Resources & Insights

The technical depth
behind healthcare
data governance.

Guides, whitepapers, and research from a team that comes from the security and clinical informatics side - not the marketing one. Written for practitioners, procurement teams, and privacy officers who need specifics, not summaries.

Latest release · SECUVA research
WHITEPAPER
Genomic data re-identification risknew
GenomeIQFeb 2025
GUIDE
DICOM attribute surface - 113+ fieldsnew
PixelIQMar 2025
WHITEPAPER
WSI label PHI - the coverage gap
SlideIQFeb 2025
GUIDE
AU Privacy Act vs HIPAA - the gap
ComplianceJan 2025
GUIDE
Clinical NLP de-id pipeline design
ClinicalIQDec 2024
GUIDE
Essential Eight for healthcare data
Essential EightNov 2024
More whitepapers available to enterprise customers on request
Showing all guides & whitepapers
Featured · Guide

Why DICOM de-identification is harder than it looks

PixelIQ 12 min readMarch 2025

DICOM PS3.15 defines 113+ attributes that may contain PHI. Most implementations handle a fraction of them. This guide maps the full attribute surface - including burned-in text, structured reports, and sequence tags - and explains why pixel-level processing alone is not sufficient.

What's inside
DICOM PS3.15 attribute classification - all 113+ fields
Pixel-level vs metadata de-identification - when each applies
Structured report PHI - the most commonly missed surface
PACS integration patterns and where PHI persists
Validation methodology for de-identification completeness
SlideIQ
WhitepaperResearch

The coverage gap in whole-slide imaging privacy

Everyone de-identifies the TIFF tile. Nobody de-identifies the label. This whitepaper documents the PHI surfaces in WSI formats that clinical de-identification tools routinely miss - TIFF metadata, label images, and LIMS barcodes.

9 min readFebruary 2025
Request access
GenomeIQ
WhitepaperResearch

Genomic data: the re-identification risk no one talks about

You cannot anonymise a genome. You can only govern the risk. This paper examines four re-identification vectors in VCF and FASTQ data - header PHI, sample identity, variant linkage, and pedigree inference - and the controls that address each.

14 min readFebruary 2025
Request access
Compliance
GuideCompliance

Australian Privacy Act vs HIPAA: what healthcare AI vendors get wrong

Most 'healthcare data security' content is written for a US audience. The Australian Privacy Act 1988, the My Health Records Act, and OAIC de-identification guidance are different instruments with different obligations. This guide maps the gap.

10 min readJanuary 2025
Request access
ClinicalIQ
GuideTechnical

Building a clinical NLP de-identification pipeline

Clinical notes contain the richest PHI surface in a health record - and the hardest to govern. This technical guide covers entity recognition approaches, false negative rates by entity class, and the architectural decisions that determine whether de-id runs on-prem or in the cloud.

11 min readDecember 2024
Request access
Essential Eight
GuideCompliance

Essential Eight for healthcare data workflows

The ACSC Essential Eight is a baseline, not a ceiling - and it was not designed with healthcare data pipelines in mind. This guide maps Essential Eight controls to the specific risks of clinical imaging, genomics, and HL7 message workflows.

8 min readNovember 2024
Request access
Enterprise resources

Additional technical documentation
available to enterprise customers.

Security architecture diagrams, penetration test reports, compliance evidence packages, de-identification validation methodology reports, and detailed integration guides are available to enterprise customers and their technical and legal teams.

De-identification validation methodology report
DPO / Privacy officer
Enterprise
Security architecture diagrams (detailed)
Security team / CISO
Enterprise
Independent pen test report - Q1 2025
Security team
Enterprise
DICOM PS3.15 compliance matrix
Technical / clinical informatics
Available
HL7 FHIR de-identification conformance statement
Integration team
Available
Compliance evidence package - Privacy Act / OAIC
Legal / procurement
Enterprise
Stay updated

New research when it ships.

We publish new guides and whitepapers when we have something worth saying - not on a content calendar. Leave your email and we will send them directly.