Skip to main content

Remediation

dicomqc is a validator for DICOM de-identification policies. Like a schema validator, it reports non-compliance but does not rewrite the source files.

When dicomqc finds a problem, fix the candidate release dataset with an pseudonymization or anonymization tool, then run dicomqc again.

raw DICOMs
|
v
pseudonymizer / anonymizer
|
v
candidate release DICOMs
|
v
dicomqc audit
|
v
pass/fail report + recommendations

Safe working pattern

Never modify the only copy of a DICOM dataset. Work on a copy or on the output of a controlled pseudonymization/de-identification pipeline.

cp -a raw_study pseudonymized_study

Run the audit:

dicomqc scan pseudonymized_study/ --json report.json --csv findings.csv --multiqc

Apply fixes with your chosen tool, then rerun the audit:

dicomqc scan pseudonymized_study/ --json report-after-fix.json --csv findings-after-fix.csv --multiqc

DCMTK dcmodify

DCMTK is a common command-line toolkit for DICOM operations. Its dcmodify command can remove or replace metadata tags.

Example: remove direct PHI fields from all .dcm files in a working copy:

find pseudonymized_study -name '*.dcm' -print0 \
| xargs -0 dcmodify \
-e PatientBirthDate \
-e PatientAddress \
-e PatientTelephoneNumbers \
-e InstitutionAddress \
-e ReferringPhysicianName \
-e OperatorsName \
-e AccessionNumber

Example: replace pseudonym fields:

dcmodify \
-i PatientName=SUBJ001 \
-i PatientID=SUBJ001 \
pseudonymized_study/image.dcm

Private tags require project-specific judgment. Removing all private tags may be appropriate for some releases but may also remove scanner- or research-relevant metadata.

dcmodify -e "(0029,0010)" pseudonymized_study/image.dcm

Use your installed DCMTK version's documented options for broad private-tag removal, or enumerate the private tags that your release policy says must be removed. Check the exact dcmodify syntax before using these commands in production.

Orthanc

Orthanc can anonymize DICOM instances through its REST API and configuration. This is useful when DICOM ingestion and de-identification already happen inside an Orthanc workflow.

Recommended pattern:

  1. Import or route data into Orthanc.
  2. Use Orthanc anonymization to create a derived dataset.
  3. Export the derived dataset.
  4. Run dicomqc on the exported result.

dicomqc should audit the exported candidate release, not the original Orthanc store.

XNAT and site pipelines

For XNAT-based workflows, apply XNAT anonymization scripts or containerized pipeline steps first, then run dicomqc on the resulting DICOM export.

This keeps dicomqc independent of the site platform while still making it useful as a release gate.

Custom pydicom scripts

Small projects sometimes use custom pydicom scripts to remediate metadata. Keep those scripts separate from dicomqc and make them explicit pipeline steps.

The dicomqc role is to validate the output and produce redaction-safe evidence.

Future remediation plans

A future dicomqc release may emit a machine-readable remediation plan such as:

required_changes:
- tag: PatientBirthDate
action: remove
- tag: PatientName
action: replace_with_pseudonym
- tag: PrivateTags
action: review_or_remove

The plan would still be applied by external tools. dicomqc remains read-only.