Ensuring patient privacy in image data sharing for clinical research
The protection of personal data has become an important yet challenging process when patient data are distributed among health institutions. Regulations and rules have been issued to govern the protection of the privacy of personal information. To conform to these rules and regulations, data de-identification must be executed properly to ensure the elimination of identifying patient data within the DICOM header. From this, several issues arise when dealing with this data sharing and de-identification process where many factors may influence the success rate.
A set of de-identification rules based on the existing guidelines and regulations has been provided to determine the identifying elements within the DICOM header that should be eliminated to provide the clarity of the effort of the patient data protection. Various toolkits are available that provide procedures to perform the actions to ensure identity protection, and several of them are available freely. However, we found that those free DICOM toolkits should be used with extreme care to prevent the risk of disclosing personal health information, especially when using default configuration. Furthermore, we proposed one toolkit to be used when optimal security is required.
Digitalisation of medical data scans has introduced several issues regarding data storage, migration and distribution methods. Distribution over portable media is gradually replaced by more automated approaches to media handling in combination with installation and acceptation of network based sharing using XDS between hospital enterprises. However, data sharing over networking technology has raised the question on where data should be de-identified to provide optimal protection of a patient’s protected health information. We have provided a solution to this problem.
In summary, we have described the important key factors to provide proper imaging data sharing, and de-identification to ensure the protection of patient’s personal data in accordance to the existing rules within the European Union.