Anonymization

The AQA platform provides anonymization to encourage data sharing. When DICOM files are uploaded, they are immediately anonymized (aka: de-identified) before being stored. Both the original and anonymized versions of each value are stored in the database, with the anonymized version being encrypted. Not storing unencrypted identifying information in the database allows users to freely view any data without the risk of losing confidentiality.

Encryption

Encryption is performed on a per-institution basis, meaning that there is a different encryption key for each institution. Encryption keys are automatically generated when a new institution is added, and stored in a secure file outside of the database.

DICOM Anonymization

DICOM values are anonymized as per the DICOM standard. Additionally, fields such as 3002,0020 RadiationMachineName are anonymized. Full list can be found on the Service Information page listed on the Administration page.

Anonymizing Database Values

Identifying fields in the database are also anonymized by using a standard prefix for each type and appending it with and underscore and a number.

Field Anonymous Prefix
Institution INST
Machine MACH
User USER
For example, a machine such as TX8 might be anonymized to MACH_47.

De-Anonymization

When a user views a web page, several values are de-anonymized on the fly, but only those values for the user's institutions. Other user may view the same web page, but they will see an anonymized version. Some data such as DICOM dumps of metadata and CVS files are not de-anonymized due the excessive overhead it would incur.

The anonymized value of a field may be seen by hovering the mouse pointer over the value as shown:

A table of all values that are de-anonymized on the fly at Alias Values on the Administration page.