Anonymize Data on Retrieve - dcm4che/dcm4chee-arc-light GitHub Wiki
Depending on your application requirements, anonymize DICOM dataset attribute values based on Supported De-identification Profiles when DICOM objects are stored from the archive to external systems.
The anonymized values of attributes in DICOM dataset is only present in the database. It is not coerced in the DICOM files stored on the storage system.
This howto will provide configuration, test and verification steps for :
See Important Notes.
Test and verify anonymization of data on retrieving the objects from archive, using either :
- storescp with dcmdump tools.
- Starting a second DCM4CHEE 5 archive following Run minimum set of archive services on a single host and exporting DICOM objects from first archive to the second.
Additionally, refer Where to configure Archive Attribute Coercion rules
Create an LDIF file for following coercion
version: 1
dn: cn=coerce-c-store-rq - vna2all - anonymizeOnRetrieve - new,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
changetype: add
objectClass: dcmArchiveAttributeCoercion2
cn: coerce-c-store-rq - vna2all - anonymizeOnRetrieve - new
dcmDIMSE: C_STORE_RQ
dcmURI: deidentify:RetainDeviceIdentityOption,RetainUIDsOption
dicomTransferRole: SCP
dcmProperty: ReceivingApplicationEntityTitle=STORESCP|DCM4CHEE2
dcmProperty: SendingApplicationEntityTitle=DCM4CHEE_NEW
dcmRulePriority: 1
dn: cn=dicomAETitle=DCM4CHEE,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
changetype: modify
add: dcmOtherAETitle
dcmOtherAETitle: DCM4CHEE_NEW
and import it into LDAP using ldapmodify command line utility
ldapmodify -xW -Dcn=admin,dc=dcm4che,dc=org -f config.ldif
-
Send test study to archive using storescu tool.
storescu -c DCM4CHEE@localhost:11112 ~/work/testdata/DICOM/modality/CT/CT2
-
Configure STORESCP as Remote Application Entity
-
Start storescp tool to start receiving DICOM files sent by archive.
storescp -b STORESCP@localhost:11115
-
Export stored study to STORESCP destination.
-
Use dcmdump tool to view attributes of DICOM file received by STORESCP.
-
Verify in archive server log at
$WILDFLY_HOME/standalone/log/server.log
09:52:24,077 INFO [org.dcm4chee.arc.export.rs.ExporterRS] (default task-2) Process POST /dcm4chee-arc/aets/DCM4CHEE_NEW/rs/studies/1.3.12.2.1107.5.8.1.12345678.199508041416590859569/export/dicom:STORESCP from [email protected] 09:52:24,137 INFO [org.dcm4che3.net.Connection] (default task-2) Initiate connection from /0.0.0.0:0 to localhost:11115 09:52:24,138 INFO [org.dcm4che3.net.Connection] (default task-2) Established connection Socket[addr=localhost/127.0.0.1,port=11115,localport=49735] 09:52:24,140 INFO [org.dcm4che3.net.Association] (default task-2) DCM4CHEE_NEW->STORESCP(2) << A-ASSOCIATE-RQ 09:52:24,171 INFO [org.dcm4che3.net.Association] (EE-ManagedExecutorService-default-Thread-12) DCM4CHEE_NEW->STORESCP(2) >> A-ASSOCIATE-AC 09:52:24,174 INFO [org.dcm4che3.net.Dimse] (default task-2) DCM4CHEE_NEW->STORESCP(2) << 1:C-STORE-RQ[pcid=1, prior=0 cuid=1.2.840.10008.5.1.4.1.1.2 - CT Image Storage iuid=1.3.12.2.1107.5.8.1.12345678.199508041416590861483 - ? tsuid=1.2.840.10008.1.2 - Implicit VR Little Endian] 09:52:24,177 INFO [org.dcm4chee.arc.coerce.impl.DeIdentificationCoercionProcessor] (default task-2) Deidentified attributes by coercion ArchiveAttributeCoercion2[cn=coerce-c-store-rq - vna2all - anonymizeOnRetrieve - new, priority=1, DIMSE=C_STORE_RQ, role=SCP, cuids=[], conditions={ReceivingApplicationEntityTitle=STORESCP|DCM4CHEE2, SendingApplicationEntityTitle=DCM4CHEE_NEW}, uri=deidentify:RetainDeviceIdentityOption,RetainUIDsOption, description=null, onFailure=RETHROW, sufficient=false, attributeUpdatePolicy=MERGE, mergeAttributes=[], deviceCoercionParam=null, otherCoercionParams={}] 09:52:24,184 INFO [org.dcm4chee.arc.coerce.impl.XSLTCoercionProcessor] (default task-2) Coerced attributes from stylesheet by coercion ArchiveAttributeCoercion2[cn=testWADOMetadata, priority=0, DIMSE=C_STORE_RQ, role=SCP, cuids=[], conditions={}, uri=xslt:${jboss.server.temp.url}/dcm4chee-arc/predecessorDocSeq.xsl, description=null, onFailure=RETHROW, sufficient=false, attributeUpdatePolicy=MERGE, mergeAttributes=[], deviceCoercionParam=null, otherCoercionParams={xsl-no-keyword=true}] 09:52:24,262 INFO [org.dcm4che3.net.Dimse] (EE-ManagedExecutorService-default-Thread-12) DCM4CHEE_NEW->STORESCP(2) >> 1:C-STORE-RSP[pcid=1, status=0H cuid=1.2.840.10008.5.1.4.1.1.2 - CT Image Storage iuid=1.3.12.2.1107.5.8.1.12345678.199508041416590861483 - ? tsuid=1.2.840.10008.1.2 - Implicit VR Little Endian] 09:52:24,262 INFO [org.dcm4che3.net.Association] (default task-2) DCM4CHEE_NEW->STORESCP(2) << A-RELEASE-RQ 09:52:24,264 INFO [org.dcm4che3.net.Association] (EE-ManagedExecutorService-default-Thread-12) DCM4CHEE_NEW->STORESCP(2) >> A-RELEASE-RP 09:52:24,264 INFO [org.dcm4che3.net.Association] (EE-ManagedExecutorService-default-Thread-12) DCM4CHEE_NEW->STORESCP(2): close Socket[addr=localhost/127.0.0.1,port=11115,localport=49735] 09:52:31,435 INFO [org.dcm4chee.arc.delete.impl.PurgeStorageScheduler] (EE-ManagedScheduledExecutorService-default-Thread-3) start PurgeStorageScheduler.execute()
-
Verify attributes of DICOM file received by storescp tool in dcmdump tool window
-
Send test study to archive using storescu tool.
storescu -c DCM4CHEE@localhost:11112 ~/work/testdata/DICOM/modality/CT/CT2
-
Start a second DCM4CHEE 5 archive using Run minimum set of archive services on a single host
-
Configure DCM4CHEE2 as Remote Application Entity
-
Export stored study to DCM4CHEE2 destination
-
Verify in archive server log at
$WILDFLY_HOME/standalone/log/server.log
09:50:44,680 INFO [org.dcm4chee.arc.export.rs.ExporterRS] (default task-1) Process POST /dcm4chee-arc/aets/DCM4CHEE_NEW/rs/studies/1.3.12.2.1107.5.8.1.12345678.199508041416590859569/export/dicom:DCM4CHEE2 from [email protected] 09:50:44,710 INFO [org.dcm4che3.net.Connection] (default task-1) Initiate connection from /0.0.0.0:0 to localhost:21112 09:50:44,711 INFO [org.dcm4che3.net.Connection] (default task-1) Established connection Socket[addr=localhost/127.0.0.1,port=21112,localport=50839] 09:50:44,720 INFO [org.dcm4che3.net.Association] (default task-1) DCM4CHEE_NEW->DCM4CHEE2(1) << A-ASSOCIATE-RQ 09:50:44,769 INFO [org.dcm4che3.net.Association] (EE-ManagedExecutorService-default-Thread-15) DCM4CHEE_NEW->DCM4CHEE2(1) >> A-ASSOCIATE-AC 09:50:44,807 INFO [org.dcm4che3.net.Dimse] (default task-1) DCM4CHEE_NEW->DCM4CHEE2(1) << 1:C-STORE-RQ[pcid=1, prior=0 cuid=1.2.840.10008.5.1.4.1.1.2 - CT Image Storage iuid=1.3.12.2.1107.5.8.1.12345678.199508041416590861483 - ? tsuid=1.2.840.10008.1.2 - Implicit VR Little Endian] 09:50:44,997 INFO [org.dcm4chee.arc.coerce.impl.DeIdentificationCoercionProcessor] (default task-1) Deidentified attributes by coercion ArchiveAttributeCoercion2[cn=coerce-c-store-rq - vna2all - anonymizeOnRetrieve - new, priority=1, DIMSE=C_STORE_RQ, role=SCP, cuids=[], conditions={ReceivingApplicationEntityTitle=STORESCP|DCM4CHEE2, SendingApplicationEntityTitle=DCM4CHEE_NEW}, uri=deidentify:RetainDeviceIdentityOption,RetainUIDsOption, description=null, onFailure=RETHROW, sufficient=false, attributeUpdatePolicy=MERGE, mergeAttributes=[], deviceCoercionParam=null, otherCoercionParams={}] 09:50:45,250 INFO [org.dcm4chee.arc.coerce.impl.XSLTCoercionProcessor] (default task-1) Coerced attributes from stylesheet by coercion ArchiveAttributeCoercion2[cn=testWADOMetadata, priority=0, DIMSE=C_STORE_RQ, role=SCP, cuids=[], conditions={}, uri=xslt:${jboss.server.temp.url}/dcm4chee-arc/predecessorDocSeq.xsl, description=null, onFailure=RETHROW, sufficient=false, attributeUpdatePolicy=MERGE, mergeAttributes=[], deviceCoercionParam=null, otherCoercionParams={xsl-no-keyword=true}] 09:50:45,772 INFO [org.dcm4che3.net.Dimse] (EE-ManagedExecutorService-default-Thread-15) DCM4CHEE_NEW->DCM4CHEE2(1) >> 1:C-STORE-RSP[pcid=1, status=0H cuid=1.2.840.10008.5.1.4.1.1.2 - CT Image Storage iuid=1.3.12.2.1107.5.8.1.12345678.199508041416590861483 - ? tsuid=1.2.840.10008.1.2 - Implicit VR Little Endian] 09:50:45,774 INFO [org.dcm4che3.net.Association] (default task-1) DCM4CHEE_NEW->DCM4CHEE2(1) << A-RELEASE-RQ 09:50:45,777 INFO [org.dcm4che3.net.Association] (EE-ManagedExecutorService-default-Thread-15) DCM4CHEE_NEW->DCM4CHEE2(1) >> A-RELEASE-RP 09:50:45,777 INFO [org.dcm4che3.net.Association] (EE-ManagedExecutorService-default-Thread-15) DCM4CHEE_NEW->DCM4CHEE2(1): close Socket[addr=localhost/127.0.0.1,port=21112,localport=50839]
-
Verify in the attributes on the second DCM4CHEE 5 archive