DICOM Configuration
System configuration for DICOM anonymization and PACS integration.
Overview
DICOM (Digital Imaging and Communications in Medicine) configuration covers:
- Auto-anonymization — Automatic PHI removal on upload
- PACS integration — Connection to Picture Archiving and Communication Systems
- Anonymization defaults — Default tag handling behavior
Environment Variables
Auto-Anonymization
# Enable automatic anonymization on upload to Sources
DICOM_ANONYMIZE_ON_UPLOAD=false
When enabled:
- All DICOM files uploaded to Sources are anonymized automatically
- Original files are not stored
- Anonymization mapping is saved
PACS Server Configuration
# DICOM PACS server connection (for MCP connector)
DICOM_PACS_HOST=
DICOM_PACS_PORT=
DICOM_PACS_AE_TITLE=
| Variable | Description |
|---|---|
DICOM_PACS_HOST |
PACS server hostname or IP |
DICOM_PACS_PORT |
PACS server port (typically 11112) |
DICOM_PACS_AE_TITLE |
Application Entity title for identification |
Anonymization Configuration
Default Tags
The following tags are anonymized by default (HIPAA Safe Harbor):
Patient Identifiers:
- PatientName
- PatientID
- PatientBirthDate
- PatientSex
- PatientAge
- PatientAddress
- PatientWeight
- PatientTelephoneNumbers
- OtherPatientIDs
- OtherPatientNames
- EthnicGroup
Institution Identifiers:
- InstitutionName
- InstitutionAddress
- ReferringPhysicianName
- PhysiciansOfRecord
- PerformingPhysicianName
- OperatorsName
Study/Series Identifiers:
- StudyID
- AccessionNumber
- StudyDate, SeriesDate, AcquisitionDate, ContentDate
- StudyTime, SeriesTime, AcquisitionTime, ContentTime
UID Tags
These UIDs are regenerated by default:
- StudyInstanceUID
- SeriesInstanceUID
- SOPInstanceUID
- FrameOfReferenceUID
PACS Integration
What PACS Integration Does
- Query PACS server for studies
- Retrieve DICOM files from PACS
- Send anonymized files to PACS (optional)
Configuration Steps
- Obtain PACS credentials
- Contact your PACS administrator
-
Get AE title, host, and port
-
Configure environment
bash DICOM_PACS_HOST=pacs.hospital.local DICOM_PACS_PORT=11112 DICOM_PACS_AE_TITLE=HALO_CORE -
Test connection
- Use DICOM Tools page to verify connectivity
- Check logs for connection errors
Security Considerations
- PACS connections should be on secure networks
- Consider VPN for remote access
- Anonymize before sending to external PACS
- Audit access to PACS integration
Compliance
HIPAA Safe Harbor
Default anonymization follows HIPAA Safe Harbor guidelines, removing all 18 identifiers:
- Names
- Geographic data
- Dates (except year)
- Phone numbers
- Fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers
- Device identifiers
- Web URLs
- IP addresses
- Biometric identifiers
- Full-face photos
- Any other unique identifying number
GDPR Considerations
For EU data subjects:
- Document anonymization process
- Ensure irreversibility of anonymization
- Consider pseudonymization if linkage is needed
- Maintain records of processing activities
Validation
After anonymization:
- Verify no PHI remains in standard tags
- Check private tags are removed
- Confirm UIDs are new and unique
- Test file opens in DICOM viewer
Troubleshooting
PACS Connection Fails
- Verify network connectivity to PACS host
- Check firewall rules for PACS port
- Verify AE title is registered with PACS
- Check PACS server logs
Auto-Anonymization Not Working
- Verify
DICOM_ANONYMIZE_ON_UPLOAD=true - Check file is valid DICOM format
- Review application logs for errors
- Verify
pydicomdependency is installed
Anonymization Incomplete
- Check if tags are in selection
- Verify private tag removal is enabled
- Check for nested sequences containing PHI
- Review anonymization mapping output
Dependencies
Required Python packages:
pip install pydicom
Optional for PACS:
pip install pynetdicom
Next Steps
- DICOM Tools User Guide — End-user documentation
- Security — HIPAA/GDPR compliance