institutional or regulatory policy.
- Confirm and initiate processing.
The system scans all slices for PHI in both metadata and burned-in text, then applies rule-based redaction or transformation accordingly.
De-Identification Job Details
Selecting a job opens a multi-panel interface to review, validate, and finalize results.
1. Patient Panel
A filterable sidebar lists all patients in the job, displaying:
- Age, Sex
- Total Documents
- Number of Imaging Studies
Selecting a patient updates the main viewing area with relevant imaging and de-identification statistics.
2. DICOM Viewer (Split View)
A dual-pane viewer enables image-level quality assurance:
- Left: Original DICOM image
- Right: De-identified version
Viewer Features:
- Slice Navigation (scroll and scrubber tools)
- Zoom & Pan
- Window/Level Controls
- Reset View & Synchronize Scroll
- Highlight PHI Regions
- Display Metadata Tags Overlay
This configuration allows precise visual verification of PHI removal and anonymization fidelity.
3. Metadata Inspector
Displays a side-by-side comparison of DICOM metadata:
- Original Headers
- De-identified Headers
- Change Summary (modified, masked, or removed tags)
Metadata categories typically reviewed include:
- Patient identifiers
- Study and series descriptors
- Institutional metadata
- Timestamps and acquisition details
4. De-Identification Statistics Panel
A structured summary of anonymization performance per study:
General Metrics
- Total Slices
- Slices with Detected PHI
- Detection Rate (%)
Pixel-Based PHI
- Detected Instances
- Cleared (Anonymized)
- Rejected
- Pending Manual Review
Entity Breakdown
- Name
- Medical Record Number (MRN)
- Institution
- Dates
- Other structured identifiers
Metadata PHI
- Field-level enumeration of PHI tags
- Anonymization status for each DICOM tag
Outcome Summary
- Successful: All PHI addressed per profile
- Failed: Errors encountered
- Requires Review: Manual intervention recommended
Pipeline Metadata
Includes operational metadata for auditing and reproducibility:
- Profile Used
- Execution Time
- Processor ID (if applicable)
- Final Status
Export & Data Persistence
Once reviewed, anonymized data can be:
- Exported Locally: For research or regulatory submission
- Saved to Internal Patient Journey Intelligence Storage: For downstream use
- Linked to OMOP-CDM: To enable imaging analytics within the broader structured data ecosystem
A final confirmation banner summarizes the number of exported studies, series, and slices.
De-Identification Profiles Management
Profiles govern what PHI is removed and how.
Profile Configuration Includes:
- Tag-level Rules: Drop, replace, or hash
- Pixel-level Detection Thresholds
- Pattern Recognition Settings
- Regulatory Compliance Targets (e.g., HIPAA Safe Harbor, GDPR, ICH GCP)
Admin Capabilities:
- Create Custom Profiles
- Edit or Clone Existing Profiles
- Temporarily Disable Profiles
- Preview Rule Effects on sample data
Typical Profiles:
- HIPAA Minimal Safe Harbor
- GDPR-Compliant Template
- Clinical Trial Redaction Policy
- Institutional Custom Profiles
Best Practices
- Validate profiles on pilot datasets before production-scale use
- Utilize split-view comparisons to verify pixel-level anonymization
- Review DICOM headers for residual identifiers
- Align de-identification rules with study-specific requirements
- Document usage of each profile to support audit trails and reproducibility
The De-Identification module provides a secure, transparent, and flexible platform for the anonymization of imaging datasets within Patient Journey Intelligence.
Its capabilities include:
- Automated detection and removal of PHI in both pixels and metadata
- Standards-aligned de-identification profiles for global compliance
- Visual and metadata validation tools to ensure QA
- Detailed reporting and traceability for regulatory support
- Seamless export and OMOP linkage for downstream analytics
By operationalizing de-identification at scale, this module helps healthcare organizations protect patient privacy while enabling research, data sharing, and AI development.