Reversible mapping (key-vault)

Map Patient IDs to pseudonyms with reversible AES-256 encryption.

Problem

You’re de-identifying DICOM studies for a clinical trial, but the trial sponsor requires the ability to re-identify patients later if a clinically significant incidental finding is discovered. Simply replacing Patient IDs with ANON is irreversible — there’s no way to map back. You need a reversible pseudonymization system: replace real Patient IDs with anonymous pseudonyms, store the mapping in an encrypted vault, and provide a way to revert (decrypt) the pseudonyms back to the original IDs when authorized.

Steps

Pseudonymize

1. Open your DICOM file (⌘O) and switch to Edit mode (⌘3).

2. Set a known Patient ID — double-click the Patient ID tag (0010,0020), enter a value like PID-12345, and save.

3. Switch to Anon mode (⌘2).

4. Enable reversible pseudonymization — toggle the Reversible Pseudonymization switch to ON. This tells the anonymization engine to encrypt (not destroy) the original Patient ID and store the mapping.

5. Apply — click the Apply button.

6. Verify the pseudonym — switch back to Edit mode (⌘3) and check the Patient ID. It should now display ANON-9999 (the fixed demo pseudonym placeholder).

Re-identify

1. Switch to Anon mode (⌘2).

2. Click “Revert Demographics” — this button decrypts the stored mapping and restores the original Patient ID.

3. Verify — switch to Edit mode (⌘3). The Patient ID should be back to PID-12345.

Expected Result

• After pseudonymization: Patient ID is ANON-9999.
• After revert: Patient ID is restored to its original value (PID-12345).
• The mapping is stored in-memory during the session. In a production deployment, the encryption key would be stored in a secure vault (hardware security module or key management service).
• Non-demographic tags (modality, pixel data, study descriptors) are unaffected.