• DICOM File Reception: The API receives DICOM files from institutional storage systems or through a secure interface where users can upload the files.

Data Anonymization:

• DICOM Header Extraction: Access and read the information from the DICOM header.
• Identification of Sensitive Data: Identify fields with potentially sensitive information that require anonymization.
• Data Deletion or Modification: Personal data is deleted and replaced with randomly generated unique identifiers (16 characters).

Image Conversion:

• Image Processing: Images are extracted from the DICOM file once the header anonymization is completed.
• Conversion to PNG: Medical images are converted from their original DICOM format to PNG, facilitating handling in machine learning models.

Secure Storage (Google Cloud SafeKey):

• Encryption at Rest: Implementation of Client-Managed Encryption (CMEK).
• Encryption in Transit: Use of TLS, VPN, and Private Peering to protect data during transfer.
• Key Management Encryption:
  • Google Cloud Key Management Service (KMS) for secure key management.
  • Logging and monitoring of key operations.
• Access Controls:
  • Implementation of Identity and Access Management (IAM).
  • Application of robust security policies.
• Audit and Compliance: Setup of Cloud Audit Logs and regular security and compliance reviews.

API Interface and Access:

• Exposure through Google Cloud: Detail how the API interface is protected, possibly including two-factor authentication or certificates.

Compliance and Audit:

• Regular Compliance Review: Schedule and document regular audits to ensure continuous adherence to security and privacy policies.