Remediation
dicomqc is a validator for DICOM de-identification policies. Like a schema validator, it reports non-compliance but does not rewrite the source files.
When dicomqc finds a problem, fix the candidate release dataset with an pseudonymization or anonymization tool, then run dicomqc again.
raw DICOMs
|
v
pseudonymizer / anonymizer
|
v
candidate release DICOMs
|
v
dicomqc audit
|
v
pass/fail report + recommendations
Safe working pattern
Never modify the only copy of a DICOM dataset. Work on a copy or on the output of a controlled pseudonymization/de-identification pipeline.
cp -a raw_study pseudonymized_study
Run the audit:
dicomqc scan pseudonymized_study/ --json report.json --csv findings.csv --multiqc
Apply fixes with your chosen tool, then rerun the audit:
dicomqc scan pseudonymized_study/ --json report-after-fix.json --csv findings-after-fix.csv --multiqc
DCMTK dcmodify
DCMTK is a common command-line toolkit for DICOM operations. Its dcmodify
command can remove or replace metadata tags.
Example: remove direct PHI fields from all .dcm files in a working copy:
find pseudonymized_study -name '*.dcm' -print0 \
| xargs -0 dcmodify \
-e PatientBirthDate \
-e PatientAddress \
-e PatientTelephoneNumbers \
-e InstitutionAddress \
-e ReferringPhysicianName \
-e OperatorsName \
-e AccessionNumber
Example: replace pseudonym fields:
dcmodify \
-i PatientName=SUBJ001 \
-i PatientID=SUBJ001 \
pseudonymized_study/image.dcm
Private tags require project-specific judgment. Removing all private tags may be appropriate for some releases but may also remove scanner- or research-relevant metadata.
dcmodify -e "(0029,0010)" pseudonymized_study/image.dcm
Use your installed DCMTK version's documented options for broad private-tag
removal, or enumerate the private tags that your release policy says must be
removed. Check the exact dcmodify syntax before using these commands in
production.
Orthanc
Orthanc can anonymize DICOM instances through its REST API and configuration. This is useful when DICOM ingestion and de-identification already happen inside an Orthanc workflow.
Recommended pattern:
- Import or route data into Orthanc.
- Use Orthanc anonymization to create a derived dataset.
- Export the derived dataset.
- Run dicomqc on the exported result.
dicomqc should audit the exported candidate release, not the original Orthanc store.
XNAT and site pipelines
For XNAT-based workflows, apply XNAT anonymization scripts or containerized pipeline steps first, then run dicomqc on the resulting DICOM export.
This keeps dicomqc independent of the site platform while still making it useful as a release gate.
Custom pydicom scripts
Small projects sometimes use custom pydicom scripts to remediate metadata.
Keep those scripts separate from dicomqc and make them explicit pipeline steps.
The dicomqc role is to validate the output and produce redaction-safe evidence.
Future remediation plans
A future dicomqc release may emit a machine-readable remediation plan such as:
required_changes:
- tag: PatientBirthDate
action: remove
- tag: PatientName
action: replace_with_pseudonym
- tag: PrivateTags
action: review_or_remove
The plan would still be applied by external tools. dicomqc remains read-only.