v0.3.5 · MIT · open source · DOI 10.5281/zenodo.20267652

DICOM anonymization with an audit trail your DPO can actually verify.

PS3.15 Basic Profile + UID coherence + a verbatim-cited GDPR/HIPAA compliance manifest. MIT-licensed Python CLI, runs offline, no telemetry, single dependency.

View the code Try the demo Reserve early access

The bit nobody else seems to ship

Every PS3.15 action (X / Z / U / D) that runs on your study is mapped to the literal text of the regulation that authorizes it — GDPR Art. 4(5), HIPAA Safe Harbor §164.514(b)(2), EU AI Act Art. 10. Re-verified against EUR-Lex / eCFR / gdpr-info.eu on 2026-05-13. SHA-256 chain over the audit log + manifest so an auditor can verify integrity from the JSON alone.

What's in v0.3.5

PS3.15 Basic Application Level Confidentiality Profile, full Table E.1-1 (2024 ed.) — 125 explicit tags plus curve / overlay groups via range mask.
Consistent UID remapping across Study / Series / SOP, with file_meta.MediaStorageSOPInstanceUID kept in sync so DICOMDIR and WADO-RS references survive.
Sequence (SQ) recursion — nested PHI inside RequestAttributesSequence, ReferencedStudySequence, etc. is scrubbed, not silently skipped.
Independent post-run residual verification (--verify-output) using a separate PHI tag list curated from HHS OCR Safe Harbor + TCIA. Defeats the "tool vouches for itself" failure mode.
Honest about limits — pixel OCR optional and flagged, private-tag scrubbing not claimed, DICOM SR content not parsed. See the README "What we do NOT do" section.

Install

pip install dcm-anonymizer
# CLI command is `dcm-anon`. The PyPI dist name had to diverge
# because `dcm-anon` collides with a legacy slug.

Why this exists at all

GDPR Art. 35 requires a DPIA for any large-scale processing of special-category health data. EDPB pseudonymisation guidelines and HHS OCR de-identification guidance both push de-id to the source site. Without a machine-verifiable mapping between technical action and regulatory clause, "we anonymized correctly" is hand-waving. dcm-anon emits that mapping.

Reserve early access (hosted batch)

The OSS CLI is and will stay free. A hosted batch service is in preparation for teams that want S3/GCS sources, private-tag profiles per vendor, DICOM SR content scanning, and retained audit logs. Indicative bands while I measure demand: €99 / €299 / €499 per month. No card required at this stage.

Drop me a line with a one-paragraph context: what you're trying to anonymize, what regulatory regime you're under, and what the gap is today. I read every one and reply within a week.

Reserve early access →

Or email plusultra.dev@proton.me directly.

Honest about what this is

This is an engineering tool. It implements PS3.15 correctly and produces auditable artifacts that your DPO / IRB / notified-body reviewer can verify. It is NOT legal advice and does NOT certify compliance — that's your QMS and counsel's call.

GDPR output classification: pseudonymous, not anonymous, per Art. 4(5). HIPAA mode: Safe Harbor only (§164.514(b)(2)); not a substitute for Expert Determination. Operated from the EU.

Built by César Pereiro · UPV biomed alumni · async only, no calls during validation phase.

GitHub · PyPI · HF Space · HN thread · Related TFG (fairness in SaMD)