Pixel anonymization

[Mac Barlow]

Hi all,

I'm working on DICOM file anonymization right now. Tag anonymization practices are relatively straight-forward and we have that working as expected. What I'm wondering is does the DICOM spec have any standards how patient information should be anonymized from the actual image? Or is there any industry standard practice for this? I've been looking and haven't found any specific guidance except either pixelating portions of the image or overwriting portions of the image with black pixels. 

Thanks!

[David Clunie]

There is no "standard" AFAIK as to what to replace the offending region with, if that is what you are asking, just that the stored pixel values needs to be replaced [1].

Nor did we address the replacement values in our task group report [2].

I tried the "pixelation" approach initially for lossless JPEG redaction (e.g. see Fig 4 in [3]) since it was easier than using a single consistent pixel value (due to the need to recompute the JPEG DCT DC coefficient and propagate changes to it), but then I discovered that when the image and text were much larger than 8x8 blocks, the resulting pixelation was sometimes not sufficient to actually obscure the readability of the text, so I changed to a more complex solution that uses a consistent mid-gray value [4].

David

1. https://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.html#sect_E.3.1

2. https://pmc.ncbi.nlm.nih.gov/articles/PMC10081345.2/#S64

3. https://pmc.ncbi.nlm.nih.gov/articles/PMC4478853/pdf/JMI-002-016501.pdf

4. https://www.dclunie.com/pixelmed/software/codec/20200328_current/index.html

On Wednesday, October 15, 2025 at 9:32:58 AM UTC-4 Mac Barlow wrote:

... What I'm wondering is does the DICOM spec have any standards how patient information should be anonymized from the actual image? Or is there any industry standard practice for this? I've been looking and haven't found any specific guidance except either pixelating portions of the image or overwriting portions of the image with black pixels.

[Reinhard Gruber]

Thanks for the Answer and the links. We also have a project to remove burnt in names from images. and I asked myself it it should be necessary to mark these manipulated pixels soemhow?

When removing values from the DICOM tags, then we hav eto add the PatientIdentityRemoved (0012,0062) and De-idendificationMethodCodeSequence (0012,0064) to make clear that this is not the original data, but it was manipulated. and the reader then knows which information is still original and which information was manipulated.

Now I wonder if there is something similar with pixel data. After blanking some pixels, shoudn't then there also be an overlay added, that marks the pixels that have been manipulated? 
This link https://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.html#sect_E.3.1 says in note 3 "the stored pixel values are to be changed (blacked out); it is not sufficient to sperimpose and overlay or graphic annotation or shutter to obscure the stored pixel data values". This is absolutely correct. But I wonder, shouldn't it be necessary to do both, the black out and also adding an overlay?
At least I could not find something about that in DICOM standard.

One reason, why we are anonymizing lots of data is, that is is used for training of AI. And then with de-facing or with removing burnt in text, we changed some pixels. And this is, where I guess, it is important for the consumer of these images to know, which data is original and which was manipulated and should be ignored.