How does MRI Online ensure the anonymization of cases?

MRI Online Anonymization Protocols and Policies


MRI Online is an online educational platform dedicated to improving radiologists clinical practice. Full DICOM data sets are a key component of this learning process, radiologists must be able to scroll through real-life image sets in order to mimic the real world clinical setting to practice, learn and gain skills.

DICOM datasets in their original format contain patient data. It is critical to protect that patient’s data. MRI Online has a zero tolerance policy for publishing patient data to its platform and takes the protection of patient data with extreme seriousness and caution.

There are many patient anonymization algorithms on the market. However, with today's technology, it is not possible for an algorithm to be 100% accurate in the removal of PHI. Oftentimes data exists outside of DICOM metadata tags, for example: PHI can be burned directly onto an image (common but not limited to Ultrasound studies), paperwork containing PHI can be DICOM-ized. The only way data can be 100% PHI free is with the assistance of a human review.

MRI Online’s Process

  • Step 1: Presenters are required to anonymize image sets using their preferred and/or institution’s approved software. Presenters then submit that data to us via Ambra*, a cloud-based image transfer solution.
  • Step 2: All data imported into Ambra* is anonymized using Ambra’s anonymization algorithm.
  • Step 3: An MRI Online team-member reviews each case for PHI, removes any existing PHI and marks the case as ready to publish.
  • Step 4: A second team-member reviews the case for PHI; if there is no PHI, they approve and publish the case to MRI Online.

This process includes the application of two algorithmic checks and two human validation checks.

In the unlikely event that PHI is discovered on MRI Online, our policy is to immediately disable the web viewer for all studies and all users. The team then undergoes a thorough audit and investigation to remove any PHI, understand the root cause of the issue and report out to impacted stakeholders.

Only after the PHI is removed and the cause of the issue resolved will the viewer be re-enabled.* Note: Ambra is a large, enterprise-grade, HIPAA compliant medical image transfer company with 100+ employees and is used by Stanford, Cornell and Johns Hopkins, along with hundreds of other medical institutions.

See attached document here.