Custom Confidentiality Profiles Tailoring DICOM Anonymization to Your Hospital Policies

While predefined DICOM PS3.15 confidentiality profiles cover many use cases, healthcare institutions often have unique privacy requirements. In this guide, you’ll learn how to design custom DICOM anonymization profiles that align with your organization’s specific policies. We’ll cover tag patterns, actions, and provide templates in CSV, JSON, and XML formats.

Table of Contents

1. Why Custom Profiles Are Needed
2. Understanding Tag Patterns and Actions
3. Creating Custom Profiles
4. Loading Custom Profiles in Code
5. Real-World Scenario Examples
6. Validation and Testing
7. Conclusion

Why Custom Profiles Are Needed

Predefined confidentiality profiles provide a solid foundation, but they may not address all institutional requirements. You might need custom profiles when your organization requires retention of specific institutional identifiers for internal traceability while still anonymizing patient data. Some research collaborations may need certain demographics preserved while removing direct identifiers. Internal quality assurance workflows may require device information that standard profiles would remove. Additionally, regional regulations may mandate specific handling of certain data elements.

Custom profiles give you precise control over which DICOM tags are modified and how, enabling compliance with your specific data governance policies.

Understanding Tag Patterns and Actions

DICOM tags are identified by group and element numbers in the format (GGGG,EEEE). For example, Patient Name is (0010,0010) and Patient ID is (0010,0020). Custom profiles specify patterns matching these tags and actions to apply.

The available actions include D (Delete) which removes the tag entirely from the dataset, Z (Zero) which replaces the value with an empty or zero-length value, X (Remove) which removes the tag if present similar to Delete, K (Keep) which preserves the original value unchanged, C (Clean) which cleans the value by removing identifying information contextually, and U (Replace with UID) which replaces with a newly generated unique identifier.

Choosing the right action depends on your use case. Use D or X for tags that should never appear in anonymized output. Use Z when the tag must exist but should be empty. Use K for tags you want to preserve exactly. Use C for text fields that may contain embedded identifiers. Use U for UIDs that need to be replaced while maintaining uniqueness.

Creating Custom Profiles

Custom profiles can be defined in three formats. Choose the one that best fits your workflow.

CSV Format

CSV is the simplest format, ideal for straightforward profiles:

TagPattern;Action
(0010,0010);Z
(0010,0020);Z
(0010,0030);X
(0010,0040);K
(0020,000D);U
(0020,000E);U
(0008,0018);U
(0008,0080);D
(0008,0081);D
(0008,1030);C
(0008,103E);C
(0010,1010);K
(0010,1030);K

This profile zeros patient name and ID, removes birth date, keeps patient sex and demographics, replaces all UIDs, deletes institution information, and cleans descriptions.

JSON Format

JSON provides better structure for complex profiles with metadata:

{
  "profileName": "Hospital Research Profile",
  "version": "1.0",
  "description": "Custom profile for research data sharing",
  "actions": [
    { "TagPattern": "(0010,0010)", "Action": "Z", "Comment": "Patient Name" },
    { "TagPattern": "(0010,0020)", "Action": "Z", "Comment": "Patient ID" },
    { "TagPattern": "(0010,0030)", "Action": "X", "Comment": "Birth Date" },
    { "TagPattern": "(0010,0040)", "Action": "K", "Comment": "Patient Sex" },
    { "TagPattern": "(0020,000D)", "Action": "U", "Comment": "Study Instance UID" },
    { "TagPattern": "(0020,000E)", "Action": "U", "Comment": "Series Instance UID" },
    { "TagPattern": "(0008,0018)", "Action": "U", "Comment": "SOP Instance UID" },
    { "TagPattern": "(0008,0080)", "Action": "D", "Comment": "Institution Name" },
    { "TagPattern": "(0008,0081)", "Action": "D", "Comment": "Institution Address" },
    { "TagPattern": "(0008,1030)", "Action": "C", "Comment": "Study Description" }
  ]
}

XML Format

XML is preferred for environments with existing XML tooling:

<?xml version="1.0" encoding="utf-8"?>
<ConfidentialityProfile name="Hospital Research Profile" version="1.0">
  <Description>Custom profile for research data sharing</Description>
  <TagActions>
    <TagAction TagPattern="(0010,0010)" Action="Z">Patient Name</TagAction>
    <TagAction TagPattern="(0010,0020)" Action="Z">Patient ID</TagAction>
    <TagAction TagPattern="(0010,0030)" Action="X">Birth Date</TagAction>
    <TagAction TagPattern="(0010,0040)" Action="K">Patient Sex</TagAction>
    <TagAction TagPattern="(0020,000D)" Action="U">Study Instance UID</TagAction>
    <TagAction TagPattern="(0020,000E)" Action="U">Series Instance UID</TagAction>
    <TagAction TagPattern="(0008,0018)" Action="U">SOP Instance UID</TagAction>
    <TagAction TagPattern="(0008,0080)" Action="D">Institution Name</TagAction>
    <TagAction TagPattern="(0008,0081)" Action="D">Institution Address</TagAction>
    <TagAction TagPattern="(0008,1030)" Action="C">Study Description</TagAction>
  </TagActions>
</ConfidentialityProfile>

Loading Custom Profiles in Code

Loading custom profiles in your .NET application is straightforward:

using Aspose.Medical.Dicom;
using Aspose.Medical.Dicom.Anonymization;

// Load from CSV
ConfidentialityProfile csvProfile = ConfidentialityProfile.LoadFromCsvFile(
    "profiles/hospital_research.csv",
    ConfidentialityProfileOptions.All
);

// Load from JSON
ConfidentialityProfile jsonProfile = ConfidentialityProfile.LoadFromJsonFile(
    "profiles/hospital_research.json",
    ConfidentialityProfileOptions.All
);

// Load from XML
ConfidentialityProfile xmlProfile = ConfidentialityProfile.LoadFromXmlFile(
    "profiles/hospital_research.xml",
    ConfidentialityProfileOptions.All
);

// Create anonymizer with custom profile
Anonymizer anonymizer = new(csvProfile);

// Anonymize files
DicomFile dcm = DicomFile.Open("patient_study.dcm");
DicomFile anonymizedDcm = anonymizer.Anonymize(dcm);
anonymizedDcm.Save("anonymized_study.dcm");

Console.WriteLine("Anonymization completed with custom profile!");

Real-World Scenario Examples

Scenario 1: Internal Quality Assurance

Retain institution and device information for internal tracking while anonymizing patient data:

TagPattern;Action
(0010,0010);Z
(0010,0020);Z
(0010,0030);X
(0008,0080);K
(0008,0081);K
(0008,1010);K
(0008,1090);K
(0018,1000);K

Scenario 2: External Research Collaboration

Maximum anonymization with retained demographics for population studies:

TagPattern;Action
(0010,0010);X
(0010,0020);X
(0010,0030);X
(0010,0040);K
(0010,1010);K
(0010,1020);K
(0010,1030);K
(0020,000D);U
(0020,000E);U
(0008,0018);U
(0008,0080);X
(0008,0081);X
(0008,1030);X
(0008,103E);X

Scenario 3: Multi-Site Study Coordination

Replace UIDs while preserving study relationships for data linkage:

TagPattern;Action
(0010,0010);Z
(0010,0020);Z
(0020,000D);U
(0020,000E);U
(0008,0018);U
(0008,0016);K
(0020,0010);K
(0020,0011);K
(0020,0013);K

Validation and Testing

Always validate custom profiles before production deployment:

using Aspose.Medical.Dicom;
using Aspose.Medical.Dicom.Anonymization;

string profilePath = "profiles/custom_profile.csv";
string testDataFolder = "test_samples";
string outputFolder = "validation_output";

// Load custom profile
ConfidentialityProfile profile = ConfidentialityProfile.LoadFromCsvFile(
    profilePath,
    ConfidentialityProfileOptions.All
);

Anonymizer anonymizer = new(profile);
Directory.CreateDirectory(outputFolder);

// Process test files
string[] testFiles = Directory.GetFiles(testDataFolder, "*.dcm");
int successCount = 0;
int failCount = 0;

foreach (string filePath in testFiles)
{
    try
    {
        DicomFile dcm = DicomFile.Open(filePath);
        DicomFile anonymized = anonymizer.Anonymize(dcm);
        
        string outputPath = Path.Combine(outputFolder, Path.GetFileName(filePath));
        anonymized.Save(outputPath);
        
        Console.WriteLine($"✓ {Path.GetFileName(filePath)}");
        successCount++;
    }
    catch (Exception ex)
    {
        Console.WriteLine($"✗ {Path.GetFileName(filePath)}: {ex.Message}");
        failCount++;
    }
}

Console.WriteLine($"\nValidation Summary:");
Console.WriteLine($"  Succeeded: {successCount}");
Console.WriteLine($"  Failed: {failCount}");
Console.WriteLine($"\nReview output files in: {outputFolder}");

After running validation, open the anonymized files in a DICOM viewer and verify that expected tags are modified correctly, retained tags are preserved, UIDs are properly replaced, and no sensitive data remains in cleaned fields.

Conclusion

Custom confidentiality profiles give you the flexibility to implement DICOM anonymization that precisely matches your institution’s privacy policies. Whether you need to retain specific identifiers for internal use, preserve demographics for research, or apply maximum anonymization for external sharing, custom profiles make it possible.

Key recommendations include documenting your profile choices for audit purposes, version controlling profile files to track changes, testing profiles thoroughly before production use, and reviewing profiles periodically as requirements evolve.

For more information on DICOM anonymization and the Aspose.Medical API, visit the documentation. Templates for common profile scenarios are available in the examples section.

More in this category

• Building a DICOM Anonymization Microservice in ASP.NET Core
• Convert DICOM to XML in C#: Healthcare System Integration Guide
• DICOM Anonymization for Clinical Trials: A Complete C# Implementation Guide
• DICOM Anonymization for Cloud PACS and Teleradiology in C#
• How to Convert DICOM to JSON in C# for Web Applications