dcmage DOCS APP
Anonymization

Safe Harbor 18-identifier scrub

Scrub all 18 HIPAA Safe Harbor identifiers from a study.

Problem

You have a DICOM study that needs to be shared externally — for research, a clinical trial, or a second opinion — but it still contains all 18 HIPAA Safe Harbor identifiers. The file includes patient age (which must be capped at 89 for anyone older), institution street addresses, device serial numbers, and other direct identifiers that can’t leave your institution without redaction.

Simply blanking Patient Name and ID isn’t enough. The HIPAA Safe Harbor method requires scrubbing all 18 identifier categories from the DICOM headers.

Steps

  1. Open your DICOM file — click Open files… in the top bar (⌘O) and select the DICOM file containing PHI.

  2. Switch to Anonymization mode — click the Anon tab in the mode switcher at the top of the screen (or press ⌘2).

  3. Select the HIPAA profile — in the profile picker, click the HIPAA button. This loads a pre-built rule set targeting all 18 Safe Harbor identifier categories. You’ll see the rule count change as different profiles are selected.

  4. Apply the anonymization — click the Apply button. The app stages all anonymization changes in-memory (no files are written to disk yet — you can still undo or revert).

  5. Review the results — switch to Edit mode (⌘3) to inspect the modified tags. Gold-highlighted rows indicate modified values.

Expected Result

  • Patient Age (0010,1010) is capped to 089Y if the original age was 90 or above. Ages 89 and below are left unchanged.
  • Device Serial Number (0018,1000) is completely removed from the dataset — no placeholder, just gone.
  • Institution Address (0008,0081) is removed entirely.
  • All other HIPAA-mandated identifiers (names, IDs, dates, phone numbers, email addresses, etc.) are blanked, replaced with ANON, or zeroed according to the HIPAA profile rules.
  • Non-identifying clinical metadata (modality, image dimensions, pixel spacing, window/level) remains intact.
  • You can switch between profiles (Basic, HIPAA, +Pixel) before applying to compare rule coverage. The HIPAA profile is the most aggressive metadata scrub.
Previous
PHI removal (PatientName, ID, DOB, MRN)