Browser-only DICOM anonymization: Inside the DICOM (.dcm) viewer/anonymizer

Why anonymize DICOM data in the browser

Clinical environments that handle imaging data must sanitize patient identifiers, acquisition context, and other metadata whenever studies leave the facility or are shared with outside partners. Trying to enforce anonymization rules manually almost guarantees that some tags will be missed, especially when the work is delegated to busy staff members. The DICOM (.dcm) viewer/anonymizer on ixam.net is designed to run entirely inside the browser, making it possible to anonymize files without sending any data elsewhere.

The tool supports mainstream transfer syntaxes such as DICOM Explicit VR / Implicit VR Little Endian and Explicit VR Big Endian. As soon as metadata is parsed, sensitive attributes are presented in a structured HTML view, making it easy to review them during in-hospital approval flows or when documenting disclosure decisions. While records still need to be stored and controlled according to each organization’s policy, the ability to complete tag review entirely on the client side removes friction from day-to-day operations. Drag-and-drop or selecting a file through the dialog immediately generates warnings, summaries, and metadata tables in the browser, expanding up to 200 tags on the spot. Because anonymization candidates, preset toggles, and download actions share the same screen, users can trace the state of a dataset before and after changes without losing context. Labels and buttons follow the anonymization workflow so the next action is always obvious.

Supported browsers and runtime requirements

The viewer/anonymizer targets recent Chromium-based browsers (Google Chrome, Microsoft Edge) and the current stable release of Firefox. It relies on the File API and Offscreen Canvas, so you should run it on browser versions released in 2023 or later. On iOS Safari, preview rendering can lag after loading a file; always confirm mask coverage before exporting anonymized results. Processed data never persists in browser storage—closing the tab releases the memory footprint. On managed hospital workstations, verify download permissions and audit logging rules in advance so exports remain compliant with local policies.

Obscuring in-image text with pixel masks

Names, QR codes, and other identifiers are sometimes embedded directly into pixel data. To deal with those cases, the canvas view lets you draw rectangular masks that will be filled in when the anonymized file is generated. Pixel data is left untouched by default, but each mask can be toggled on or off through its checkbox or deleted individually from the list, giving operators full control over which regions are redacted.

Sensitive tags organized by category

The built-in SENSITIVE_TAGS definition groups representative attributes by category—patient identification, contact information, dates, coordinates, device details, exam notes, and more—and assigns default actions plus available alternatives to each entry. The list highlights items by category while letting you zero out values, blank strings, write "ANONYMIZED", or regenerate UIDs with a single click. Dates and coordinate tags, which are easy to overlook, ship with zeroing or UID regeneration options pre-selected so they will not slip through routine reviews.

Switching operating modes with presets

Two presets organize anonymization policies: “Research (fully anonymized)” and “Internal sharing (mask patient identifiers only).” The research preset is designed to mask patient identifiers, dates, coordinates, and device information for thorough de-identification, whereas the internal-sharing preset focuses on patient- and contact-related tags so clinical context remains intact. Applying a preset pushes the recommended action to every tag automatically, and you can still override any individual entry—ideal for adapting the workflow to local governance templates.

An anonymization flow that ends with a download

Once parsing finishes, the update button for anonymization previews and the download button sit side by side. Reviewers can inspect the suggested actions, regenerate the preview, and immediately save the anonymized DICOM to local storage. Because every step runs inside the browser, there is no risk of the file being uploaded to a cloud service while you exchange data with parties outside the institution. The tool also includes an inline how-to section that walks through the process from drag-and-drop to saving the final file.

Step-by-step usage guide

You can run the tool by following the sequence below.

1. Open the DICOM (.dcm) viewer/anonymizer in your browser and read the disclaimer and overview at the top of the screen.
2. Load a DICOM file via the Choose File button or by dragging and dropping it onto the analysis panel.
3. Review the metadata and warnings that appear immediately after ingestion, switch presets if necessary, and confirm the suggested actions.
4. If any identifiers remain in the pixel data, switch to the preview tab, add rectangular masks, and use the checkboxes to confirm whether each mask should apply.
5. Verify that the actions assigned to each tag match your intent, manually overriding entries where needed.
6. Click “Update anonymization preview” to review the post-processing state, then select “Download anonymized DICOM” to save the file locally once everything looks correct.
7. Close the browser tab after processing and clear any residual caches on the workstation if required by policy.

Points to keep in mind

The tool deliberately keeps compressed Pixel Data untouched and does not traverse nested tags inside sequences (SQ). UID regeneration follows the DICOM UID specification with decimal digits only. Combine the workflow with additional review steps if compressed images or deeply nested structures might contain identifiers. Because generated files live only in browser memory, do not forget to apply your organization’s clearance procedures for local devices and access logs.

References

• DICOM Standard PS3.15: Security and System Management Profiles
• DICOM Standard PS3.10: Media Storage and File Format
• U.S. National Institutes of Health: DICOM for Researchers

Final notes

This article provides reference material for healthcare and research organizations that handle DICOM data. It does not constitute medical advice or diagnostic guidance. Always comply with your institution’s security policies, applicable laws, and ethics board approvals, and appoint a responsible party to confirm that anonymized files cannot be traced back to patients. Specifications described here reflect the tool at the time of writing; features may change, so check the latest documentation and release notes for updates.

Proper DICOM anonymization requires more than stripping obvious tags—it demands careful handling of coordinates, dates, and UIDs that tie back to clinical workflows. By combining browser-only processing, preset policies, and pixel masking in a single interface, ixam.net’s DICOM viewer/anonymizer offers a stable way to support anonymization routines on the front lines.