Every DICOM file carries two things: the medical image itself, and a header packed with patient data. That header — containing the patient's name, date of birth, hospital, and physician — is Protected Health Information (PHI). When you share a .dcm file, you share all of that.
This guide explains what PHI is in a DICOM context, why it matters legally, and how to remove it without uploading your files to any server.
What PHI looks like inside a DICOM file
DICOM headers are structured as a list of tagged attributes. Each tag has a group number and element number, written as (GGGG,EEEE). The following tags are the most common carriers of PHI:
| DICOM Tag | Attribute Name | Example value |
|---|---|---|
| (0010,0010) | Patient Name | Smith^John |
| (0010,0020) | Patient ID | MRN-00123456 |
| (0010,0030) | Patient Birth Date | 19720415 |
| (0010,0040) | Patient Sex | M |
| (0008,0090) | Referring Physician Name | Dr. Jane Brown |
| (0008,0080) | Institution Name | General Hospital |
| (0008,1030) | Study Description | Chest CT with contrast |
| (0008,0020) | Study Date | 20260512 |
The DICOM standard defines over 3,000 attributes. The DICOM PS3.15 standard (Annex E) lists more than 200 attributes that must be handled during de-identification. For most practical purposes — sharing an image with a colleague or publishing a case report — removing the Patient Name, Patient ID, Patient Birth Date, and Institution Name is sufficient.
Why this matters: HIPAA, GDPR, and research ethics
In the United States, DICOM files containing patient data are protected under HIPAA (Health Insurance Portability and Accountability Act). Sharing them without authorization — including uploading to a third-party server — is a potential HIPAA violation. Fines range from $100 to $50,000 per violation depending on intent, with an annual cap of $1.9 million per violation category.
In the EU and UK, the same data is protected under GDPR as a special category of personal data (health data). Unauthorized processing carries fines of up to 4% of global annual turnover or €20 million, whichever is higher.
For academic research, institutional ethics boards (IRBs) typically require full de-identification of imaging data before it can be stored, shared, or published.
Warning: never upload PHI to a web service
Services like Smallpdf, ILovePDF, and generic online DICOM converters upload your file to their servers to process it. For DICOM files containing patient data, this transmits PHI to a third party — a potential HIPAA/GDPR violation regardless of the service's privacy policy.
Method 1: Convert to JPG/PNG in the browser (removes header PHI)
The quickest way to strip DICOM header PHI is to convert the file to a standard image format. When you convert a .dcm file to JPG or PNG, the entire DICOM header — including all PHI tags — is discarded. The output file contains only pixel data and standard image metadata (no patient information).
The 365tools DICOM Converter does this entirely in your browser using JavaScript. Your DICOM file is never sent to any server.
- Go to 365tools.net/dicom-converter
- Drop your
.dcmfile onto the upload zone - Select output format (JPG, PNG, or WebP)
- Download — the output has zero DICOM header data
Limitation: This method converts the file — it does not produce an anonymized DICOM. If you need to share a .dcm file (not just an image), use Method 2 or 3 below.
Important: Some scans have patient data burned into the image pixels (e.g., scans acquired with patient name overlaid). Converting to JPG strips the header but does not remove burned-in text. Always visually inspect the output.
Convert DICOM to JPG/PNG in your browser
No upload. Header PHI removed automatically. Window/Level controls included.
Open DICOM Converter →Method 2: pydicom (Python, full de-identification)
For researchers and developers who need to produce a de-identified DICOM file (not just an image), pydicom is the standard Python library for reading and modifying DICOM files.
A basic de-identification script:
import pydicom
ds = pydicom.dcmread("input.dcm")
# Tags to remove or blank
phi_tags = [
(0x0010, 0x0010), # Patient Name
(0x0010, 0x0020), # Patient ID
(0x0010, 0x0030), # Patient Birth Date
(0x0008, 0x0090), # Referring Physician Name
(0x0008, 0x0080), # Institution Name
(0x0008, 0x1030), # Study Description
]
for tag in phi_tags:
if tag in ds:
del ds[tag]
ds.save_as("anonymized.dcm")For full HIPAA de-identification, use pydicom's built-in ds.remove_private_tags() and follow the DICOM PS3.15 Annex E attribute list, which covers all 200+ PHI attributes.
Method 3: Dedicated DICOM anonymization tools
For clinical or research environments requiring batch anonymization of entire studies:
- DicomBrowser (free, open-source) — GUI tool for viewing and editing DICOM tags. Supports batch anonymization with configurable rules.
- Horos / OsiriX (Mac) — Built-in anonymization for entire studies from the database.
- XNAT — Used in large research institutions. Includes a DICOM anonymization pipeline.
- CTP (Clinical Trial Processor) — Free, Java-based tool designed specifically for DICOM de-identification in clinical trial workflows.
Frequently asked questions
What is PHI in a DICOM file?
PHI (Protected Health Information) in a DICOM file refers to any patient-identifiable data stored in the metadata header — including patient name, date of birth, patient ID, institution name, physician name, and study date. Under HIPAA (US) and GDPR (EU), this information must be protected.
Is it safe to upload a DICOM file to an online tool to remove PHI?
No — uploading a DICOM file to a third-party server exposes the PHI to that server, which is exactly the risk you are trying to eliminate. You should use a client-side tool (like the 365tools DICOM Converter) that processes files entirely in your browser, or use local software like pydicom.
Does converting DICOM to JPG remove PHI?
Converting to JPG removes the DICOM header entirely, which does strip all text-based PHI tags. However, some forms of PHI can be burned into the image itself — for example, if the original scan was acquired with patient name overlaid on the pixel data. Always check the resulting image for visible patient information.
What is the difference between DICOM anonymization and de-identification?
De-identification removes or replaces all fields that could identify a specific individual. Anonymization is a stricter standard — it removes enough data that re-identification is not reasonably possible even with external datasets. For research use, full de-identification per DICOM PS3.15 Annex E is required.
What DICOM tags contain PHI?
The most common PHI tags are: (0010,0010) Patient Name, (0010,0020) Patient ID, (0010,0030) Patient Birth Date, (0008,0090) Referring Physician Name, (0008,0080) Institution Name, (0008,0020) Study Date. There are hundreds of potential PHI attributes defined in the DICOM standard.