MS MRI Workflow
For a large multiple sclerosis MRI dataset, dicomqc should be the audit layer on top of a pseudonymization/de-identification workflow. It should not be the tool that edits the only copy of the study.
raw_mri/
|
| 1. archive read-only
v
pseudonymization / de-identification pipeline
|
| 2. external tool writes pseudonymized DICOM files
v
candidate_release_mri/
|
| 3. dicomqc reads metadata only
v
reports/
|
| 4. fix findings and rerun
v
release_candidate/
Recommended directory layout
project/
raw_mri/ # immutable source copy; restricted access
work/
candidate_release_mri/ # pseudonymized .dcm output
maps/
pseudonym_map.tsv.gpg # protected; never shipped with released data
reports/
dicomqc/
report.json
findings.csv
dicomqc_mqc/
For this MS MRI project, the likely model is pseudonymization rather than full anonymization: the data provider may keep a linkage file that maps source identifiers to research pseudonyms. That linkage file is operationally necessary, but it is sensitive. Keep it on the provider side, outside the released dataset, outside public repositories, and under a separate access policy.
The preferred data shape is DICOM-in and DICOM-out: raw .dcm files are the
input, and pseudonymized .dcm files are the output. Conversion to NIfTI or BIDS
can happen later, after the DICOM release candidate has passed metadata audit.
Step 1: inventory and preserve the raw data
Make the raw dataset immutable from the pipeline's point of view. dicomqc can be run on raw data for internal risk discovery, but raw reports may still reveal risk patterns through paths or tag presence, so keep them restricted.
dicomqc scan raw_mri/ \
--json reports/dicomqc/raw-risk-inventory.json \
--csv reports/dicomqc/raw-risk-findings.csv
Step 2: pseudonymize and de-identify with an external tool
Use a controlled pseudonymization/de-identification workflow to create
candidate_release_mri/ as DICOM files.
Possible options include:
- DCMTK commands such as
dcmodifyfor targeted metadata edits - Orthanc de-identification routes if the site already uses Orthanc
- XNAT anonymization or pseudonymization scripts if the site already manages DICOM through XNAT
- a validated institutional de-identification pipeline
- a project-specific
pydicomscript maintained outside dicomqc
For this project, the pseudonymization/de-identification workflow should at minimum address:
- direct subject identifiers
- accession and clinical workflow identifiers
- dates, according to the release policy
- site and institution identifiers
- operator and physician names
- private/vendor tags
- protocol names that may contain subject, site, or study information
- pseudonym consistency across subject, visit, study, and series
Step 3: run dicomqc as the release gate
Run dicomqc on the pseudonymized .dcm output:
dicomqc scan work/candidate_release_mri/ \
--json reports/dicomqc/report.json \
--csv reports/dicomqc/findings.csv \
--multiqc reports/dicomqc/dicomqc_mqc
Interpret the result:
- exit code
0: metadata checks passed - exit code
1: warnings need review - exit code
2: errors or unreadable files block release
Step 4: remediate findings and rerun
Use the report recommendations to update the pseudonymization/de-identification workflow, not just one file by hand. Then regenerate the candidate release and rerun dicomqc.
The goal is a reproducible pipeline:
same raw input + same pseudonymization policy -> same dicomqc result
MRI-specific privacy risks
dicomqc v0.1 audits metadata. It does not inspect pixel data and does not deface brain MRI volumes.
For head MRI, de-identification may also require image-level handling such as defacing, skull stripping, or another approved facial-feature protection method, depending on the release policy and downstream analysis needs.
If the dataset will be converted to BIDS, keep dicomqc as a pre-conversion metadata audit and then run BIDS-specific validation on the converted dataset. The BIDS MRI specification includes de-identification information and defacing mask concepts, so those checks should become a future dicomqc/BIDS profile rather than an implicit v0.1 claim.
Release checklist
Before sharing the MS MRI dataset, require:
- raw data preserved under restricted access
- candidate release generated by a reproducible pseudonymization/de-identification workflow
- pseudonym linkage map retained by the provider, stored separately, and protected
- dicomqc JSON, CSV, and MultiQC reports archived
- errors resolved
- warnings reviewed and signed off
- private-tag handling documented
- pixel/facial de-identification handled by an appropriate imaging workflow
- final release reviewed under the institutional data-sharing policy