A Solution to Sharing Clinical Data: Introduction to the Methodology and Applications

Medical imaging acquired primarily for patient diagnosis is also of value for research and teaching. The Data Protection Act (1998), which regulates the use of personal data, indicates that only the identifying data that is required for a purpose should be held. At this moment, no commonly accepted solution exits because the amount of personal data that is required by research and teaching changes case by case.

Based on the analysis of the data provenance, transfer mechanisms and de-identification requirements of research projects and teaching libraries we have developed a DICOM data de-identification toolkit. This toolkit is flexible enabling the implementation of different anonymisation strategies in each case. It also provides a mechanism for forwarding the anonymous output to a remote computer using SFTP. Using the toolkit we have developed applications for anonymising DICOM files contained in a folder (recursively) and objects received via the DICOM protocol. A graphical user interface is provided to guide users in policy writing and configuration. The toolkit was tested by incorporating it into the workflow for a multi-centre trial using modalities in both NHS and Higher Education sectors.

The toolkit was successfully deployed within NHS (Edinburgh) and university departments (Aberdeen and Edinburgh) networks. In the two universities the automatic transfer of anonymous data to a central project repository via SFTP was used. Due to NHS network restrictions this was not possible for data acquired in the NHS; the necessary agreement to overcome this difficulty was not in place.

The toolkit we have developed allows privacy policies to be enforced. It provides a flexible and highly configurable framework that makes no a priori assumptions about the anonymisation strategy. The automated transfer mechanism simplifies the collection of data in multi-centre trials and avoids the use of physical media.