Uploaded image for project: 'XNAT'
  1. XNAT
  2. XNAT-5453

Sensitive fields extracted to XML before site anon is run for standard importer




      To recreate:

      1. If not already done, set your XNAT's site anon script to enabled with the default value:
        // Default XNAT anonymization script
        // XNAT http://www.xnat.org
        // Copyright (c) 2005-2017, Washington University School of Medicine and Howard Hughes Medical Institute
        // All Rights Reserved
        // Released under the Simplified BSD.
        version "6.1"
        project != "Unassigned" ? (0008,1030) := project
        (0010,0010) := subject
        (0010,0020) := session
      2. Download the attached file.
      3. Create a project with ID "a".
      4. Import the session in the attached file to project "a":
        curl -u admin:admin -X POST '' -F "file=@onefile.zip"
      5. Go to the session (also labeled "a").
      6. Look at the DICOM headers. Note that the values for Patient Name and Patient ID have been set to "a". That's good (subject/session identifiers are coming from the tag (0010,4000)).
      7. Look at the session XML (View > View XML). Note that the original values for Patient Name and Patient ID are stored in:
        <xnat:dcmPatientId>Sample ID</xnat:dcmPatientId>
        <xnat:dcmPatientName>Sample Patient</xnat:dcmPatientName>

      If there were an actual patient name in (0010,0010), this would be really bad, because the investigator would think that the data has been anonymized (it has, for the DICOM, at least), but the real value lurks in the XML.

      Note 1: this is very similar to XNAT-3267.

      Note 2: this doesn't seem to happen if the data is received via C-STORE.


        Issue Links



              moore.c@wustl.edu Charlie Moore (Inactive)
              moore.c@wustl.edu Charlie Moore (Inactive)
              0 Vote for this issue
              2 Start watching this issue