I am reading DICOM headers and storing them in a database. Is there a list of DICOM objects that need to be store encrypted or anonymized in order to be HIPAA compliant?
This is the sort of list of DICOM tags we are storing: PatientID, PatientsName, PatientsBirthDate, StudyDate, StudyInstanceUid, SopInstanceUid, etc...
Interesting question. I've never come across a specific list that is ordered by dicom tag.
There is a dicom header anonymizer written as a Ruby gem (Ruby-Dicom).
Looking at it's source code here, I see that these are the fields they chose to address starting around line #663:
["0008,0012", "20000101", false], # Instance Creation Date ["0008,0013", "000000.00", false], # Instance Creation Time ["0008,0020", "20000101", false], # Study Date ["0008,0023", "20000101", false], # Image Date ["0008,0030", "000000.00", false], # Study Time ["0008,0033", "000000.00", false], # Image Time ["0008,0050", "", true], # Accession Number ["0008,0080", "Institution", true], # Institution name ["0008,0090", "Physician", true], # Referring Physician's name ["0008,1010", "Station", true], # Station name ["0008,1070", "Operator", true], # Operator's Name ["0010,0010", "Patient", true], # Patient's name ["0010,0020", "ID", true], # Patient's ID ["0010,0030", "20000101", false], # Patient's Birth Date ["0010,0040", "N", false], # Patient's Sex ["0020,4000", "", false], # Image Comments