User Tools

Site Tools


Anonymization and pseudonymization

PMA.core is the guardian of sensitive information. The following features are present to manage data anonymization:

Viewport configuration (PMA.UI)

When presenting a viewport to serve slide content, one can opt to hide the necessary visualization elements in the viewport that could lead to inadvertently revealing sensitive information: both the label (barcode) and filename widgets can easily be hidden with a single line of JavaScript code. Check our online viewport configuration demo for relevant technical information on this.

Root-directory configuration

The viewport configuration is useful in an environment where sometimes you do, yet sometimes you don’t want to show slide identification information. At root-directory level, therefore, one can opt to stipulate that label information is never to be revealed.

Even attempting to extract a barcode explicitly through a direct access endpoint will lead to just a blank image. In a mixed environment like an experimental lab, you could have a folder with animal samples that has this switch turned off, and another folder with human tissue samples that has this switch turned on. A similar hybrid environment can be created in a medical school, where clinical samples can be prevented from ever exposing label information, while can be more lenient on teaching datasets (which would be screened before inclusion anyway).

Access Control Lists

The above are software solutions. PMA.core never manipulates the original raw data. This means that the original whole slide image will always retain the original slide label information.

This leads to the hypothetical scenario that somebody would download an original slide from one PMA.core, only to host it on another one (or even open it with PMA.start, our free desktop-based viewer), from a root-directory that isn’t restrictive, with a custom webpage and PMA.UI viewport implementation that simply has all the widgets enabled by default. In order to prevent people from downloading selected data that they’re not allowed to see, PMA.core as a final back-stop supports granular permission settings: you can specify that people can view a slide (which essentially means piecemeal controlled serving of individual tiles), but they’re not allowed to download it; meaning they could never gain access to the original data.

anonymization.txt · Last modified: 2022/10/07 10:19 by yves