Both the European Union Data Protection Directive (EUDPD) and good clinical practice (GCP) quality standards state that confidential records that could show personal identity should be protected. While the legislation touches on the requirements for data deidentification in most cases, it does not fully describe the difficulties that surround this issue in specific cases, such as the transfer of DICOM images for clinical research, said presenter Dr. Kadek Aryanto from University Medical Center Groningen.
"Which DICOM header elements have to be deidentified can be difficult to determine because it can be influenced by the type of research and demands of the principal investigator or sponsor," Aryanto said.
As a result, Aryanto and colleagues have suggested that certain DICOM header elements should be changed and erased, as those elements contain sensitive data that can refer to a patient's protected health information.
"These deidentification rules should be considered as the minimum requirements to meet the demands of the GCP guidelines and regulations in the European Union regarding the protection of privacy," Aryanto said.