pacs_system/include_2kcenon_2pacs_2security_2anonymizer_8h_source.html

// BSD 3-Clause License

// Copyright (c) 2021-2025, 🍀☀🌕🌥 🌊

// See the LICENSE file in the project root for full license information.


#pragma once


#include "anonymization_profile.h"

#include "tag_action.h"

#include "uid_mapping.h"


#include <kcenon/pacs/core/dicom_dataset.h>

#include <kcenon/pacs/core/dicom_tag.h>


#include <kcenon/common/patterns/result.h>


#include <chrono>

#include <functional>

#include <map>

#include <memory>

#include <optional>

#include <string>

#include <vector>


namespace kcenon::pacs::security {


enum class private_tag_action : std::uint8_t {

    keep,

    remove_all,

    remove_data

};


class anonymizer {

public:

    // ========================================================================

    // Construction

    // ========================================================================


    explicit anonymizer(anonymization_profile profile = anonymization_profile::basic);


    anonymizer(const anonymizer& other);


    anonymizer(anonymizer&& other) noexcept;


    auto operator=(const anonymizer& other) -> anonymizer&;


    auto operator=(anonymizer&& other) noexcept -> anonymizer&;


    ~anonymizer() = default;


    // ========================================================================

    // Anonymization Operations

    // ========================================================================


    [[nodiscard]] auto anonymize(core::dicom_dataset& dataset)

        -> kcenon::common::Result<anonymization_report>;


    [[nodiscard]] auto anonymize_with_mapping(

        core::dicom_dataset& dataset,

        uid_mapping& mapping

    ) -> kcenon::common::Result<anonymization_report>;


    // ========================================================================

    // Profile Configuration

    // ========================================================================


    [[nodiscard]] auto get_profile() const noexcept -> anonymization_profile;


    void set_profile(anonymization_profile profile);


    // ========================================================================

    // Private Tag Handling

    // ========================================================================


    void set_private_tag_action(private_tag_action action);


    [[nodiscard]] auto get_private_tag_action() const noexcept

        -> private_tag_action;


    // ========================================================================

    // Custom Tag Actions

    // ========================================================================


    void add_tag_action(core::dicom_tag tag, tag_action_config config);


    void add_tag_actions(

        const std::map<core::dicom_tag, tag_action_config>& actions

    );


    auto remove_tag_action(core::dicom_tag tag) -> bool;


    void clear_custom_actions();


    [[nodiscard]] auto get_tag_action(core::dicom_tag tag) const

        -> tag_action_config;


    // ========================================================================

    // Date Shifting

    // ========================================================================


    void set_date_offset(std::chrono::days offset);


    [[nodiscard]] auto get_date_offset() const noexcept

        -> std::optional<std::chrono::days>;


    void clear_date_offset();


    [[nodiscard]] static auto generate_random_date_offset(

        std::chrono::days min_days = std::chrono::days{-365},

        std::chrono::days max_days = std::chrono::days{365}

    ) -> std::chrono::days;


    // ========================================================================

    // Encryption Configuration

    // ========================================================================


    [[nodiscard]] auto set_encryption_key(std::span<const std::uint8_t> key)

        -> kcenon::common::VoidResult;


    [[nodiscard]] auto has_encryption_key() const noexcept -> bool;


    // ========================================================================

    // Hash Configuration

    // ========================================================================


    void set_hash_salt(std::string salt);


    [[nodiscard]] auto get_hash_salt() const

        -> std::optional<std::string>;


    // ========================================================================

    // Audit and Reporting

    // ========================================================================


    void set_detailed_reporting(bool enable);


    [[nodiscard]] auto is_detailed_reporting() const noexcept -> bool;


    // ========================================================================

    // Static Helpers

    // ========================================================================


    [[nodiscard]] static auto get_profile_actions(anonymization_profile profile)

        -> std::map<core::dicom_tag, tag_action_config>;


    [[nodiscard]] static auto get_hipaa_identifier_tags()

        -> std::vector<core::dicom_tag>;


    [[nodiscard]] static auto get_gdpr_personal_data_tags()

        -> std::vector<core::dicom_tag>;


private:

    anonymization_profile profile_;


    std::map<core::dicom_tag, tag_action_config> custom_actions_;


    std::optional<std::chrono::days> date_offset_;


    std::vector<std::uint8_t> encryption_key_;


    std::optional<std::string> hash_salt_;


    private_tag_action private_tag_action_{private_tag_action::keep};


    bool detailed_reporting_{false};


    // Internal helpers

    [[nodiscard]] auto apply_action(

        core::dicom_dataset& dataset,

        core::dicom_tag tag,

        const tag_action_config& config,

        uid_mapping* mapping

    ) -> tag_action_record;


    [[nodiscard]] auto shift_date(std::string_view date_string) const

        -> std::string;


    [[nodiscard]] auto hash_value(std::string_view value) const

        -> std::string;


    [[nodiscard]] auto encrypt_value(std::string_view value) const

        -> kcenon::common::Result<std::string>;


    void initialize_profile_actions();

};


} // namespace kcenon::pacs::security

anonymization_profile.h
DICOM de-identification profiles per PS3.15 Annex E.

kcenon::common::Result
Definition study_lock_manager.h:36

kcenon::pacs::core::dicom_dataset
Definition dicom_dataset.h:65

kcenon::pacs::core::dicom_tag
Definition dicom_tag.h:51

kcenon::pacs::security::anonymizer
Definition anonymizer.h:89

kcenon::pacs::security::anonymizer::clear_custom_actions
void clear_custom_actions()
Clear all custom tag actions.
Definition anonymizer.cpp:227

kcenon::pacs::security::anonymizer::hash_value
auto hash_value(std::string_view value) const -> std::string
Definition anonymizer.cpp:632

kcenon::pacs::security::anonymizer::~anonymizer
~anonymizer()=default
Default destructor.

kcenon::pacs::security::anonymizer::get_hipaa_identifier_tags
static auto get_hipaa_identifier_tags() -> std::vector< core::dicom_tag >
Get a list of HIPAA Safe Harbor identifier tags.
Definition anonymizer.cpp:444

kcenon::pacs::security::anonymizer::private_tag_action_
private_tag_action private_tag_action_
Action for private tags.
Definition anonymizer.h:389

kcenon::pacs::security::anonymizer::set_detailed_reporting
void set_detailed_reporting(bool enable)
Enable detailed action recording.
Definition anonymizer.cpp:295

kcenon::pacs::security::anonymizer::hash_salt_
std::optional< std::string > hash_salt_
Hash salt.
Definition anonymizer.h:386

kcenon::pacs::security::anonymizer::apply_action
auto apply_action(core::dicom_dataset &dataset, core::dicom_tag tag, const tag_action_config &config, uid_mapping *mapping) -> tag_action_record
Definition anonymizer.cpp:471

kcenon::pacs::security::anonymizer::add_tag_action
void add_tag_action(core::dicom_tag tag, tag_action_config config)
Add or override a tag action.
Definition anonymizer.cpp:211

kcenon::pacs::security::anonymizer::set_hash_salt
void set_hash_salt(std::string salt)
Set salt for hash operations.
Definition anonymizer.cpp:287

kcenon::pacs::security::anonymizer::anonymizer
anonymizer(anonymization_profile profile=anonymization_profile::basic)
Construct with a specific profile.
Definition anonymizer.cpp:34

kcenon::pacs::security::anonymizer::get_gdpr_personal_data_tags
static auto get_gdpr_personal_data_tags() -> std::vector< core::dicom_tag >
Get a list of GDPR personal data tags.
Definition anonymizer.cpp:448

kcenon::pacs::security::anonymizer::get_tag_action
auto get_tag_action(core::dicom_tag tag) const -> tag_action_config
Get the effective action for a tag.
Definition anonymizer.cpp:231

kcenon::pacs::security::anonymizer::date_offset_
std::optional< std::chrono::days > date_offset_
Date offset for shifting.
Definition anonymizer.h:380

kcenon::pacs::security::anonymizer::set_profile
void set_profile(anonymization_profile profile)
Set a new profile.
Definition anonymizer.cpp:197

kcenon::pacs::security::anonymizer::get_date_offset
auto get_date_offset() const noexcept -> std::optional< std::chrono::days >
Get the current date offset.
Definition anonymizer.cpp:250

kcenon::pacs::security::anonymizer::initialize_profile_actions
void initialize_profile_actions()
Definition anonymizer.cpp:780

kcenon::pacs::security::anonymizer::get_profile_actions
static auto get_profile_actions(anonymization_profile profile) -> std::map< core::dicom_tag, tag_action_config >
Get tags to process for a given profile.
Definition anonymizer.cpp:303

kcenon::pacs::security::anonymizer::encryption_key_
std::vector< std::uint8_t > encryption_key_
Encryption key (if set)
Definition anonymizer.h:383

kcenon::pacs::security::anonymizer::clear_date_offset
void clear_date_offset()
Clear the date offset (dates will be zeroed instead)
Definition anonymizer.cpp:255

kcenon::pacs::security::anonymizer::add_tag_actions
void add_tag_actions(const std::map< core::dicom_tag, tag_action_config > &actions)
Add multiple tag actions.
Definition anonymizer.cpp:215

kcenon::pacs::security::anonymizer::anonymize_with_mapping
auto anonymize_with_mapping(core::dicom_dataset &dataset, uid_mapping &mapping) -> kcenon::common::Result< anonymization_report >
Anonymize with consistent UID mapping.
Definition anonymizer.cpp:89

kcenon::pacs::security::anonymizer::has_encryption_key
auto has_encryption_key() const noexcept -> bool
Check if encryption is configured.
Definition anonymizer.cpp:283

kcenon::pacs::security::anonymizer::get_hash_salt
auto get_hash_salt() const -> std::optional< std::string >
Get the current hash salt.
Definition anonymizer.cpp:291

kcenon::pacs::security::anonymizer::generate_random_date_offset
static auto generate_random_date_offset(std::chrono::days min_days=std::chrono::days{-365}, std::chrono::days max_days=std::chrono::days{365}) -> std::chrono::days
Generate a random date offset.
Definition anonymizer.cpp:259

kcenon::pacs::security::anonymizer::profile_
anonymization_profile profile_
Current anonymization profile.
Definition anonymizer.h:374

kcenon::pacs::security::anonymizer::set_encryption_key
auto set_encryption_key(std::span< const std::uint8_t > key) -> kcenon::common::VoidResult
Set encryption key for encrypt actions.
Definition anonymizer.cpp:272

kcenon::pacs::security::anonymizer::set_date_offset
void set_date_offset(std::chrono::days offset)
Set date offset for longitudinal consistency.
Definition anonymizer.cpp:246

kcenon::pacs::security::anonymizer::encrypt_value
auto encrypt_value(std::string_view value) const -> kcenon::common::Result< std::string >
Definition anonymizer.cpp:676

kcenon::pacs::security::anonymizer::get_profile
auto get_profile() const noexcept -> anonymization_profile
Get the current profile.
Definition anonymizer.cpp:193

kcenon::pacs::security::anonymizer::is_detailed_reporting
auto is_detailed_reporting() const noexcept -> bool
Check if detailed reporting is enabled.
Definition anonymizer.cpp:299

kcenon::pacs::security::anonymizer::detailed_reporting_
bool detailed_reporting_
Whether to include detailed action records in report.
Definition anonymizer.h:392

kcenon::pacs::security::anonymizer::get_private_tag_action
auto get_private_tag_action() const noexcept -> private_tag_action
Get the current private tag action.
Definition anonymizer.cpp:206

kcenon::pacs::security::anonymizer::remove_tag_action
auto remove_tag_action(core::dicom_tag tag) -> bool
Remove a custom tag action (reverts to profile default)
Definition anonymizer.cpp:223

kcenon::pacs::security::anonymizer::custom_actions_
std::map< core::dicom_tag, tag_action_config > custom_actions_
Custom tag actions (override profile defaults)
Definition anonymizer.h:377

kcenon::pacs::security::anonymizer::anonymize
auto anonymize(core::dicom_dataset &dataset) -> kcenon::common::Result< anonymization_report >
Anonymize a DICOM dataset.
Definition anonymizer.cpp:83

kcenon::pacs::security::anonymizer::operator=
auto operator=(const anonymizer &other) -> anonymizer &
Copy assignment.
Definition anonymizer.cpp:57

kcenon::pacs::security::anonymizer::set_private_tag_action
void set_private_tag_action(private_tag_action action)
Set the action to take on private tags during anonymization.
Definition anonymizer.cpp:202

kcenon::pacs::security::uid_mapping
Definition uid_mapping.h:59

dicom_dataset.h
DICOM Dataset - ordered collection of Data Elements.

dicom_tag.h
DICOM Tag representation (Group, Element pairs)

kcenon::pacs::security
Definition access_control_manager.h:27

kcenon::pacs::security::atna_object_type::other
@ other

kcenon::pacs::security::anonymization_profile
anonymization_profile
DICOM de-identification profiles based on PS3.15 Annex E.
Definition anonymization_profile.h:40

kcenon::pacs::security::anonymization_profile::basic
@ basic
Basic Profile - Remove direct identifiers.

kcenon::pacs::security::tag_action::shift_date
@ shift_date
Shift dates by a fixed offset.

kcenon::pacs::security::private_tag_action
private_tag_action
Action to take on private tags during anonymization.
Definition anonymizer.h:49

kcenon::pacs::security::private_tag_action::keep
@ keep
Preserve all private tags (default for backward compatibility)

kcenon::pacs::security::private_tag_action::remove_data
@ remove_data
Remove private data elements but keep creators (for auditing)

kcenon::pacs::security::private_tag_action::remove_all
@ remove_all
Remove all private data elements and their creators.

kcenon::pacs::security::tag_action_config
Configuration for a custom tag action.
Definition tag_action.h:148

kcenon::pacs::security::tag_action_record
Record of an action performed on a tag.
Definition tag_action.h:210

tag_action.h
Tag action definitions for DICOM de-identification.

uid_mapping.h
UID mapping for consistent de-identification across studies.