You are here

DICOM Confidential: Safeguard the privacy of patients' medical images

Medical imaging acquired for clinical purposes can have several legitimate secondary uses in research projects and teaching libraries. For these uses, and when imaging is acquired directly for research, most personal data can be safely removed, but in many cases it is necessary to keep some personal data or a link with the personal data. At this moment, no commonly accepted solution exists because the amount of personal data that is required by researchers and teaching libraries varies case by case.

DICOM Confidential is an open source DICOM (Digital Imaging and Communications in Medicine) de-identification toolkit that provides the necessary flexibility to account for different de-identification requirements and does not impose a given anonymisation model. It also provides a mechanism for forwarding the anonymous output to a remote site using either SFTP (SSH File Transfer Protocol) or DICOM communications protocol. The core functionality is contained in a Java library, which we have used to develop two DICOM anonymisation applications; these are included in the toolkit: one for DICOM files contained in a folder and one for objects received via the DICOM protocol (a receiver). A separate graphical application is provided to help users in policy writing and configuration.

In the case of multicentre clinical research projects a uniform, accountable de-identification process at all the participant centres is desirable. This can be done by prior distribution of the Privacy Policy to be used or by deploying it in a web server from which DICOM Confidential can read it directly. The toolkit was deployed in a multicentre setup and the experience gained in this deployment is presented.

Relevant files and media

PrivacyGuard News

New DICOM Confidential Release


Maintenance release:

- Fix to quarantine bug.
- Improvements to support for private plugins.

DICOM Confidential 1.4.2 released


The latest release incorporates the patches to 1.4.1 and introduces a Maven
based build to facilitate dependency management.
Artifacts can be found in the project sourceforge page.

New Release of DICOM Confidential


Evolution of release 1.4.0. All the patches released since then applied (see 1.4.0 folder for more information).
For installing DICOM Confidential please download the executable jar dicom-confidential-1.4.1.jar.

DICOM Confidential 1.4.0 released


This is the first release of the 1.4 branch that is intended to be an stable branch.
We have also released an experimental portable version for Windows (x86)
packed as a zip file (

Bugs fixed
- 3485818 Unselecting delete private attributes not working.
- 3485814 StudyID transformer does not allow absolute paths.

DICOM Confidential 1.3.28


This is the last release of Branch 1.3.
Bugfixes and a few new features.
The stable version will move to branch 1.4, while further development will be done in branch 1.5.
For more information visit the development site:

DICOM Confidential Release


The software name was changed from PrivacyGuard to DICOM Confidential due to trademark issues.
Since version 1.3.14 there have been a lot of changes including a new GUI desktop application and cataloguing capabilities.

PrivacyGuard 1.3.14


I have added a simplified version of the FolderAnonymiser (with a GUI) that might be more adequate for occasional users. It can be executed with

I have also included in the distribution the StudyIDMapper.jar for editing mapping files and I have created files for executing it in bin (mapper.bat/

PrivacyGuard 1.3.12


Now comes as an installation package.