diff --git a/.github/ISSUE_TEMPLATE/early-access.md b/.github/ISSUE_TEMPLATE/early-access.md index e5fa3ec..fdca032 100644 --- a/.github/ISSUE_TEMPLATE/early-access.md +++ b/.github/ISSUE_TEMPLATE/early-access.md @@ -27,5 +27,5 @@ Skip any field that does not apply. diff --git a/CHANGELOG.md b/CHANGELOG.md index 915c06b..d2c17f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,43 @@ Changelog for dcm-anon. Format follows [Keep a Changelog](https://keepachangelog --- +## [0.6.1] - 2026-06-01 + +Patch release. Compliance-citation correctness, independent-verifier test +coverage, and a contact-email change. No behavioural change to the +de-identification pipeline; output is byte-for-byte compatible with 0.6.0. + +### Fixed +- **HIPAA Safe-Harbor citation errors in the compliance manifest.** The + free-text / quasi-identifier catch-all was mislabelled category `(Q)` + (full-face photographs); the catch-all is `(R)` ("any other unique + identifying number, characteristic, or code"). Relabelled 11 tags plus the + burned-in-pixel finding. `DeviceSerialNumber` was `(N)` (URLs); device + identifiers and serial numbers are `(M)`. +- **Dropped a Recital-26 anonymisation overclaim** from the action-D GDPR + clause: a schema-preserving dummy neutralises a field but does NOT render the + dataset anonymous (it stays pseudonymous via the salted-hash UID remap). + Citation narrowed to GDPR Art. 32(1)(a). + +### Changed +- **Qualified the ENS (RD 311/2022) citation:** the tool evidences op.exp.8 + (audit log) and mp.info.6 (document cleaning); mp.info.3 (encryption) is NOT + implemented and remains the controller's responsibility. +- **Gated EU AI Act Art. 10 applicability:** new manifest disclosure clarifies + that Art. 10 data-governance obligations bind only the provider of a high-risk + Annex III system, not anyone who de-identifies. +- Added a machine-readable citation re-verification date (2026-06-01). +- **Contact email is now `dcm.anonimizer@gmail.com`** (project author email, + SECURITY.md, early-access page). + +### Added +- `tests/test_verify_output.py` (27 tests) covering the metadata-residual path, + sequence recursion, pixel-OCR via a fake engine, and the verifier's + conclusive/sampled/degraded status logic. `verify_output.py` coverage + 74% → 91%. + +--- + ## [0.6.0] - 2026-05-29 Major release. Inverts the de-identification model to deny-by-default, writes @@ -225,7 +262,7 @@ No change to: PS3.15 tag table (143 entries), JSON manifest schema (v1.2), CLI s ### Changed - `LICENSE` copyright line now names the author (was blank). -- `SECURITY.md` adds explicit contact email (`plusultra.dev@proton.me`) and +- `SECURITY.md` adds explicit contact email (`dcm.anonimizer@gmail.com`) and uses singular first-person voice for a solo-author project. - README "What we do NOT do" section renamed to "Limitations (what this tool does NOT do)". diff --git a/README.md b/README.md index 3ccbebe..5570b91 100644 --- a/README.md +++ b/README.md @@ -448,6 +448,14 @@ A hosted batch service is in preparation for teams that need S3/GCS sources, pri --- +## Contact + +Questions, bug reports, security disclosures, or hosted-service / early-access +enquiries: email **dcm.anonimizer@gmail.com** or open a +[GitHub issue](https://github.com/Ces107/dcm-anon/issues). + +--- + ## License MIT. diff --git a/SECURITY.md b/SECURITY.md index f855c47..4e5fd26 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -49,7 +49,7 @@ cohorts while keeping it one-way for anyone without the salt. Consequences: ## Responsible disclosure -Please report security issues by email to **plusultra.dev@proton.me** with subject +Please report security issues by email to **dcm.anonimizer@gmail.com** with subject `[dcm-anon] security`, or via the GitHub Security Advisories tab on `https://github.com/Ces107/dcm-anon`. diff --git a/dcm_anon/_version.py b/dcm_anon/_version.py index bc5ea11..0b88d28 100644 --- a/dcm_anon/_version.py +++ b/dcm_anon/_version.py @@ -7,4 +7,4 @@ installs and silently mislabelled which code produced a compliance manifest. """ -__version__ = "0.6.0" +__version__ = "0.6.1" diff --git a/docs/index.html b/docs/index.html index 59d8e6c..e9aa862 100644 --- a/docs/index.html +++ b/docs/index.html @@ -38,7 +38,7 @@
-v0.6.0 · MIT · open source · DOI 10.5281/zenodo.20267651 +v0.6.1 · MIT · open source · DOI 10.5281/zenodo.20267651

DICOM anonymization with an audit trail your DPO can verify.

@@ -53,7 +53,7 @@

DICOM anonymization with an audit trail your DPO can verify.

Compliance manifest

Every PS3.15 action (X / Z / U / D) that runs on your study is mapped to the literal text of the regulation that authorizes it — GDPR Art. 4(5), HIPAA Safe Harbor §164.514(b)(2), EU AI Act Art. 10. Re-verified against EUR-Lex / eCFR / gdpr-info.eu on 2026-05-13. SHA-256 chain over the audit log + manifest so an auditor can verify integrity from the JSON alone.

-

v0.6.0

+

v0.6.1

Package restructure, AI-slop cleanup, PyPI rename to dcm-anon. No behavioural change to anonymisation. Changelog.

v0.3.5 highlights

@@ -79,10 +79,10 @@

Reserve early access (hosted batch)

Drop me a line with a one-paragraph context: what you're trying to anonymize, what regulatory regime you're under, and what the gap is today. I read every one and reply within a week.

- Email reserve + Email reserve Open an issue instead

-

Or email plusultra.dev@proton.me directly.

+

Or email dcm.anonimizer@gmail.com directly.

This is an engineering tool. It implements PS3.15 correctly and produces auditable artifacts that your DPO / IRB / notified-body reviewer can verify. It is NOT legal advice and does NOT certify compliance — that's your QMS and counsel's call.

diff --git a/pyproject.toml b/pyproject.toml index 4bd7538..04e218a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,7 +10,7 @@ readme = "README.md" license = {text = "MIT"} requires-python = ">=3.10" authors = [ - {name = "César Pereiro García", email = "plusultra.dev@proton.me"}, + {name = "César Pereiro García", email = "dcm.anonimizer@gmail.com"}, ] keywords = [ "dicom", "anonymization", "phi", "de-identification", "medical-imaging",