8.1.7 Anonymize object

Removal of all patient identification information from within the DICOM object, if not already done, as defined in PS 3.15. This parameter is OPTIONAL. It shall only be present if contentType is application/dicom.

This parameter is Optional

The parameter name shall be “anonymize”.

The value shall be “yes”.

The Server may return an error if it either cannot or refuses to anonymize that object.

The Server shall return a new SOP Instance UID if the content of the object has not already been anonymized.

Notes: 1. This standard does not introduce any security-related requirements. It is likely that the information contained within DICOM objects identifies the patient. The protocol used (that is HTTP) can be replaced by HTTPs, which is its secure extension, to protect the information in transit. The underlying DICOM implementation decides whether or not to grant access to a particular DICOM object based on whatever security policy or mechanism it has in place. A server is unlikely to fulfil a request from an unknown user (e.g., accessed via the HTTP protocol) unless it is certain that the data requested has no patient identifying information within it and has been approved for public viewing.

2. The Anonymize object enables, for example, teaching files systems or clinical trial applications to offer an access to original images stored in a PACS, without disclosing the patients identity, and requiring storage of a (de-identified) copy of the original image. Anonymization is the responsibility of the Server. In order to preserve patient confidentiality, the Server likely will refuse to deliver an anonymized SOP instance to an unknown or unauthorized person unless the Server is certain that the SOP instance holds no patient identifying information. This would include "blanking out" any annotation area(s) containing nominative information burned into the pixels or in the overlays.