De-Identifying Files before Upload
Version 19.2 and Later
This document applies only to Flywheel version 19.2 and later.
Prior to Flywheel version 19.2, de-identification was not available for Bulk Uploads.
If your data contains Protected Health Information (PHI), Flywheel can be configured to de-identify DICOM data before it leaves the user's computer.
Applicability
De-identification is only available for:
- DICOM files
- Files of types other than DICOM will not be de-identified by Flywheel.
- Bulk Uploads (not yet for Bulk Imports). This means:
- De-identification is available data when users are uploading data from their local computer, but
- De-identification is not yet available when importing data from an external storage.
- Files larger than 1 GB in size
- De-identification in the browser can be a resource-intensive process and as such is limited by the resources available on the user's local machine.
Behavior
When de-identification is configured, Flywheel attempts to de-identify all DICOM files before they are transferred off of the user's local machine and over a network. In this case, de-identification is performed in the web browser entirely on the user's local machine.
If any DICOM file fails to be de-identified for any reason, that file is marked as failed and is not uploaded to Flywheel.
PHI Risk -- DICOM files larger than 1 GB
Files larger than 1 GB may be uploaded even if de-identification fails!
This is because it often not possible to de-identify such large files in the browser due to resource limitations.
Tip
Depending upon the nature of the de-identification error, resolving the error may require modifying the de-identification profile itself, which requires Admin assistance.
De-identification profiles define how de-identification should be performed and are often customized to meet various needs.
Contact your Flywheel Administrator if you suspect your de-identification profile needs to be modified.
Enablement
The decision of whether to de-identify data before upload is entirely controlled by the existence of a de-identification profile:
- If a de-ID profile is configured at the target Project, Group, or Site level, then de-identification will be applied.
- In this case a notice will be displayed to the user indicating that their data will be de-identified before upload.
- Otherwise, if a de-ID profile is not configured at the target Project, Group, or Site level, then de-identification will not be applied.
- In this case a warning will be displayed to the user indicating that their data will not be de-identified before upload.
For more information about enabling de-identification, refer to the documentation on Enabling a De-ID profile for a Project, Group, or Site.