LibGuides: How to Work with Sensitive Data: Reducing Data Sensitivity (Images)

DICOM images

DICOM is an image format often used in medical imaging because it allows for embedding rich metadata like patient information and instrument information into the file. As a result, DICOM files are a good example of a file where both the data themselves and the metadata need to be anonymized. There are an extensive number of free and paid workflows to remove metadata from DICOM files:

Aryanto, K. Y. E., Oudkerk, M., & Van Ooijen, P. M. A. (2015). Free DICOM de-identification tools in clinical research: functioning and safety of patient privacy. European Radiology, 25, 3685-3695. 10.1007/s00330-015-3794-0
Monteiro, E., Costa, C., & Oliveira, J. L. (2017). A de-identification pipeline for ultrasound medical images in DICOM format. Journal of Medical Systems, 41(5), 89. 10.1007/s10916-017-0736-1
Shahid, A., Bazargani, M. H., Banahan, P., Mac Namee, B., Kechadi, T., Treacy, C., ... & MacMahon, P. (2022, April). A two-stage de-identification process for privacy-preserving medical image analysis. Healthcare, 10(5), 755). 10.3390/healthcare10050755
Rempe, M., Heine, L., Seibold, C., Hörst, F., & Kleesiek, J. (2025). De-identification of medical imaging data: a comprehensive tool for ensuring patient privacy. European Radiology, 1-10. 10.1007/s00330-025-11695-x

There are a range of software programs available (e.g., DicomCleaner, dicomanonymizer Python module). As with any software application, users should carefully vet the security, stability, and origin of any piece of software in order to protect yourself and the data.

MRI scans

MRI data are another image type that frequently requires handling in order to obfuscate facial features that may be identifiable if a stack of 2D images is reconstructed into 3D volume renders. The process of removing features is often called 'de-facing.' Some examples of software programs:

Theyers, A. E., Zamyadi, M., O'Reilly, M., Bartha, R., Symons, S., MacQueen, G. M., ... & Arnott, S. R. (2021). Multisite comparison of MRI defacing software across multiple cohorts. Frontiers in Psychiatry, 12, 617997. 10.3389/fpsyt.2021.617997
Mitew, S., Yeow, L. Y., Ho, C. L., Bhanu, P. K., & Nickalls, O. J. (2024). PyFaceWipe: a new defacing tool for almost any MRI contrast. Magnetic Resonance Materials in Physics, Biology and Medicine, 37(6), 993-1003. 10.1007/s10334-024-01170-x
MiDeFace (part of FreeSurfer)
Song, X., Wang, J., Wang, A., Meng, Q., Prescott, C., Tsu, L., & Eckert, M. A. (2015). DeID–a data sharing tool for neuroimaging studies. Frontiers in Neuroscience, 9, 325. 10.3389/fnins.2015.00325
- The De-identification Toolbox (from the NeuroImaging Tools & Resources Collaboratory)

Digital images (general)

Many common imaging devices, from digital cameras to smartphones, record various forms of metadata for images by default in what is called EXIF format. This can include typically innocuous information like camera brand (which could still be sensitive if it is a very rare or highly expensive brand), aperature, shutter speed, timestamps, and location if connected to a device with GPS functionality. Similar to managing your personal digital footprint, you should also be mindful that even relatively simple and common imaging systems can still record highly sensitive information (and often do so automatically unless manually disabled) and be mindful about how you share research content.