The hidden mental load of DICOM anonymisation

Open the case. Check the metadata. Scan for identifiers. Fix the inconsistencies. Export. Repeat.

If you work in NHS radiology — as a PACS manager, a radiologist preparing teaching files, a researcher trying to share datasets across sites — this sequence is already familiar. Not because it is complicated. Because it is constant.

This is the part of the anonymisation conversation no one talks about. Not the regulatory risk, not the hours, but the cognitive texture of the work itself: the repeated context switching, the second-guessing, the quiet erosion of focus that compounds across a team, across a week, across a year.

Understanding why this happens — and what the research and technology communities are doing to address it — matters now more than it ever has. Because the stakes are no longer abstract.

~1M
patients waited over a month for scan results in 2024 — worst on record
Royal College of Radiologists, 2024
2,443
data breach incidents in the health sector in 2024 — more than any other UK sector
ICO Data Security Incident Trends, 2024
29%
shortfall of NHS consultant radiologists — projected to reach 39% by 2029
RCR Workforce Census, 2024

These three numbers belong to the same story. Imaging demand is growing faster than the workforce can keep pace. Every manual process that consumes clinical or technical staff time is a process that is competing directly with patient care. And the risks of getting anonymisation wrong — regulatory, reputational, operational — are higher and better documented than ever before.

Why anonymisation is harder than it looks

Most people outside of radiology imagine anonymisation as something like: remove the patient name, change the ID, done. The reality is structurally more complex, and that complexity is where the friction lives.

A DICOM file does not contain patient information in one place. It contains it in several — and each layer requires a different approach to de-identify correctly.

  • 1
    DICOM metadata headers
    Structured fields containing over 40 tags — patient name, date of birth, accession number, referring physician, study date — each of which can identify an individual. Different scanner manufacturers implement these tags inconsistently, meaning free-text fields and private vendor tags can contain identifiable information in unexpected places.
  • 2
    Burned-in pixel annotations
    Patient information rendered directly into the image itself — name, date of birth, hospital number visible in the corner of an X-ray, for example. Standard metadata stripping tools cannot detect or remove this. It requires specialist pixel-masking, and high-resolution 3D imaging can potentially allow patient re-identification from anatomical features alone even after metadata has been stripped.
  • 3
    Embedded reports and secondary captures
    Radiology reports, PDFs, and screen captures attached to the DICOM file, each carrying their own identifiers — and frequently overlooked in anonymisation workflows that focus only on image-level metadata.

This is where the cognitive load enters. When a PACS manager sits down to prepare a dataset for a research project, they are not following a clear, automated workflow. They are making judgements — about which tags need checking, about whether a particular modality is likely to contain embedded reports, about whether the pixel data on this scanner vendor includes burned-in text. Each judgement is small. Accumulated across a dataset of hundreds or thousands of studies, they become something heavier.

Who carries this load — and what it costs them

The friction of manual anonymisation is not distributed evenly. It concentrates in specific roles, each of whom experiences it differently.

PACS Manager
Technically responsible for de-identifying data before it leaves the PACS environment
NHS job specifications for this role already demand expert knowledge of DICOM standards and proven SQL proficiency — just to manage the data operationally. Adding bulk anonymisation on top of that, manually and across multiple vendor systems, stretches a specialist skill set beyond what most departments can reliably staff.
Radiologist
Required to anonymise cases for teaching files, peer review, REALM meetings, and AI projects — while managing unprecedented reporting backlogs
The RCR’s own guidance describes contributing anonymised teaching cases to national archives as “laborious at a time when radiologist resource is scarce.” Research shows a near 50% drop in plain radiograph reporting output when clinical staff are asked to switch to teaching tasks in the same session. The opportunity cost of manual anonymisation is measurable.
Data Protection Officer / IG Lead
Accountable for GDPR compliance across data workflows that lack any consistent audit trail
For compliance purposes, DPOs require audit trails logging every detection and redaction decision. Manual or fragmented processes make this structurally impossible. A single missed burned-in overlay can disqualify an entire multi-site research dataset from an ethics board — or constitute a reportable breach under UK GDPR.
Clinical Director
Accountable for throughput, safety and research delivery — while watching the anonymisation bottleneck quietly slow all three
In 2024, 100% of NHS clinical directors reported concerns about staff burnout and operational drag. Most of that drag does not appear on a dashboard. It lives in the hours that disappear into manual checks, interrupted workflows, and repeated steps that should have been automated.

The regulatory and strategic pressure building behind this

The cognitive and operational burden of manual anonymisation would be significant on its own. What makes it urgent is the direction of travel across the NHS — because the volume of imaging data that needs to be anonymised is about to grow substantially, and the systems being built to handle it assume that a robust anonymisation capability is already in place.

NHS National Imaging Registry

NHS England is actively rolling out the National Imaging Registry (NIR) to enable federated discovery and retrieval of diagnostic imaging across organisations. The roadmap targets full national deployment between 2025 and 2027 — which will exponentially increase the volume of imaging data being shared between NHS trusts. The NIR assumes that data shared across organisations is clean, compliant, and consistently de-identified. It does not build that capability in for you.

NHS England NIR Roadmap, 2025–2027
NHS AI Diagnostics Fund

A £21 million fund was announced in 2023 to support faster diagnosis and treatment through AI. Despite this investment, compliance with information governance rules was identified as one of the single biggest barriers to actually deploying AI algorithms in practice. In Greater Manchester, the NHS deployed imaging AI at scale only after completing Data Protection Impact Assessments for every tool up front — because no data sharing with AI companies is permitted without compliant anonymisation already in place. The funding exists. The anonymisation infrastructure is the gap.

RCR Policy Briefing / Sectra Medical NHS Case Study, 2024
UK GDPR enforcement is escalating

In March 2025, an NHS IT supplier received a £3.07 million fine from the ICO following a data breach affecting 79,404 people — the first ever fine issued against a data processor under UK GDPR. The health sector recorded 2,443 reported data breach incidents in 2024, more than any other sector in the UK. Under UK GDPR, fines can reach €20 million or 4% of annual global turnover, and individual patients can claim up to £5,000 in compensation per incident.

ICO Data Security Incident Trends / Pinsent Masons, 2024–2025

Taken together, these create a clear picture: the NHS is building infrastructure that requires large-scale, consistent, auditable DICOM anonymisation — while the current approach remains manual, fragmented, and unreliable. The gap between where the NHS is going and how anonymisation is currently handled is not technical debt. It is operational risk, accumulating every day.

Where Rosenfield Health sits in this

Rosenfield Health builds radiology informatics software for NHS organisations. The problems described in this piece — fragmented anonymisation workflows, the cognitive cost of manual de-identification, the gap between NHS strategic ambitions and current operational capability — are problems we have been working on directly, with NHS teams, for several years.

Our approach is not to add anonymisation as a feature. It is to build it as infrastructure: vendor neutral, integrated with existing PACS and RIS environments, scalable across the volume demands that the NIR rollout and NHS AI programmes will create.

The hidden mental load of anonymisation is real. It is documented in the RCR’s own guidance, felt daily by PACS managers and radiologists, and reflected in the breach statistics that keep climbing. The good news is that it is solvable — not by working harder or hiring more people, but by building workflows that handle the complexity systematically, so that the people who currently carry it do not have to.

That is what scalable anonymisation infrastructure makes possible. And for the NHS, given everything else it is navigating right now, the ability to take that load off clinical and technical teams is not a marginal efficiency gain. It is foundational to what comes next.

Mail Us Call Us