DICOM has become the most widely implemented and supported communications standard for medical imaging. The security of DICOM relies on the encryption of the communication channels. However, for highly sensitive medical data this is often not sufficient. This paper presents a data model for systems using DICOM based on the PIPE pseudonymization approach. A DICOM message intercepting proxy based on three different scenarios from practice was implemented in Java using the established open source PACS DCM4CHE. This system provides health care providers with an efficient architecture to reduce the danger of privacy violation and comply to legal demands, such as HIPAA.