Skip to content

De-Identifying Files before Upload

Version 19.2 and Later

This document applies only to Flywheel version 19.2 and later.

Prior to Flywheel version 19.2, de-identification was not available for Bulk Uploads.

If your data contains Protected Health Information (PHI), Flywheel can be configured to de-identify DICOM data before it leaves the user's computer.

Applicability

De-identification is only available for:

  • DICOM files
    • Files of types other than DICOM will not be de-identified by Flywheel.
  • Bulk Uploads (not yet for Bulk Imports). This means:
    • De-identification is available data when users are uploading data from their local computer, but
    • De-identification is not yet available when importing data from an external storage.
  • Files larger than 1 GB in size
    • De-identification in the browser can be a resource-intensive process and as such is limited by the resources available on the user's local machine.

Behavior

When de-identification is configured, Flywheel attempts to de-identify all DICOM files before they are transferred off of the user's local machine and over a network. In this case, de-identification is performed in the web browser entirely on the user's local machine.

If any DICOM file fails to be de-identified for any reason, that file is marked as failed and is not uploaded to Flywheel.

PHI Risk -- DICOM files larger than 1 GB

Files larger than 1 GB may be uploaded even if de-identification fails!

This is because it often not possible to de-identify such large files in the browser due to resource limitations.

Tip

Depending upon the nature of the de-identification error, resolving the error may require modifying the de-identification profile itself, which requires Admin assistance.

De-identification profiles define how de-identification should be performed and are often customized to meet various needs.

Contact your Flywheel Administrator if you suspect your de-identification profile needs to be modified.

Enablement

The decision of whether to de-identify data before upload is entirely controlled by the existence of a de-identification profile:

  • If a de-ID profile is configured at the target Project, Group, or Site level, then de-identification will be applied.
    • In this case a notice will be displayed to the user indicating that their data will be de-identified before upload.
  • Otherwise, if a de-ID profile is not configured at the target Project, Group, or Site level, then de-identification will not be applied.
    • In this case a warning will be displayed to the user indicating that their data will not be de-identified before upload.

For more information about enabling de-identification, refer to the documentation on Enabling a De-ID profile for a Project, Group, or Site.