I am reading DICOM headers and storing them in a database. Is there a list of DICOM objects that need to be store encrypted or anonymized in order to be HIPAA compliant?
This is the sort of list of DICOM tags we are storing: PatientID, PatientsName, PatientsBirthDate, StudyDate, StudyInstanceUid, SopInstanceUid, etc...
On
The GDCM project has a tool called gdcmanon that also annonymizes the data. The description in the man page describes that the tool claims that it's following a section out of the DICOM specification.
The gdcmanon tool is an implementation of PS 3.15 / E.1 / Basic Application Level Confidentiality Profile (Implementation of E.1.1 De-identify & E.1.2 Re-identify)
The man page has some further links to the DICOM spec.
The DICOM Standard at the time of releasing gdcmanon is:
ftp://medical.nema.org/medical/dicom/2008/
Direct link to PS 3.15-2008:
ftp://medical.nema.org/medical/dicom/2008/08_15pu.pdf
Interesting question. I've never come across a specific list that is ordered by dicom tag.
There is a dicom header anonymizer written as a Ruby gem (Ruby-Dicom).
Looking at it's source code here, I see that these are the fields they chose to address starting around line #663: