A major medical device company is concerned about the problem of compromising patient confidentiality by distributing DICOM CDs of interventional Cardiology procedures for training and sales purposes. Physicians displaying images at conferences have the same problem, as do medical research studies that use digital images. 

Just erasing the label on a DICOM CD or copying the CD to a blank CD does not remove most of the identifying information on the CD. The information is still present in digital form in the files recorded on the CD. 

I have prepared an example that I hope will illustrate the problem of patient confidentiality in the age of digital imaging. I selected an image file from the ACC DICOM DISC 95 for illustration purposes and used a DICOM parsing program to obtain the contents of the file. This is the result (edited to remove clutter):

(0008,0020) [DA/8] "19941016"; Study Date
(0008,0030) [TM/6] "083000" ; Study Time
(0008,0080) [LO/18] "Community Hospital" ; Institution Name
(0008,0081) [ST/12] "Anytown, USA" ; Institution Address
(0008,0090) [PN/10] "Gray^Henry" ; Referring Physician's Name
(0008,1030) [LO/24] "Cardiac Catheterization " ; Study Description
(0008,103E) [LO/14] "Ventriculogram" ; Series Description
(0008,1050) [PN/10] "White^Paul" ; Performing Physician's Name
(0010,0010) [PN/14] "Johnson^Robert" ; Patient's Name
(0010,0020) [LO/12] "123-45-6789 " ; Patient ID
(0010,0030) [DA/8] "19231016"; Patient's Birth Date
(0010,0040) [CS/2] "M " ; Patient's Sex

To illustrate how easy it is to obtain this information, I also opened the same file with Microsoft Word. This is a few lines from the file as displayed by Word: 

Acme Products €LOCommunity Hospital�STAnytown, USA�PN
Gray^Henry0LOCardiac Catheterization >LOVentriculogramPPN
White^PaulPNJohnson^Robert LO123-45-6789 0DA19231016@CSM 

As you can see, the same data are readily discernable, especially to a practiced eye.

These data are part of the DICOM header that precedes the images in every DICOM file. These data must be present if the file is to conform to the DICOM Standard.

In addition, each DICOM CD must contain a directory file named DICOMDIR. DICOMDIR contains the same patient and procedure information as well as information about each image file.

I have recently added an anonymizing function to ViewPlus, my cardiac DICOM viewer. A DICOM anonymizer is computer software that removes all identifying data from a DICOM file. In order to accomplish this, I added the following functionality to ViewPlus:

1. A user views a DICOM CD and selects some or all of the cine runs on it. The user then clicks the "Make DICOM" button.
2. The user is asked to specify a destination for the new DICOM files. Typically, this is a folder on the hard disc.
3. A new DICOMDIR file is created de novo with absolutely NO identifying information.
4. A new set of image files is created. The header of each image file is created de novo with absolutely NO identifying information. The image data is then appended to the header.

Following is the edited parse of the anonymized file created by ViewPlus from the same image file shown above:

(0008,0020) [DA/8]	"00000000" ; Study Date
(0008,0030) [TM/6]	"000000" ; Study Time
(0008,1030) [LO/0]	"" ; Study Description
(0008,103E) [LO/0]	"" ; Series Description
(0010,0010) [PN/0]	"" ; Patient's Name
(0010,0020) [LO/0]	"" ; Patient ID

As you can see, there is absolutely no way to identify the patient or even trace the source of the images. The set of DICOM files that ViewPlus are  "burned" onto a new CD. The resulting CD is viewable by any standard DICOM viewer. Creating an anonymized CD takes just a bit longer than just copying the CD.