Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Study UID and HIPAA PHI

687 views
Skip to first unread message

Sri

unread,
Nov 17, 2011, 3:46:37 PM11/17/11
to
I had this question - does having Study-UID string pose any threat to
HIPAA PHI? I guess Study-UID string contains only member body numbers
with more random numbers and does not absolutely contain any patient
related data and is completely PHI proof.

Any other thoughts that it may be a threat?? Do you know any vendors
encrypting any PHI info into study-uid? if you could share your
thoughts, it would be great.

Thank you for your opinion,

Sridhar

Scott

unread,
Nov 20, 2011, 7:45:16 PM11/20/11
to
Hi Sridhar,

A study UID may not contain PHI 99.999% of the time, but you have no
guarantee. I have come across UIDs containing IP addresses related to
the institution/equipment used to produce the images. While IP
addresses are listed as one of the 18 classes of identifiers defined
by HIPAA, I find the HIPAA language uncomfortably ambiguous as to
whether IP addresses (or serial numbers) related to the institution,
and not directly to the individual, are PHI. The 18th class of PHI is
also a bit broad as well: "Any other unique identifying number,
characteristic, or code."

Could that mean a UID? It sure sounds like it. There is also the
Minimum Necessary Standard, stating that PHI "should not be used or
disclosed when it is not necessary to satisfy a particular purpose or
carry out a function."

Any single piece of information is no longer an innocuous member of a
data set when its disclosure, either alone or in combination with
other information, poses a risk to data confidentiality and/or an
individual's privacy. Obviously, an MR echo time has no connection to
one individual while a patient's date of birth does, but what about
the operator's initials in the pixel data of an X-ray? Or, in the case
you bring up, the DICOM UIDs?

Personally, I never want to be in a situation where some combination
of information left in a supposedly de-identified data set was used to
reveal the identify of an individual, especially if that person chose
to participate in a clinical trial at my institution. And doubly so
for DICOM attributes that were not only easily changed, but whose
modification were completely inconsequential to the recipient (e.g. an
imaging CRO or sponsor).

The DICOM Basic Application Level Confidentiality Profile (Part 14,
Annex E, Section 2) addresses this issue quite nicely, defining the
following classes of information to remove or recode:

– the identity and demographic characteristics of the patient
– the identity of any responsible parties or family members
– the identity of any personnel involved in the procedure
– the identity of the organizations involved in ordering or performing
the procedure
– additional information that could be used to match instances if
given access to the originals, such
as UIDs, dates and times
– private attributes

Table E.1-1 even lists which DICOM attributes shall be modified for
this profile, with guidance for what replacement values to use, or
whether it's safe to remove them altogether.

Aside from privacy concerns, there are also data integrity issues to
consider when dealing with DICOM UIDs. I have encountered data that,
for one reason or another, had patient level modifications and their
SOP Instance UIDs changed, but either the Series Instance UIDs and/or
the Study Instance UIDs remained the same. If this data should ever
come in contact with its source data, you can have quite a mess on
your hands, depending on the behaviour of the PACS system.

Just my 2 cents,

Scott

Scott

unread,
Dec 15, 2011, 9:49:52 PM12/15/11
to
Correction: The DICOM Basic Application Level Confidentiality Profile
is in Part 15.

-Scott

Sri

unread,
Jan 25, 2012, 4:32:05 PM1/25/12
to
Thanks so much Scott for sharing your thoughts!

Regards,
Sridhar
0 new messages