Flywheel is fully HIPAA and GDPR compliant, and there are a number of configurable de-identification features available to ensure that your data is regulatory compliant and ready for research.
De-identification in Flywheel is configured using de-id profiles. A de-id profile is a set of instructions for what to do with metadata that may include PHI. You can de-identify standard DICOM tags such as
PatientAge, as well as private tags unique to your institution. De-id profile features also includes allowlists, blocklists, remove, replace, or date processing. You can see a full list of options in the de-id profile reference guide. Below is an example of a de-id profile
--- name: Example1 description: A de-id profile for DICOM files dicom: fields: - name: PatientID replace-with: REDACTED # using tag (tuple also supported) - name: 00080104 replace-with: REDACTED # using private tag notation - name: (0009, "GEMS_IMAG_01", 01) replace-with: REDACTED # using dotty-notation to access sequence element - name: 00082218.0.00080102 replace-with: REDACTED # using * to access all element in the sequence - name: AnatomicRegionSequence.*.CodeValue replace-with: REDACTED # using repeater group notation - name: (60xx, 0022) replace-with: REDACTED
Flywheel does not provide a standard, universal de-identification profile because de-identification requirements and PHI definitions differ from institution to institution, and it is also possible for users/clinicians to add PHI data to a field where it is not intended. It is your responsibility to define, test, and apply de-identification profiles.
To configure de-identification on your site, you must consider the following parts of the process:
De-identification workflow: This determines when the de-id profile is applied to data. For example, your data can be de-identified on the edge before it is uploaded to Flywheel, or it can be uploaded as is and then de-identified by a gear.
Upload method: The method for applying the profile varies depending on how you upload it to Flywheel.
A de-id profile is applied to data before it is uploaded to Flywheel– this means only de-identified data is stored in Flywheel. This is the most common de-identification workflow.
This is when the source dataset is uploaded directly to Flywheel and the de-identification steps are applied by the De-Identification Gear.
The most common use case is when data is uploaded directly from an imaging machine, and the only dataset that exists is the one in Flywheel. This means any de-identification changes apply directly to the source dataset. As a result, some Flywheel sites choose to upload data that includes PHI, which is only accessible to a limited number of Flywheel users. Before making the data accessible to more users within Flywheel, the de-identification gear is run
There are a number of ways to upload data to Flywheel:
Flywheel Connector (also known as the Flywheel Reaper): Connects to an imaging machine to upload data directly to Flywheel.
Flywheel Console: Drag and drop datasets under 200 MB directly to a Project. Learn more.
Flywheel command-line interface (CLI): Imports larger datasets through the terminal or console on your computer.
See the Importing Overview article for more information on how to get your data into Flywheel.
As a site admin you can configure a logging service for de-identification. For customers operating in regulated environments or in partnerships with regulated entities, the De-Identification Logging Service provides a way for you to re-identify data when necessary.