Moore Stephen M, Maffitt David R, Smith Kirk E, Kirby Justin S, Clark Kenneth W, Freymann John B, Vendt Bruce A, Tarbox Lawrence R, Prior Fred W
From the Mallinckrodt Institute of Radiology, Washington University School of Medicine, 510 S Kingshighway Blvd, St Louis, MO 63110 (S.M.M., D.R.M., K.E.S., K.W.C., B.A.V., L.R.T., F.W.P.); and Leidos Biomedical Research, Bethesda, Md (J.S.K., J.B.F.).
Radiographics. 2015 May-Jun;35(3):727-35. doi: 10.1148/rg.2015140244.
Online public repositories for sharing research data allow investigators to validate existing research or perform secondary research without the expense of collecting new data. Patient data made publicly available through such repositories may constitute a breach of personally identifiable information if not properly de-identified. Imaging data are especially at risk because some intricacies of the Digital Imaging and Communications in Medicine (DICOM) format are not widely understood by researchers. If imaging data still containing protected health information (PHI) were released through a public repository, a number of different parties could be held liable, including the original researcher who collected and submitted the data, the original researcher's institution, and the organization managing the repository. To minimize these risks through proper de-identification of image data, one must understand what PHI exists and where that PHI resides, and one must have the tools to remove PHI without compromising the scientific integrity of the data. DICOM public elements are defined by the DICOM Standard. Modality vendors use private elements to encode acquisition parameters that are not yet defined by the DICOM Standard, or the vendor may not have updated an existing software product after DICOM defined new public elements. Because private elements are not standardized, a common de-identification practice is to delete all private elements, removing scientifically useful data as well as PHI. Researchers and publishers of imaging data can use the tools and process described in this article to de-identify DICOM images according to current best practices.
用于共享研究数据的在线公共存储库使研究人员能够验证现有研究或进行二次研究,而无需花费收集新数据的费用。如果通过此类存储库公开提供的患者数据未进行适当的去标识处理,可能会构成对个人身份信息的泄露。成像数据尤其面临风险,因为医学数字成像和通信(DICOM)格式的一些复杂之处研究人员并未广泛了解。如果仍包含受保护健康信息(PHI)的成像数据通过公共存储库发布,许多不同方可能会承担责任,包括收集和提交数据的原始研究人员、原始研究人员所在机构以及管理该存储库的组织。为了通过对图像数据进行适当的去标识处理来最小化这些风险,必须了解存在哪些PHI以及这些PHI位于何处,并且必须拥有在不损害数据科学完整性的情况下删除PHI的工具。DICOM公共元素由DICOM标准定义。模态供应商使用私有元素对DICOM标准尚未定义的采集参数进行编码,或者在DICOM定义新的公共元素后,供应商可能未更新现有软件产品。由于私有元素未标准化,一种常见的去标识做法是删除所有私有元素,这会同时删除科学上有用的数据以及PHI。成像数据的研究人员和发布者可以使用本文中描述的工具和流程,根据当前最佳实践对DICOM图像进行去标识处理。