使用 DicomConfig 对 DICOM 数据进行去标识化处理

本页面介绍了如何使用 v1 DicomConfig 配置对 DICOM 实例中的以下级别的敏感数据进行去标识化：

在数据集级层，使用 datasets.deidentify
在 DICOM 存储区级层，使用 dicomStores.deidentify

本页面还介绍了在 DICOM 存储区级层对数据进行去标识化时如何应用过滤条件。

去标识化概览

数据集级别去标识化

要在数据集级层对 DICOM 数据进行去标识化，请调用 datasets.deidentify 操作。去标识化 API 调用包含以下组成部分：

源数据集：包含 DICOM 存储区的数据集，DICOM 存储区具有一个或多个包含敏感数据的实例。调用 deidentify 操作时，会对数据集中所有 DICOM 存储区中的所有实例进行去标识化。
目标数据集：去标识化并不影响原始数据集或其数据。相反，已经去标识化的原始数据副本将会写入到称为目标数据集的新数据集。
要进行去标识化的内容：用于指定如何处理数据集的配置参数。您可以通过在 DeidentifyConfig 对象中指定这些参数并执行以下操作，配置 DICOM 去标识化以对 DICOM 实例元数据（使用标记关键字）或内置文本进行去标识化处理：
- 设置请求正文的 config 字段
- 以 JSON 格式将其存储在 Cloud Storage 中，并使用请求正文的 gcsConfigUri 字段指定文件在存储桶中的位置

本指南中的大部分示例展示了如何在数据集级层对 DICOM 数据进行去标识化。

DICOM 存储区级层去标识化

通过在 DICOM 存储区级层对 DICOM 数据进行去标识化，您可以更好地控制要对哪些数据进行去标识化。例如，如果您有一个包含多个 DICOM 存储区的数据集，则可以根据存储区中存在的数据类型对每个 DICOM 存储区进行去标识化。

要对 DICOM 存储区中的 DICOM 数据进行去标识化，请调用 dicomStores.deidentify 方法。去标识化 API 调用包含以下组成部分：

来源 DICOM 存储区：包含一个或多个实例（具有敏感数据）的 DICOM 存储区。当您调用 deidentify 操作时，DICOM 存储区中的所有实例都会进行去标识化。
目标 DICOM 存储区：去标识化并不影响原始 DICOM 存储区或其数据。相反，已经去标识化的原始数据副本将会写入到目标 DICOM 存储区。目标 DICOM 存储区必须已存在。
去标识化内容：用于指定如何处理 DICOM 存储区的配置参数。如需配置 DICOM 去标识化，以便对 DICOM 图片中的 DICOM 实例元数据（使用标记关键字）或内置文本进行去标识化，请在 DeidentifyConfig 对象中指定这些参数，并执行以下任一操作来传递这些参数：
- 设置请求正文的 config 字段
- 以 JSON 格式将其存储在 Cloud Storage 中，并使用请求正文的 gcsConfigUri 字段指定文件在存储桶中的位置

如需查看示例以了解如何在 DICOM 存储区级层对 DICOM 数据进行去标识化，请参阅在 DICOM 存储区级层对数据进行去标识化。

过滤条件

您可以通过配置过滤条件文件并在 dicomStores.deidentify 请求中指定该文件，对 DICOM 存储区中的一部分数据进行去标识化。如需查看示例，请参阅对 DICOM 存储区的一部分数据进行去标识化。

示例概览

本指南中的示例使用单个 DICOM 实例，但您也可以对多个实例进行去标识化。

以下各部分提供的示例展示了如何使用各种方法对 DICOM 数据进行去标识化。每个示例都会提供去标识化后的图片输出。每个示例都使用以下原始图片作为其输入：

xray_original

您可以将每个去标识化操作的输出图片与该原始图片进行比较，以查看该操作的效果。

对 DICOM 标记进行去标识化

您可以根据 DICOM 元数据中的标记关键字对 DICOM 实例进行去标识化。以下标记过滤方法可在 DicomConfig 对象中使用：

keepList：要保留的标记列表。移除所有其他标记。
removeList：要移除的标记列表。保留其他所有标记。
filterProfile：一个标记过滤配置文件，用于确定要保留或移除哪些标记。

对于本部分中的每个示例，均提供 DICOM 实例的已更改元数据的输出。以下是实例的原始元数据，其用作每个示例的输入：

[
  {
    "00020002":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
     "00020003":{"vr":"UI","Value":["1.2.276.0.7230010.3.1.4.8323329.78.1539083058.523695"]},
     "00020010":{"vr":"UI","Value":["1.2.840.10008.1.2.4.50"]},
     "00020012":{"vr":"UI","Value":["1.2.276.0.7230010.3.0.3.6.1"]},
     "00020013":{"vr":"SH","Value":["OFFIS_DCMTK_361"]},
     "00080005":{"vr":"CS","Value":["ISO_IR 100"]},
     "00080016":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
     "00080018":{"vr":"UI","Value":["1.2.276.0.7230010.3.1.4.8323329.78.1539083058.523695"]},
     "00080020":{"vr":"DA","Value":["20110909"]},
     "00080030":{"vr":"TM","Value":["110032"]},
     "00080050":{"vr":"SH"},
     "00080064":{"vr":"CS","Value":["WSD"]},
     "00080070":{"vr":"LO","Value":["Manufacturer"]},
     "00080090":{"vr":"PN","Value":[{"Alphabetic":"John Doe"}]},
     "00081090":{"vr":"LO","Value":["ABC1"]},
     "00100010":{"vr":"PN","Value":[{"Alphabetic":"Ann Johnson"}]},
     "00100020":{"vr":"LO","Value":["S1214223-1"]},
     "00100030":{"vr":"DA","Value":["19880812"]},
     "00100040":{"vr":"CS","Value":["F"]},
     "0020000D":{"vr":"UI","Value":["2.25.70541616638819138568043293671559322355"]},
     "0020000E":{"vr":"UI","Value":["1.2.276.0.7230010.3.1.3.8323329.78.1531234558.523694"]},
     "00200010":{"vr":"SH"},
     "00200011":{"vr":"IS"},
     "00200013":{"vr":"IS"},
     "00200020":{"vr":"CS"},
     "00280002":{"vr":"US","Value":[3]},
     "00280004":{"vr":"CS","Value":["YBR_FULL_422"]},
     "00280006":{"vr":"US","Value":[0]},
     "00280010":{"vr":"US","Value":[1024]},
     "00280011":{"vr":"US","Value":[1024]},
     "00280100":{"vr":"US","Value":[8]},
     "00280101":{"vr":"US","Value":[8]},
     "00280102":{"vr":"US","Value":[7]},
     "00280103":{"vr":"US","Value":[0]},
     "00282110":{"vr":"CS","Value":["01"]},
     "00282114":{"vr":"CS","Value":["ISO_10918_1"]}
  }
]

使用 keeplist 标记进行去标识化

当您在 DicomConfig 对象中指定 Keeplist 标记时，系统默认会添加以下标记：

StudyInstanceUID
SeriesInstanceUID
SOPInstanceUID
TransferSyntaxUID
MediaStorageSOPInstanceUID
MediaStorageSOPClassUID
PixelData
Rows
Columns
SamplesPerPixel
BitsAllocated
BitsStored
Highbit
PhotometricInterpretation
PixelRepresentation
NumberOfFrames
PlanarConfiguration
PixelAspectRatio
SmallestImagePixelValue
LargestImagePixelValue
RedPaletteColorLookupTableDescriptor
GreenPaletteColorLookupTableDescriptor
BluePaletteColorLookupTableDescriptor
RedPaletteColorLookupTableData
GreenPaletteColorLookupTableData
BluePaletteColorLookupTableData
ICCProfile
ColorSpace
WindowCenter
WindowWidth
VOILUTFunction

deidentify 操作不会遮盖上述标记。但是，某些标记的值是重新生成的，也就是说这些值将通过确定性转换替换为其他值。如需了解详情，请参阅 DICOM 标准中的保留 UID 选项。要保留上述标记的原始值，请使用 SkipIdRedaction 选项。

如果未提供 Keeplist 标记，则不会遮盖数据集中的 DICOM 标记。

以下示例展示了如何对包含 DICOM 存储区和 DICOM 数据的数据集进行去标识化，与此同时某些标记保持不变。

将图片提交到 Cloud Healthcare API 后，图片显示如下。虽然图片顶部角落显示的元数据已被遮盖，但图片底部的烧屏受保护健康信息 (PHI) 仍然保留。如需一并移除烧屏文字，请参阅遮盖图片中的烧屏文字。

dicom_keeplist

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID

请求 JSON 正文：

{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "keepList": {
        "tags": [
          "PatientID"
        ]
      }
    }
  }
}

如需发送请求，请选择以下方式之一：

curl

注意：以下命令假定您已使用您的用户账号通过运行 gcloud init 或 gcloud auth login 登录 gcloud CLI，或者使用了 Cloud Shell，这会使您自动登录 gcloud CLI。您可以运行 gcloud auth list 来检查当前活跃的账号。

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

cat > request.json << 'EOF'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "keepList": {
        "tags": [
          "PatientID"
        ]
      }
    }
  }
}
EOF

然后，执行以下命令以发送 REST 请求：

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    -d @request.json \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"

PowerShell

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

@'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "keepList": {
        "tags": [
          "PatientID"
        ]
      }
    }
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8

然后，执行以下命令以发送 REST 请求：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content

输出如下所示。响应中包含长时间运行的操作的标识符。如果方法调用可能需要大量时间才能完成，系统就会返回长时间运行的操作。请注意 OPERATION_ID 的值。下一步中需要用到此值。

响应

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"
}

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

去标识化成功后，您可以检索去标识化实例的元数据，以查看其更改情况。去标识化实例具有新的研究 UID、系列 UID 和实例 UID，因此您首先需要在新数据集中搜索去标识化实例。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
SOURCE_DATASET_LOCATION：源数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

您应该收到类似以下内容的 JSON 响应：

响应

[
  {
    "00080005":{"vr":"CS"},
    "00080016":{"vr":"UI"},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080090":{"vr":"PN"},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200013":{"vr":"IS"},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]}
  }
]

下表显示了研究 UID、系列 UID 和实例 UID 的变化情况：

	原始实例元数据	去标识化的实例元数据
研究 UID (`0020000D`)	`2.25.70541616638819138568043293671559322355`	`1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763`
系列 UID (`0020000E`)	`1.2.276.0.7230010.3.1.3.8323329.78.1531234558.523694`	`1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710`
实例 UID (`00080018`)	`1.2.276.0.7230010.3.1.4.8323329.78.1539083058.523695`	`1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029`

使用新值检索实例的元数据。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出包含新的元数据。您可以将新元数据与原始元数据进行比较，以了解转换的效果。

响应

[
  {
    "00020002":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00020003":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00020010":{"vr":"UI","Value":["1.2.840.10008.1.2.4.50"]},
    "00020012":{"vr":"UI","Value":["1.2.40.0.13.1.3"]},
    "00020013":{"vr":"SH","Value":["dcm4che-null"]},
    "00080005":{"vr":"CS"},
    "00080016":{"vr":"UI"},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080064":{"vr":"CS"},
    "00080070":{"vr":"LO"},
    "00080090":{"vr":"PN"},
    "00081090":{"vr":"LO"},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200011":{"vr":"IS"},
    "00200013":{"vr":"IS"},
    "00200020":{"vr":"CS"},
    "00280002":{"vr":"US","Value":[3]},
    "00280004":{"vr":"CS","Value":["YBR_FULL_422"]},
    "00280006":{"vr":"US"},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]},
    "00280101":{"vr":"US","Value":[8]},
    "00280102":{"vr":"US","Value":[7]},
    "00280103":{"vr":"US","Value":[0]},
    "00282110":{"vr":"CS"},
    "00282114":{"vr":"CS"}
  }
]

Go

在 GitHub 上查看反馈

import (
	"context"
	"fmt"
	"io"
	"time"

	healthcare "google.golang.org/api/healthcare/v1"
)

// deidentifyDataset creates a new dataset containing de-identified data from the source dataset.
func deidentifyDataset(w io.Writer, projectID, location, sourceDatasetID, destinationDatasetID string) error {
	ctx := context.Background()

	healthcareService, err := healthcare.NewService(ctx)
	if err != nil {
		return fmt.Errorf("healthcare.NewService: %w", err)
	}

	datasetsService := healthcareService.Projects.Locations.Datasets

	parent := fmt.Sprintf("projects/%s/locations/%s", projectID, location)

	req := &healthcare.DeidentifyDatasetRequest{
		DestinationDataset: fmt.Sprintf("%s/datasets/%s", parent, destinationDatasetID),
		Config: &healthcare.DeidentifyConfig{
			Dicom: &healthcare.DicomConfig{
				KeepList: &healthcare.TagFilterList{
					Tags: []string{
						"PatientID",
					},
				},
			},
		},
	}

	sourceName := fmt.Sprintf("%s/datasets/%s", parent, sourceDatasetID)
	resp, err := datasetsService.Deidentify(sourceName, req).Do()
	if err != nil {
		return fmt.Errorf("Deidentify: %w", err)
	}

	// Wait for the deidentification operation to finish.
	operationService := healthcareService.Projects.Locations.Datasets.Operations
	for {
		op, err := operationService.Get(resp.Name).Do()
		if err != nil {
			return fmt.Errorf("operationService.Get: %w", err)
		}
		if !op.Done {
			time.Sleep(1 * time.Second)
			continue
		}
		if op.Error != nil {
			return fmt.Errorf("deidentify operation error: %v", *op.Error)
		}
		fmt.Fprintf(w, "Created de-identified dataset %s from %s\n", resp.Name, sourceName)
		return nil
	}
}

Java

在 GitHub 上查看反馈

import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.services.healthcare.v1.CloudHealthcare;
import com.google.api.services.healthcare.v1.CloudHealthcare.Projects.Locations.Datasets;
import com.google.api.services.healthcare.v1.CloudHealthcareScopes;
import com.google.api.services.healthcare.v1.model.DeidentifyConfig;
import com.google.api.services.healthcare.v1.model.DeidentifyDatasetRequest;
import com.google.api.services.healthcare.v1.model.DicomConfig;
import com.google.api.services.healthcare.v1.model.Operation;
import com.google.api.services.healthcare.v1.model.TagFilterList;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.GoogleCredentials;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;

public class DatasetDeIdentify {
  private static final String DATASET_NAME = "projects/%s/locations/%s/datasets/%s";
  private static final JsonFactory JSON_FACTORY = new GsonFactory();
  private static final NetHttpTransport HTTP_TRANSPORT = new NetHttpTransport();

  public static void datasetDeIdentify(String srcDatasetName, String destDatasetName)
      throws IOException {
    // String srcDatasetName =
    //     String.format(DATASET_NAME, "your-project-id", "your-region-id", "your-src-dataset-id");
    // String destDatasetName =
    //    String.format(DATASET_NAME, "your-project-id", "your-region-id", "your-dest-dataset-id");

    // Initialize the client, which will be used to interact with the service.
    CloudHealthcare client = createClient();

    // Configure what information needs to be De-Identified.
    // For more information on de-identifying using tags, please see the following:
    // https://cloud.google.com/healthcare/docs/how-tos/dicom-deidentify#de-identification_using_tags
    TagFilterList tags = new TagFilterList().setTags(Arrays.asList("PatientID"));
    DicomConfig dicomConfig = new DicomConfig().setKeepList(tags);
    DeidentifyConfig config = new DeidentifyConfig().setDicom(dicomConfig);

    // Create the de-identify request and configure any parameters.
    DeidentifyDatasetRequest deidentifyRequest =
        new DeidentifyDatasetRequest().setDestinationDataset(destDatasetName).setConfig(config);
    Datasets.Deidentify request =
        client.projects().locations().datasets().deidentify(srcDatasetName, deidentifyRequest);

    // Execute the request, wait for the operation to complete, and process the results.
    try {
      Operation operation = request.execute();
      while (operation.getDone() == null || !operation.getDone()) {
        // Update the status of the operation with another request.
        Thread.sleep(500); // Pause for 500ms between requests.
        operation =
            client
                .projects()
                .locations()
                .datasets()
                .operations()
                .get(operation.getName())
                .execute();
      }
      System.out.println(
          "De-identified Dataset created. Response content: " + operation.getResponse());
    } catch (Exception ex) {
      System.out.printf("Error during request execution: %s", ex.toString());
      ex.printStackTrace(System.out);
    }
  }

  private static CloudHealthcare createClient() throws IOException {
    // Use Application Default Credentials (ADC) to authenticate the requests
    // For more information see https://cloud.google.com/docs/authentication/production
    GoogleCredentials credential =
        GoogleCredentials.getApplicationDefault()
            .createScoped(Collections.singleton(CloudHealthcareScopes.CLOUD_PLATFORM));

    // Create a HttpRequestInitializer, which will provide a baseline configuration to all requests.
    HttpRequestInitializer requestInitializer =
        request -> {
          new HttpCredentialsAdapter(credential).initialize(request);
          request.setConnectTimeout(60000); // 1 minute connect timeout
          request.setReadTimeout(60000); // 1 minute read timeout
        };

    // Build the client for interacting with the service.
    return new CloudHealthcare.Builder(HTTP_TRANSPORT, JSON_FACTORY, requestInitializer)
        .setApplicationName("your-application-name")
        .build();
  }
}

Node.js

在 GitHub 上查看反馈

const google = require('@googleapis/healthcare');
const healthcare = google.healthcare({
  version: 'v1',
  auth: new google.auth.GoogleAuth({
    scopes: ['https://www.googleapis.com/auth/cloud-platform'],
  }),
});

const deidentifyDataset = async () => {
  // TODO(developer): uncomment these lines before running the sample
  // const cloudRegion = 'us-central1';
  // const projectId = 'adjective-noun-123';
  // const sourceDatasetId = 'my-source-dataset';
  // const destinationDatasetId = 'my-destination-dataset';
  // const keeplistTags = 'PatientID'
  const sourceDataset = `projects/${projectId}/locations/${cloudRegion}/datasets/${sourceDatasetId}`;
  const destinationDataset = `projects/${projectId}/locations/${cloudRegion}/datasets/${destinationDatasetId}`;
  const request = {
    sourceDataset: sourceDataset,
    destinationDataset: destinationDataset,
    resource: {
      config: {
        dicom: {
          keepList: {
            tags: [keeplistTags],
          },
        },
      },
    },
  };

  await healthcare.projects.locations.datasets.deidentify(request);
  console.log(
    `De-identified data written from dataset ${sourceDatasetId} to dataset ${destinationDatasetId}`
  );
};

deidentifyDataset();

Python

在 GitHub 上查看反馈

# Imports the Dict type for runtime type hints.
from typing import Dict

def deidentify_dataset(
    project_id: str,
    location: str,
    dataset_id: str,
    destination_dataset_id: str,
) -> Dict[str, str]:
    """Uses a DICOM tag keeplist to create a new dataset containing de-identified DICOM data from the source dataset.

    See
    https://github.com/GoogleCloudPlatform/python-docs-samples/tree/main/healthcare/api-client/v1/datasets
    before running the sample.
    See https://googleapis.github.io/google-api-python-client/docs/dyn/healthcare_v1.projects.locations.datasets.html#deidentify
    for the Python API reference.

    Args:
      project_id: The project ID or project number of the Google Cloud project you want
          to use.
      location: The name of the dataset's location.
      dataset_id: The ID of the source dataset containing the DICOM store to de-identify.
      destination_dataset_id: The ID of the dataset where de-identified DICOM data
        is written.

    Returns:
      A dictionary representing a long-running operation that results from
      calling the 'DeidentifyDataset' method. Use the
      'google.longrunning.Operation'
      API to poll the operation status.
    """
    # Imports the Python built-in time module.
    import time

    # Imports the Google API Discovery Service.
    from googleapiclient import discovery

    # Imports HttpError from the Google Python API client errors module.
    from googleapiclient.errors import HttpError

    api_version = "v1"
    service_name = "healthcare"
    # Returns an authorized API client by discovering the Healthcare API
    # and using GOOGLE_APPLICATION_CREDENTIALS environment variable.
    client = discovery.build(service_name, api_version)

    # TODO(developer): Uncomment these lines and replace with your values.
    # project_id = 'my-project'
    # location = 'us-central1'
    # dataset_id = 'my-source-dataset'
    # destination_dataset_id = 'my-destination-dataset'
    source_dataset = "projects/{}/locations/{}/datasets/{}".format(
        project_id, location, dataset_id
    )
    destination_dataset = "projects/{}/locations/{}/datasets/{}".format(
        project_id, location, destination_dataset_id
    )

    body = {
        "destinationDataset": destination_dataset,
        "config": {
            "dicom": {
                "keepList": {
                    "tags": [
                        "Columns",
                        "NumberOfFrames",
                        "PixelRepresentation",
                        "MediaStorageSOPClassUID",
                        "MediaStorageSOPInstanceUID",
                        "Rows",
                        "SamplesPerPixel",
                        "BitsAllocated",
                        "HighBit",
                        "PhotometricInterpretation",
                        "BitsStored",
                        "PatientID",
                        "TransferSyntaxUID",
                        "SOPInstanceUID",
                        "StudyInstanceUID",
                        "SeriesInstanceUID",
                        "PixelData",
                    ]
                }
            }
        },
    }

    request = (
        client.projects()
        .locations()
        .datasets()
        .deidentify(sourceDataset=source_dataset, body=body)
    )

    # Set a start time for operation completion.
    start_time = time.time()
    # TODO(developer): Increase the max_time if de-identifying many resources.
    max_time = 600

    try:
        operation = request.execute()
        while not operation.get("done", False):
            # Poll until the operation finishes.
            print("Waiting for operation to finish...")
            if time.time() - start_time > max_time:
                raise RuntimeError("Timed out waiting for operation to finish.")
            operation = (
                client.projects()
                .locations()
                .datasets()
                .operations()
                .get(name=operation["name"])
                .execute()
            )
            # Wait 5 seconds between each poll to the operation.
            time.sleep(5)

        if operation.get("error"):
            raise TimeoutError(f"De-identify operation failed: {operation['error']}")
        else:
            print(f"De-identified data to dataset: {destination_dataset_id}")
            print(
                f"Resources succeeded: {operation.get('metadata').get('counter').get('success')}"
            )
            print(
                f"Resources failed: {operation.get('metadata').get('counter').get('failure')}"
            )
            return operation

    except HttpError as err:
        # A common error is when the destination dataset already exists.
        if err.resp.status == 409:
            raise RuntimeError(
                f"Destination dataset with ID {destination_dataset_id} already exists."
            )
        else:
            raise err

使用 removelist 标记进行去标识化

您可以在 DicomConfig 对象中指定 removelist。deidentify 操作只会遮盖列表中指定的标记。如果未提供 removelist 标记，则去标识化操作会正常进行，但目标数据集中的 DICOM 标记不会被遮盖。

当您指定 removelist 时，系统会默认添加 OverlayData 标记，因为叠加数据可能包含 PHI。

默认添加到 Keeplist 的标记无法添加到 removelist。

以下示例展示了如何通过移除 removelist 中的所有标记对包含 DICOM 存储区和 DICOM 数据的数据集进行去标识化。不在 removelist 中的标记将保持不变。

将图片提交到 Cloud Healthcare API 后，图片显示如下。除了 removelist 中提供的标记之外，便只有 PatientBirthDate 会从图片中移除，因为它是 removelist 中唯一与图片中可见的元数据对应的标记。

虽然图片顶部角落的 PatientBirthDate 已根据 removelist 中的配置进行了遮盖，但图片底部的烧屏 PHI 仍会保留。如需一并移除烧屏文字，请参阅遮盖图片中的烧屏文字。

dicom_removelist

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID

请求 JSON 正文：

{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "removeList": {
        "tags": [
          "PatientBirthName",
          "PatientBirthDate",
          "PatientAge",
          "PatientSize",
          "PatientWeight",
          "PatientAddress",
          "PatientMotherBirthName"
        ]
      }
    }
  }
}

如需发送请求，请选择以下方式之一：

curl

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

cat > request.json << 'EOF'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "removeList": {
        "tags": [
          "PatientBirthName",
          "PatientBirthDate",
          "PatientAge",
          "PatientSize",
          "PatientWeight",
          "PatientAddress",
          "PatientMotherBirthName"
        ]
      }
    }
  }
}
EOF

然后，执行以下命令以发送 REST 请求：

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    -d @request.json \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"

PowerShell

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

@'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "removeList": {
        "tags": [
          "PatientBirthName",
          "PatientBirthDate",
          "PatientAge",
          "PatientSize",
          "PatientWeight",
          "PatientAddress",
          "PatientMotherBirthName"
        ]
      }
    }
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8

然后，执行以下命令以发送 REST 请求：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content

响应

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
SOURCE_DATASET_LOCATION：源数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

您应该收到类似以下内容的 JSON 响应：

响应

[
  {
    "00080005":{"vr":"CS"},
    "00080016":{"vr":"UI"},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080090":{"vr":"PN"},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200013":{"vr":"IS"},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]}
  }
]

下表显示了研究 UID、系列 UID 和实例 UID 的变化情况：

	原始实例元数据	去标识化的实例元数据
研究 UID (`0020000D`)	`2.25.70541616638819138568043293671559322355`	`1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763`
系列 UID (`0020000E`)	`1.2.276.0.7230010.3.1.3.8323329.78.1531234558.523694`	`1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710`
实例 UID (`00080018`)	`1.2.276.0.7230010.3.1.4.8323329.78.1539083058.523695`	`1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029`

使用新值检索实例的元数据。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出包含新的元数据。您可以将新元数据与原始元数据进行比较，以了解转换的效果。

响应

[
  {
    "00020002":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00020003":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00020010":{"vr":"UI","Value":["1.2.840.10008.1.2.4.50"]},
    "00020012":{"vr":"UI","Value":["1.2.40.0.13.1.3"]},
    "00020013":{"vr":"SH","Value":["dcm4che-null"]},
    "00080005":{"vr":"CS","Value":["ISO_IR 100"]},
    "00080016":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA","Value":["20110909"]},
    "00080030":{"vr":"TM","Value":["110032"]},
    "00080050":{"vr":"SH"},
    "00080064":{"vr":"CS","Value":["WSD"]},
    "00080070":{"vr":"LO","Value":["Manufacturer"]},
    "00080090":{"vr":"PN","Value":[{"Alphabetic":"John Doe"}]},
    "00081090":{"vr":"LO","Value":["ABC1"]},
    "00100010":{"vr":"PN","Value":[{"Alphabetic":"Ann Johnson"}]},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS","Value":["F"]},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200011":{"vr":"IS"},
    "00200013":{"vr":"IS"},
    "00200020":{"vr":"CS"},
    "00280002":{"vr":"US","Value":[3]},
    "00280004":{"vr":"CS","Value":["YBR_FULL_422"]},
    "00280006":{"vr":"US","Value":[0]},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]},
    "00280101":{"vr":"US","Value":[8]},
    "00280102":{"vr":"US","Value":[7]},
    "00280103":{"vr":"US","Value":[0]},
    "00282110":{"vr":"CS","Value":["01"]},
    "00282114":{"vr":"CS","Value":["ISO_10918_1"]}
  }
]

使用标记过滤条件配置文件进行去标识化

您可以在 DicomConfig 对象中配置 TagFilterProfile，而不是指定要保留或移除的标记。标记过滤条件配置文件是一个预定义的配置文件，用于确定要保留、移除或转换的标记。如需查看可用的配置文件，请参阅 TagFilterProfile 文档。

以下示例展示了如何使用标记过滤条件配置文件 ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE 对包含 DICOM 存储区和 DICOM 数据的数据集进行去标识化。此标记过滤条件配置文件会根据 DICOM 标准的 Attribute Confidentiality Basic Profile 移除标记。Cloud Healthcare API 不完全符合 Attribute Confidentiality Basic Profile。例如，在为标记选择操作时，Cloud Healthcare API 不会检查信息对象定义 (IOD) 限制。

使用 ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE 标记过滤条件配置文件将图片提交到 Cloud Healthcare API 后，图片显示如下。虽然图片顶部角落显示的元数据已被遮盖，但图片底部的烧屏 PHI 仍会保留。如需一并移除烧屏文字，请参阅遮盖图片中的烧屏文字。

dicom_attribute_confidentiality_basic_profile

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：
- PROJECT_ID：您的 Google Cloud 项目的 ID
- LOCATION：数据集位置
- SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
- DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
请求 JSON 正文：
```
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE"
    }
  }
}
```
如需发送请求，请选择以下方式之一：
curl

注意：以下命令假定您已使用您的用户账号通过运行 gcloud init 或 gcloud auth login 登录 gcloud CLI，或者使用了 Cloud Shell，这会使您自动登录 gcloud CLI。您可以运行 gcloud auth list 来检查当前活跃的账号。

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：
```
cat > request.json << 'EOF'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE"
    }
  }
}
EOF
```
然后，执行以下命令以发送 REST 请求：
curl -X POST \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json; charset=utf-8" \
-d @request.json \
"https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
PowerShell

注意：以下命令假定您已使用您的用户账号通过运行 gcloud init 或 gcloud auth login 登录 gcloud CLI，或者使用了 Cloud Shell，这会使您自动登录 gcloud CLI。您可以运行 gcloud auth list 来检查当前活跃的账号。

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：
```
@'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE"
    }
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8
```
然后，执行以下命令以发送 REST 请求：
$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
-Method POST `
-Headers $headers `
-ContentType: "application/json; charset=utf-8" `
-InFile request.json `
-Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
输出如下所示。响应中包含长时间运行的操作的标识符。如果方法调用可能需要大量时间才能完成，系统就会返回长时间运行的操作。请注意 OPERATION_ID 的值。下一步中需要用到此值。
响应
```
{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
```

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
SOURCE_DATASET_LOCATION：源数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

您应该收到类似以下内容的 JSON 响应：

响应

[
  {
    "00080005":{"vr":"CS"},
    "00080016":{"vr":"UI"},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080090":{"vr":"PN"},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200013":{"vr":"IS"},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]}
  }
]

下表显示了研究 UID、系列 UID 和实例 UID 的变化情况：

	原始实例元数据	去标识化的实例元数据
研究 UID (`0020000D`)	`2.25.70541616638819138568043293671559322355`	`1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763`
系列 UID (`0020000E`)	`1.2.276.0.7230010.3.1.3.8323329.78.1531234558.523694`	`1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710`
实例 UID (`00080018`)	`1.2.276.0.7230010.3.1.4.8323329.78.1539083058.523695`	`1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029`

使用新值检索实例的元数据。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出包含新的元数据。您可以将新元数据与原始元数据进行比较，以了解转换的效果。

响应

[
  {
    "00020002":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00020003":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00020010":{"vr":"UI","Value":["1.2.840.10008.1.2.4.50"]},
    "00020012":{"vr":"UI","Value":["1.2.40.0.13.1.3"]},
    "00020013":{"vr":"SH","Value":["dcm4che-null"]},
    "00080005":{"vr":"CS","Value":["ISO_IR 100"]},
    "00080016":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080064":{"vr":"CS","Value":["WSD"]},
    "00080070":{"vr":"LO","Value":["Manufactuer"]},
    "00080090":{"vr":"PN"},
    "00081090":{"vr":"LO","Value":["ABC1"]},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO"},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200011":{"vr":"IS"},
    "00200013":{"vr":"IS"},
    "00200020":{"vr":"CS"},
    "00280002":{"vr":"US","Value":[3]},
    "00280004":{"vr":"CS","Value":["YBR_FULL_422"]},
    "00280006":{"vr":"US","Value":[0]},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]},
    "00280101":{"vr":"US","Value":[8]},
    "00280102":{"vr":"US","Value":[7]},
    "00280103":{"vr":"US","Value":[0]},
    "00282110":{"vr":"CS","Value":["01"]},
    "00282114":{"vr":"CS","Value":["ISO_10918_1"]}
  }
]

在 Google Cloud 控制台中对数据进行去标识化

如需在 Google Cloud 控制台中对数据进行去标识化处理，请完成以下步骤：

在 Google Cloud 控制台中，进入“数据集”页面。

转到“数据集”页面
从要去标识化的数据集的操作列表中选择去标识化。

此时将显示对数据集进行去标识化页面。
选择设置目标数据集，并输入新数据集的名称，以存储去标识化的数据。
选择 DICOM 标记去标识化以选择去标识化的数据的配置文件。数据可按以下方式进行去标识化：
- KEEP_ALL_PROFILE - 保留所有 DICOM 元标记
- DEIDENTIFY_TAG_CONTENTS - 对元标记中的数据进行去标识化
- ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE - 根据 DICOM 标准中的基本配置文件移除元标记
- MINIMAL_KEEP_LIST_PROFILE - 仅保留有效 DICOM 对象所需的元标记
- 跳过 ID 遮盖 - 根据 DICOM 标准重新生成 UID 字段
选择 DICOM 烧屏文字遮盖以配置去标识化期间图片遮盖的执行方式。您可以按如下方式配置图片遮盖：
- REDACT_NO_TEXT - 请勿遮盖图片中的文字
- REDACT_SENSITIVE_TEXT - 仅遮盖图片中的敏感文本
- REDACT_ALL_TEXT - 遮盖图片中的所有文字
点击去标识化以对数据集中的数据进行去标识化。

遮盖图片中的烧屏文字

Cloud Healthcare API 可以遮盖图片中的敏感烧屏文字。此 API 会检测 PII 等敏感数据，然后使用不透明的矩形遮盖这些数据。API 会按相同格式返回您提供的相同 DICOM 图片，但会将根据您的标准识别为包含敏感信息的所有文本进行遮盖。

您可以通过在 ImageConfig 对象内指定 TextRedactionMode 选项，遮盖图片中的烧屏文字。如需查看可能的值，请参阅 TextRedactionMode 文档。

遮盖图片中的所有烧屏文字

以下示例展示了如何遮盖数据集内 DICOM 图片中的所有烧屏文字。可通过在 TextRedactionMode 字段中指定 REDACT_ALL_TEXT 做到这一点。

使用 REDACT_ALL_TEXT 选项将图片提交到 Cloud Healthcare API 后，图片显示如下。移除图片底部的烧屏文字后，图片顶部角落的元数据仍会保留。如需一并移除元数据，请参阅对 DICOM 标记进行去标识化。

xray_redact_all_text

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：
- PROJECT_ID：您的 Google Cloud 项目的 ID
- LOCATION：数据集位置
- SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
- DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
请求 JSON 正文：
```
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {},
    "image": {
      "textRedactionMode": "REDACT_ALL_TEXT"
    }
  }
}
```
如需发送请求，请选择以下方式之一：
curl

注意：以下命令假定您已使用您的用户账号通过运行 gcloud init 或 gcloud auth login 登录 gcloud CLI，或者使用了 Cloud Shell，这会使您自动登录 gcloud CLI。您可以运行 gcloud auth list 来检查当前活跃的账号。

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：
```
cat > request.json << 'EOF'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {},
    "image": {
      "textRedactionMode": "REDACT_ALL_TEXT"
    }
  }
}
EOF
```
然后，执行以下命令以发送 REST 请求：
curl -X POST \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json; charset=utf-8" \
-d @request.json \
"https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
PowerShell

注意：以下命令假定您已使用您的用户账号通过运行 gcloud init 或 gcloud auth login 登录 gcloud CLI，或者使用了 Cloud Shell，这会使您自动登录 gcloud CLI。您可以运行 gcloud auth list 来检查当前活跃的账号。

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：
```
@'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {},
    "image": {
      "textRedactionMode": "REDACT_ALL_TEXT"
    }
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8
```
然后，执行以下命令以发送 REST 请求：
$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
-Method POST `
-Headers $headers `
-ContentType: "application/json; charset=utf-8" `
-InFile request.json `
-Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
输出如下所示。响应中包含长时间运行的操作的标识符。如果方法调用可能需要大量时间才能完成，系统就会返回长时间运行的操作。请注意 OPERATION_ID 的值。下一步中需要用到此值。
响应
```
{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
```

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
SOURCE_DATASET_LOCATION：源数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

您应该收到类似以下内容的 JSON 响应：

响应

[
  {
    "00080005":{"vr":"CS"},
    "00080016":{"vr":"UI"},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080090":{"vr":"PN"},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200013":{"vr":"IS"},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]}
  }
]

下表显示了研究 UID、系列 UID 和实例 UID 的变化情况：

	原始实例元数据	去标识化的实例元数据
研究 UID (`0020000D`)	`2.25.70541616638819138568043293671559322355`	`1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763`
系列 UID (`0020000E`)	`1.2.276.0.7230010.3.1.3.8323329.78.1531234558.523694`	`1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710`
实例 UID (`00080018`)	`1.2.276.0.7230010.3.1.4.8323329.78.1539083058.523695`	`1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029`

仅遮盖图片中的敏感烧屏文字

以下示例展示了如何遮盖数据集内 DICOM 图片中的敏感烧屏文字。可通过在 TextRedactionMode 字段中指定 REDACT_SENSITIVE_TEXT 做到这一点。

当指定 REDACT_SENSITIVE_TEXT 时，默认 DICOM infoType 中指定的 infoType 会被遮盖。此外，还应用了患者标识符的其他自定义 infoType（如医疗记录编号 (MRN)），并遮盖了患者标识符。

下图显示了未经遮盖的患者 X 光片：

xray2_unredacted

使用 REDACT_SENSITIVE_TEXT 选项将图片提交到 Cloud Healthcare API 后，图片显示如下：

xray2_redact_sensitive_text

您可以看到以下情况：

图片左下方的 PERSON_NAME 已被遮盖
图片左下方的 DATE 已被遮盖

根据默认 DICOM infoType，该患者的性别不属于敏感文本，因此未遮盖。

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID

请求 JSON 正文：

{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {},
    "image": {
      "textRedactionMode": "REDACT_SENSITIVE_TEXT"
    }
  }
}

如需发送请求，请选择以下方式之一：

curl

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

cat > request.json << 'EOF'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {},
    "image": {
      "textRedactionMode": "REDACT_SENSITIVE_TEXT"
    }
  }
}
EOF

然后，执行以下命令以发送 REST 请求：

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    -d @request.json \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"

PowerShell

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

@'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {},
    "image": {
      "textRedactionMode": "REDACT_SENSITIVE_TEXT"
    }
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8

然后，执行以下命令以发送 REST 请求：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content

响应

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
SOURCE_DATASET_LOCATION：源数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

您应该收到类似以下内容的 JSON 响应：

响应

[
  {
    "00080005":{"vr":"CS"},
    "00080016":{"vr":"UI"},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080090":{"vr":"PN"},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200013":{"vr":"IS"},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]}
  }
]

下表显示了研究 UID、系列 UID 和实例 UID 的变化情况：

	原始实例元数据	去标识化的实例元数据
研究 UID (`0020000D`)	`2.25.70541616638819138568043293671559322355`	`1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763`
系列 UID (`0020000E`)	`1.2.276.0.7230010.3.1.3.8323329.78.1531234558.523694`	`1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710`
实例 UID (`00080018`)	`1.2.276.0.7230010.3.1.4.8323329.78.1539083058.523695`	`1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029`

合并标记去标识化和烧屏文字遮盖功能

您可以将使用标记的去标识化与图片中的烧屏文字遮盖功能相结合，以便在更精细的级别对 DICOM 实例进行去标识化。例如，通过将 TextRedactionMode 字段中的 REDACT_ALL_TEXT 与 TagFilterProfile 字段中的 DEIDENTIFY_TAG_CONTENTS 进行组合，您可以执行以下操作：

REDACT_ALL_TEXT：遮盖图片中的所有烧屏文字。
DEIDENTIFY_TAG_CONTENTS：检查标记内容并转换敏感文本。如需详细了解 DEIDENTIFY_TAG_CONTENTS 的行为，请参阅默认配置。

使用 REDACT_ALL_TEXT 和 DEIDENTIFY_TAG_CONTENTS 选项将图片提交到 Cloud Healthcare API 后，图片显示如下：观察以下更改：

已使用 CryptoHashConfig 转换了图片左上角和右上角的名称
已使用 DateShiftConfig 转换了图片左上角和右上角的日期
图片底部的已烧屏文字会被遮盖

xray_redact_all_text_deidentify_tag_contents

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID

请求 JSON 正文：

{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "image": {
      "textRedactionMode": "REDACT_ALL_TEXT"
    }
  }
}

如需发送请求，请选择以下方式之一：

curl

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

cat > request.json << 'EOF'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "image": {
      "textRedactionMode": "REDACT_ALL_TEXT"
    }
  }
}
EOF

然后，执行以下命令以发送 REST 请求：

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    -d @request.json \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"

PowerShell

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

@'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "image": {
      "textRedactionMode": "REDACT_ALL_TEXT"
    }
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8

然后，执行以下命令以发送 REST 请求：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content

响应

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
SOURCE_DATASET_LOCATION：源数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

您应该收到类似以下内容的 JSON 响应：

响应

[
  {
    "00080005":{"vr":"CS"},
    "00080016":{"vr":"UI"},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080090":{"vr":"PN"},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200013":{"vr":"IS"},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]}
  }
]

使用新值检索实例的元数据。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出包含新的元数据。您可以将新元数据与原始元数据进行比较，以了解转换的效果。

响应

[
  {
    "00020002":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00020003":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00020010":{"vr":"UI","Value":["1.2.840.10008.1.2.4.50"]},
    "00020012":{"vr":"UI","Value":["1.2.40.0.13.1.3"]},
    "00020013":{"vr":"SH","Value":["dcm4che-null"]},
    "00080005":{"vr":"CS","Value":["ISO_IR 100"]},
    "00080016":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA","Value":["20110728"]},
    "00080030":{"vr":"TM","Value":["110032"]},
    "00080050":{"vr":"SH"},
    "00080064":{"vr":"CS","Value":["WSD"]},
    "00080070":{"vr":"LO","Value":["Manufacturer"]},
    "00080090":{"vr":"PN","Value":[{"Alphabetic":"vTbECsOCTSOejDB1nAoHuGAn2tGaqXY4OJP6uZLPWMc"}]},
    "00081090":{"vr":"LO","Value":["ABC1"]},
    "00100010":{"vr":"PN","Value":[{"Alphabetic":"4LuwWK6k3Z/K/Ity4whf6YHYrm9an103tWL1EnCGwIk"}]},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA","Value":["19880630"]},
    "00100040":{"vr":"CS","Value":["F"]},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200011":{"vr":"IS"},
    "00200013":{"vr":"IS"},
    "00200020":{"vr":"CS"},
    "00280002":{"vr":"US","Value":[3]},
    "00280004":{"vr":"CS","Value":["YBR_FULL_422"]},
    "00280006":{"vr":"US","Value":[0]},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]},
    "00280101":{"vr":"US","Value":[8]},
    "00280102":{"vr":"US","Value":[7]},
    "00280103":{"vr":"US","Value":[0]},
    "00282110":{"vr":"CS","Value":["01"]},
    "00282114":{"vr":"CS","Value":["ISO_10918_1"]}
  }
]

将 infoType 和初始转换与 DICOM 标记配合使用

Cloud Healthcare API 可以使用信息类型 (infoType) 来定义在对标记执行去标识化操作时要扫描的数据。infoType 是一种敏感数据类型，例如患者姓名、电子邮件地址、电话号码、身份证号码和信用卡号等等。

初始转换是用于转换输入值的规则。您可以通过对每个标记的 infoType 应用初始转换，自定义 DICOM 标记的去标识化方式。例如，您可以通过指定 LAST_NAME infoType 和 CharacterMaskConfig 初始转换，对患者的姓氏进行去标识化，并将其替换为一系列星号。

默认 DICOM infoType

对元数据进行去标识化时使用的默认 DICOM infoType 如下：

AGE
CREDIT_CARD_NUMBER
DATE
EMAIL_ADDRESS
IP_ADDRESS
LOCATION
MAC_ADDRESS
PASSPORT
PERSON_NAME
PHONE_NUMBER
SWIFT_CODE
US_DRIVERS_LICENSE_NUMBER
US_SOCIAL_SECURITY_NUMBER
US_VEHICLE_IDENTIFICATION_NUMBER
US_INDIVIDUAL_TAXPAYER_IDENTIFICATION_NUMBER

当您使用 REDACT_SENSITIVE_TEXT 对图片中的敏感文本进行去标识化时，Cloud Healthcare API 会使用上述 infoType，但还会对图片中的敏感文本应用患者标识符的其他自定义 infoType（如医疗记录编号 (MRN)）。

初始转换选项

Cloud Healthcare API 初始转换选项如下：

RedactConfig：通过删除值来进行遮盖。
CharacterMaskConfig：通过将输入字符替换为所指定的固定字符，全部或部分遮盖字符串。
DateShiftConfig：按随机天数偏移日期，可使同一上下文保持一致。
CryptoHashConfig：使用 SHA-256 将输入值替换为使用给定数据加密密钥生成并以 base64 编码表示的哈希输出字符串。
ReplaceWithInfoTypeConfig：将输入值替换为其 infoType 的名称。

在 `TextConfig` 中指定配置

InfoType 和初始转换在 InfoTypeTransformation（它是 TextConfig 内的对象）中指定。InfoType 以逗号分隔值的形式输入 infoTypes 数组中。

指定 infoType 是可选操作。如果您不指定任何 infoType，则转换将应用于 Cloud Healthcare API 中找到的默认 DICOM infoType。

如果您在 InfoTypeTransformation 中指定任何 infoType，则必须至少指定一个初始转换。

您只能将 InfoTypeTransformation 应用于 DEIDENTIFY_TAG_CONTENTS 配置文件。InfoTypeTransformation 无法应用于 TagFilterProfile 中列出的其他配置文件。

以下部分介绍了如何使用 InfoTypeTransformation 中提供的初始转换以及 infoType 来自定义 DICOM 标记的去标识化方式。这些示例使用示例概览中提供的示例图片以及去标识化 DICOM 标记中提供的示例元数据。

默认配置

默认情况下，如果设置 DEIDENTIFY_TAG_CONTENTS 配置文件时未在 TextConfig 对象中提供任何配置，则 Cloud Healthcare API 将使用默认 DICOM infoType 替换敏感数据。但 DATE 和 PERSON_NAME infoType 的行为不同，如下所示：

DateShiftConfig 应用于分类为 DATE infoType 的文本。DateShiftConfig 使用的是日期偏移技术，其差值为 100 天。
CryptoHashConfig 应用于分类为 PERSON_NAME infoType 的文本。CryptoHashConfig 通过使用加密哈希技术生成代理值来执行标记化。

以下行为同样适用：

值大于或等于 90 的任何患者年龄都将转换为 90。
如果因 DICOM 格式限制而无法应用转换，则系统会提供与标记的值表示法 (VR) 相对应的占位符值。
与 Cloud Healthcare API 中某个默认 DICOM infoType 对应的任何其他值都将替换为其 infoType。例如，如果 PatientComments 标记包含字符串“Ann Johnson went to Anytown Hospital”，那么“Anytown”将被替换为 LOCATION infoType。

以下示例展示了对包含 DICOM 存储区和 DICOM 数据的数据集使用 DEIDENTIFY_TAG_CONTENTS 默认配置文件的输出。您可以将此默认输出与搭配使用各种初始转换与 infoType 组合时生成的输出进行比较。这些示例使用单个 DICOM 实例，但您可以对多个实例进行去标识化处理。

使用 DEIDENTIFY_TAG_CONTENTS 配置文件将图片提交到 Cloud Healthcare API 后，图片显示如下。观察以下更改：

已使用 CryptoHashConfig 转换了图片左上角和右上角的名称
已使用 DateShiftConfig 转换了图片左上角和右上角的日期

dicom_infotype_default

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：
- PROJECT_ID：您的 Google Cloud 项目的 ID
- LOCATION：数据集位置
- SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
- DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
请求 JSON 正文：
```
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    }
  }
}
```
如需发送请求，请选择以下方式之一：
curl

注意：以下命令假定您已使用您的用户账号通过运行 gcloud init 或 gcloud auth login 登录 gcloud CLI，或者使用了 Cloud Shell，这会使您自动登录 gcloud CLI。您可以运行 gcloud auth list 来检查当前活跃的账号。

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：
```
cat > request.json << 'EOF'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    }
  }
}
EOF
```
然后，执行以下命令以发送 REST 请求：
curl -X POST \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json; charset=utf-8" \
-d @request.json \
"https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
PowerShell

注意：以下命令假定您已使用您的用户账号通过运行 gcloud init 或 gcloud auth login 登录 gcloud CLI，或者使用了 Cloud Shell，这会使您自动登录 gcloud CLI。您可以运行 gcloud auth list 来检查当前活跃的账号。

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：
```
@'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    }
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8
```
然后，执行以下命令以发送 REST 请求：
$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
-Method POST `
-Headers $headers `
-ContentType: "application/json; charset=utf-8" `
-InFile request.json `
-Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
输出如下所示。响应中包含长时间运行的操作的标识符。如果方法调用可能需要大量时间才能完成，系统就会返回长时间运行的操作。请注意 OPERATION_ID 的值。下一步中需要用到此值。
响应
```
{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"
}
```

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
SOURCE_DATASET_LOCATION：源数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

您应该收到类似以下内容的 JSON 响应：

响应

[
  {
    "00080005":{"vr":"CS"},
    "00080016":{"vr":"UI"},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080090":{"vr":"PN"},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200013":{"vr":"IS"},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]}
  }
]

使用新值检索实例的元数据。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出包含新的元数据。您可以将新元数据与原始元数据进行比较，以了解转换的效果。

响应

[
  {
    "00020002":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00020003":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00020010":{"vr":"UI","Value":["1.2.840.10008.1.2.4.50"]},
    "00020012":{"vr":"UI","Value":["1.2.40.0.13.1.3"]},
    "00020013":{"vr":"SH","Value":["dcm4che-null"]},
    "00080005":{"vr":"CS","Value":["ISO_IR 100"]},
    "00080016":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA","Value":["20111006"]},
    "00080030":{"vr":"TM","Value":["110032"]},
    "00080050":{"vr":"SH"},
    "00080064":{"vr":"CS","Value":["WSD"]},
    "00080070":{"vr":"LO","Value":["Manufacturer"]},
    "00080090":{"vr":"PN","Value":[{"Alphabetic":"pzv2lYqFu6wap3PXXi0y3c6VcjAsWQY/TcW0AjanOY4"}]},
    "00081090":{"vr":"LO","Value":["ABC1"]},
    "00100010":{"vr":"PN","Value":[{"Alphabetic":"uGSY8u8934To+NRbmD6HtthMxgQ91rCK6UqIYeO0UkA"}]},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA","Value":["19880908"]},
    "00100040":{"vr":"CS","Value":["F"]},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200011":{"vr":"IS"},
    "00200013":{"vr":"IS"},
    "00200020":{"vr":"CS"},
    "00280002":{"vr":"US","Value":[3]},
    "00280004":{"vr":"CS","Value":["YBR_FULL_422"]},
    "00280006":{"vr":"US","Value":[0]},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]},
    "00280101":{"vr":"US","Value":[8]},
    "00280102":{"vr":"US","Value":[7]},
    "00280103":{"vr":"US","Value":[0]},
    "00282110":{"vr":"CS","Value":["01"]},
    "00282114":{"vr":"CS","Value":["ISO_10918_1"]}
  }
]

`RedactConfig`

如果指定 redactConfig，将会彻底移除给定的值来达到遮盖该值的目的。redactConfig 消息不带参数，指定它就会启用转换。

以下示例对默认配置进行了扩展，但目前包含设置 PERSON_NAME infoType 和 redactConfig 转换。发送此请求会遮盖 DICOM 实例中的所有名称。

使用 redactConfig 转换将图片提交到 Cloud Healthcare API 后，图片显示如下：

dicom_redactconfig

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID

请求 JSON 正文：

{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [
            "PERSON_NAME"
          ],
          "redactConfig": {}
        }
      ]
    }
  }
}

如需发送请求，请选择以下方式之一：

curl

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

cat > request.json << 'EOF'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [
            "PERSON_NAME"
          ],
          "redactConfig": {}
        }
      ]
    }
  }
}
EOF

然后，执行以下命令以发送 REST 请求：

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    -d @request.json \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"

PowerShell

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

@'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [
            "PERSON_NAME"
          ],
          "redactConfig": {}
        }
      ]
    }
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8

然后，执行以下命令以发送 REST 请求：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content

响应

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"
}

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
SOURCE_DATASET_LOCATION：源数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

您应该收到类似以下内容的 JSON 响应：

响应

[
  {
    "00080005":{"vr":"CS"},
    "00080016":{"vr":"UI"},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080090":{"vr":"PN"},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200013":{"vr":"IS"},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]}
  }
]

使用新值检索实例的元数据。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出包含新的元数据。您可以将新元数据与原始元数据进行比较，以了解转换的效果。

响应

[
  {
    "00020002":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00020003":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00020010":{"vr":"UI","Value":["1.2.840.10008.1.2.4.50"]},
    "00020012":{"vr":"UI","Value":["1.2.40.0.13.1.3"]},
    "00020013":{"vr":"SH","Value":["dcm4che-null"]},
    "00080005":{"vr":"CS","Value":["ISO_IR 100"]},
    "00080016":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA","Value":["20110909"]},
    "00080030":{"vr":"TM","Value":["110032"]},
    "00080050":{"vr":"SH"},
    "00080064":{"vr":"CS","Value":["WSD"]},
    "00080070":{"vr":"LO","Value":["Manufacturer"]},
    "00080090":{"vr":"PN"},
    "00081090":{"vr":"LO","Value":["ABC1"]},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA","Value":["19880812"]},
    "00100040":{"vr":"CS","Value":["F"]},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200011":{"vr":"IS"},
    "00200013":{"vr":"IS"},
    "00200020":{"vr":"CS"},
    "00280002":{"vr":"US","Value":[3]},
    "00280004":{"vr":"CS","Value":["YBR_FULL_422"]},
    "00280006":{"vr":"US","Value":[0]},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]},
    "00280101":{"vr":"US","Value":[8]},
    "00280102":{"vr":"US","Value":[7]},
    "00280103":{"vr":"US","Value":[0]},
    "00282110":{"vr":"CS","Value":["01"]},
    "00282114":{"vr":"CS","Value":["ISO_10918_1"]}
  }
]

输出结果显示 ReferringPhysicianName (00080090) 和 PatientName (00100010) 中的值已被移除。这与默认配置中的示例不同，在默认配置中，这些值使用加密哈希技术进行转换。

`CharacterMaskConfig`

如果指定 characterMaskConfig，则会将与给定 infoType 对应的字符串替换为指定的固定字符。例如，您可以将患者姓名替换为一系列星号 (*)，而不是遮盖患者姓名或使用加密哈希技术进行转换。您可以指定固定字符作为 maskingCharacter 字段的值。

以下示例对默认配置进行了扩展，但目前包含设置 LAST_NAME infoType 和 characterMaskConfig 转换。未提供固定字符，因此默认使用星号进行遮盖。

这些示例使用单个 DICOM 实例，但您可以对多个实例进行去标识化处理。

使用 characterMaskConfig 转换将图片提交到 Cloud Healthcare API 后，图片显示如下：

dicom_charactermaskconfig

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID

请求 JSON 正文：

{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [
            "PERSON_NAME"
          ],
          "characterMaskConfig": {
            "maskingCharacter": ""
          }
        }
      ]
    }
  }
}

如需发送请求，请选择以下方式之一：

curl

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

cat > request.json << 'EOF'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [
            "PERSON_NAME"
          ],
          "characterMaskConfig": {
            "maskingCharacter": ""
          }
        }
      ]
    }
  }
}
EOF

然后，执行以下命令以发送 REST 请求：

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    -d @request.json \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"

PowerShell

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

@'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [
            "PERSON_NAME"
          ],
          "characterMaskConfig": {
            "maskingCharacter": ""
          }
        }
      ]
    }
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8

然后，执行以下命令以发送 REST 请求：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content

响应

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"
}

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
SOURCE_DATASET_LOCATION：源数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

您应该收到类似以下内容的 JSON 响应：

响应

[
  {
    "00080005":{"vr":"CS"},
    "00080016":{"vr":"UI"},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080090":{"vr":"PN"},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200013":{"vr":"IS"},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]}
  }
]

使用新值检索实例的元数据。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出包含新的元数据。您可以将新元数据与原始元数据进行比较，以了解转换的效果。

响应

[
  {
    "00020002":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00020003":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00020010":{"vr":"UI","Value":["1.2.840.10008.1.2.4.50"]},
    "00020012":{"vr":"UI","Value":["1.2.40.0.13.1.3"]},
    "00020013":{"vr":"SH","Value":["dcm4che-null"]},
    "00080005":{"vr":"CS","Value":["ISO_IR 100"]},
    "00080016":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA","Value":["20110909"]},
    "00080030":{"vr":"TM","Value":["110032"]},
    "00080050":{"vr":"SH"},
    "00080064":{"vr":"CS","Value":["WSD"]},
    "00080070":{"vr":"LO","Value":["Manufacturer"]},
    "00080090":{"vr":"PN","Value":[{"Alphabetic":"John ***"}]},
    "00081090":{"vr":"LO","Value":["ABC1"]},
    "00100010":{"vr":"PN","Value":[{"Alphabetic":"Ann *******"}]},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA","Value":["19880812"]},
    "00100040":{"vr":"CS","Value":["F"]},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200011":{"vr":"IS"},
    "00200013":{"vr":"IS"},
    "00200020":{"vr":"CS"},
    "00280002":{"vr":"US","Value":[3]},
    "00280004":{"vr":"CS","Value":["YBR_FULL_422"]},
    "00280006":{"vr":"US","Value":[0]},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]},
    "00280101":{"vr":"US","Value":[8]},
    "00280102":{"vr":"US","Value":[7]},
    "00280103":{"vr":"US","Value":[0]},
    "00282110":{"vr":"CS","Value":["01"]},
    "00282114":{"vr":"CS","Value":["ISO_10918_1"]}
  }
]

输出结果显示 ReferringPhysicianName (00080090) 和 PatientName (00100010) 中的姓氏已替换为星号。这与默认配置中的示例不同，在默认配置中，这些值使用加密哈希技术进行转换。

`DateShiftConfig`

Cloud Healthcare API 可以通过在预设范围内偏移日期来转换日期。要使日期转换在多个去标识化运行中保持一致，请将 DateShiftConfig 与以下任一项结合使用：

（已弃用）：原始 AES 128/192/256 位 base 64 编码密钥。
（推荐）：Cloud Key Management Service (Cloud KMS) 封装的密钥。如需查看有关如何使用 Cloud KMS 封装密钥的示例，请参阅对敏感文本进行去标识化和重新标识。

您必须向 Cloud Healthcare 服务代理服务账号授予具有 cloudkms.cryptoKeyVersions.useToDecrypt 权限的角色，才能解密 Cloud KMS 封装的密钥。我们建议您使用 Cloud KMS CryptoKey Decrypter 角色 (roles/cloudkms.cryptoKeyDecrypter)。使用 Cloud KMS 进行加密操作时，需支付费用。请参阅 Cloud Key Management Service 价格了解详情。

Cloud Healthcare API 使用此密钥来计算日期（如患者的出生日期）在 100 天差值范围内的偏移量。

如果您不提供密钥，则每次对日期值运行去标识化操作时，Cloud Healthcare API 都会生成自己的密钥。这可能会导致两次执行操作之间的日期输出不一致。

以下示例展示了如何在 DICOM 实例上设置 DATE 和 DATE_OF_BIRTH infoType 以及 DateShiftConfig 转换。将去标识化请求发送到 Cloud Healthcare API 后，实例中的日期值将在其原始值的正负 100 天内移动。

提供的加密密钥 U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU= 是使用以下命令生成的原始 AES 加密 256 位 base64 编码密钥。出现提示时，请为该命令提供空密码：

echo -n "test" | openssl enc -e -aes-256-ofb -a -salt

使用 dateShiftConfig 转换将图片提交到 Cloud Healthcare API 后，图片显示如下：

dicom_dateshiftconfig

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID

请求 JSON 正文：

{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [
            "DATE",
            "DATE_OF_BIRTH"
          ],
          "dateShiftConfig": {
            "cryptoKey": "U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU="
          }
        }
      ]
    }
  }
}

如需发送请求，请选择以下方式之一：

curl

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

cat > request.json << 'EOF'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [
            "DATE",
            "DATE_OF_BIRTH"
          ],
          "dateShiftConfig": {
            "cryptoKey": "U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU="
          }
        }
      ]
    }
  }
}
EOF

然后，执行以下命令以发送 REST 请求：

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    -d @request.json \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"

PowerShell

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

@'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [
            "DATE",
            "DATE_OF_BIRTH"
          ],
          "dateShiftConfig": {
            "cryptoKey": "U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU="
          }
        }
      ]
    }
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8

然后，执行以下命令以发送 REST 请求：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content

响应

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"
}

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
SOURCE_DATASET_LOCATION：源数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

您应该收到类似以下内容的 JSON 响应：

响应

[
  {
    "00080005":{"vr":"CS"},
    "00080016":{"vr":"UI"},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080090":{"vr":"PN"},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200013":{"vr":"IS"},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]}
  }
]

使用新值检索实例的元数据。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出包含新的元数据。您可以将新元数据与原始元数据进行比较，以了解转换的效果。

响应

[
  {
    "00020002":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00020003":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00020010":{"vr":"UI","Value":["1.2.840.10008.1.2.4.50"]},
    "00020012":{"vr":"UI","Value":["1.2.40.0.13.1.3"]},
    "00020013":{"vr":"SH","Value":["dcm4che-null"]},
    "00080005":{"vr":"CS","Value":["ISO_IR 100"]},
    "00080016":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA","Value":["20110909"]},
    "00080030":{"vr":"TM","Value":["110032"]},
    "00080050":{"vr":"SH"},
    "00080064":{"vr":"CS","Value":["WSD"]},
    "00080070":{"vr":"LO","Value":["Manufacturer"]},
    "00080090":{"vr":"PN","Value":[{"Alphabetic":"John ***"}]},
    "00081090":{"vr":"LO","Value":["ABC1"]},
    "00100010":{"vr":"PN","Value":[{"Alphabetic":"Ann *******"}]},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA","Value":["19880812"]},
    "00100040":{"vr":"CS","Value":["F"]},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200011":{"vr":"IS"},
    "00200013":{"vr":"IS"},
    "00200020":{"vr":"CS"},
    "00280002":{"vr":"US","Value":[3]},
    "00280004":{"vr":"CS","Value":["YBR_FULL_422"]},
    "00280006":{"vr":"US","Value":[0]},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]},
    "00280101":{"vr":"US","Value":[8]},
    "00280102":{"vr":"US","Value":[7]},
    "00280103":{"vr":"US","Value":[0]},
    "00282110":{"vr":"CS","Value":["01"]},
    "00282114":{"vr":"CS","Value":["ISO_10918_1"]}
  }
]

输出结果显示 StudyDate (00080020) 和 PatientBirthDate (00100030) 具有新值。将 100 天的差值与提供的 cryptoKey 值相结合，便会发生这些转换。只要提供相同的 cryptoKey，新的日期值在此实例的两次去标识化运行之间将保持一致。

`CryptoHashConfig`

您可以将 cryptoHashConfig 留空，也可以为其提供以下内容之一：

（已弃用）：原始 AES 128/192/256 位 base 64 编码密钥。
（推荐）：Cloud Key Management Service (Cloud KMS) 封装的密钥。如需查看有关如何使用 Cloud KMS 封装密钥的示例，请参阅对敏感文本进行去标识化和重新标识。

Cloud Healthcare API 可以通过将值替换为加密哈希值（也称为代理值）来转换数据。为此，请指定一条 cryptoHashConfig 消息。

如果您不提供密钥，则 Cloud Healthcare API 将生成一个密钥。Cloud Healthcare API 使用此密钥生成代理值。如果针对每次运行提供的密钥都不相同，则 Cloud Healthcare API 会生成一致的代理值。如果您不提供密钥，则在每次运行操作时，Cloud Healthcare API 都会生成一个新密钥。使用不同的密钥会生成不同的代理值。

以下示例展示了如何将 cryptoHashConfig 转换应用于 Cloud Healthcare API 中受支持的所有默认 DICOM infoType。发送去标识化请求后，系统会将 Cloud Healthcare API 中具有相应 DICOM infoType 的值替换为代理值。

该示例还展示了如何提供加密密钥，以便在两次去标识化运行之间生成一致的代理值。

提供的加密密钥 U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU= 是使用以下命令生成的原始 AES 加密 256 位 base64 编码密钥。出现提示时，请为该命令提供空密码：

echo -n "test" | openssl enc -e -aes-256-ofb -a -salt

使用 cryptoHashConfig 转换将图片提交到 Cloud Healthcare API 后，图片显示如下：

dicom_cryptohashconfig

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID

请求 JSON 正文：

{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [],
          "cryptoHashConfig": {
            "cryptoKey": "U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU="
          }
        }
      ]
    }
  }
}

如需发送请求，请选择以下方式之一：

curl

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

cat > request.json << 'EOF'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [],
          "cryptoHashConfig": {
            "cryptoKey": "U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU="
          }
        }
      ]
    }
  }
}
EOF

然后，执行以下命令以发送 REST 请求：

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    -d @request.json \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"

PowerShell

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

@'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [],
          "cryptoHashConfig": {
            "cryptoKey": "U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU="
          }
        }
      ]
    }
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8

然后，执行以下命令以发送 REST 请求：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content

响应

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"
}

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
SOURCE_DATASET_LOCATION：源数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

您应该收到类似以下内容的 JSON 响应：

响应

[
  {
    "00080005":{"vr":"CS"},
    "00080016":{"vr":"UI"},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080090":{"vr":"PN"},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200013":{"vr":"IS"},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]}
  }
]

使用新值检索实例的元数据。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出包含新的元数据。您可以将新元数据与原始元数据进行比较，以了解转换的效果。

响应

[
  {
    "00020002":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00020003":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00020010":{"vr":"UI","Value":["1.2.840.10008.1.2.4.50"]},
    "00020012":{"vr":"UI","Value":["1.2.40.0.13.1.3"]},
    "00020013":{"vr":"SH","Value":["dcm4che-null"]},
    "00080005":{"vr":"CS","Value":["ISO_IR 100"]},
    "00080016":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA","Value":["19000101"]},
    "00080030":{"vr":"TM","Value":["110032"]},
    "00080050":{"vr":"SH"},
    "00080064":{"vr":"CS","Value":["WSD"]},
    "00080070":{"vr":"LO","Value":["Manufacturer"]},
    "00080090":{"vr":"PN","Value":[{"Alphabetic":"TgUF3V/7IfiYXOvA63tpPnsFrc+j1YBenF/9E4+B1CE"}]},
    "00081090":{"vr":"LO","Value":["ABC1"]},
    "00100010":{"vr":"PN","Value":[{"Alphabetic":"YTQB+AfSXJUQsIip8odrSfntGe4yWgGyFjq/lI/e+Jk"}]},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA","Value":["19000101"]},
    "00100040":{"vr":"CS","Value":["F"]},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200011":{"vr":"IS"},
    "00200013":{"vr":"IS"},
    "00200020":{"vr":"CS"},
    "00280002":{"vr":"US","Value":[3]},
    "00280004":{"vr":"CS","Value":["YBR_FULL_422"]},
    "00280006":{"vr":"US","Value":[0]},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]},
    "00280101":{"vr":"US","Value":[8]},
    "00280102":{"vr":"US","Value":[7]},
    "00280103":{"vr":"US","Value":[0]},
    "00282110":{"vr":"CS","Value":["01"]},
    "00282114":{"vr":"CS","Value":["ISO_10918_1"]}
  }
]

只要提供相同的 cryptoKey，输出中的转换在此实例的两次去标识化运行之间将保持一致。

`ReplaceWithInfoTypeConfig`

如果指定 replaceWithInfoTypeConfig，系统会将输入值替换为值的 infoType 的名称。

以下示例展示了如何将 replaceWithInfoTypeConfig 转换应用于 Cloud Healthcare API 中受支持的所有默认 DICOM infoType。replaceWithInfoTypeConfig 消息不带参数，指定它就会启用转换。

使用 replaceWithInfoTypeConfig 转换将图片提交到 Cloud Healthcare API 后，图片显示如下：

dicom_replacewithinfotypeconfig

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID

请求 JSON 正文：

{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [],
          "replaceWithInfoTypeConfig": {}
        }
      ]
    }
  }
}

如需发送请求，请选择以下方式之一：

curl

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

cat > request.json << 'EOF'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [],
          "replaceWithInfoTypeConfig": {}
        }
      ]
    }
  }
}
EOF

然后，执行以下命令以发送 REST 请求：

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    -d @request.json \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"

PowerShell

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

@'
{
  "destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "text": {
      "transformations": [
        {
          "infoTypes": [],
          "replaceWithInfoTypeConfig": {}
        }
      ]
    }
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8

然后，执行以下命令以发送 REST 请求：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content

响应

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"
}

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
SOURCE_DATASET_LOCATION：源数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/instances" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

您应该收到类似以下内容的 JSON 响应：

响应

[
  {
    "00080005":{"vr":"CS"},
    "00080016":{"vr":"UI"},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA"},
    "00080030":{"vr":"TM"},
    "00080050":{"vr":"SH"},
    "00080090":{"vr":"PN"},
    "00100010":{"vr":"PN"},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA"},
    "00100040":{"vr":"CS"},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200013":{"vr":"IS"},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]}
  }
]

使用新值检索实例的元数据。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID。这与源数据集中 DICOM 存储区的 ID 相同。

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID/dicomWeb/studies/1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763/series/1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710/instances/1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029/metadata" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出包含新的元数据。您可以将新元数据与原始元数据进行比较，以了解转换的效果。

响应

[
  {
    "00020002":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00020003":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00020010":{"vr":"UI","Value":["1.2.840.10008.1.2.4.50"]},
    "00020012":{"vr":"UI","Value":["1.2.40.0.13.1.3"]},
    "00020013":{"vr":"SH","Value":["dcm4che-null"]},
    "00080005":{"vr":"CS","Value":["ISO_IR 100"]},
    "00080016":{"vr":"UI","Value":["1.2.840.10008.5.1.4.1.1.7"]},
    "00080018":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.97415866390999888717168863957686758029"]},
    "00080020":{"vr":"DA","Value":["19000101"]},
    "00080030":{"vr":"TM","Value":["110032"]},
    "00080050":{"vr":"SH"},
    "00080064":{"vr":"CS","Value":["WSD"]},
    "00080070":{"vr":"LO","Value":["Manufacturer"]},
    "00080090":{"vr":"PN","Value":[{"Alphabetic":"[PERSON_NAME]"}]},
    "00081090":{"vr":"LO","Value":["ABC1"]},
    "00100010":{"vr":"PN","Value":[{"Alphabetic":"[PERSON_NAME]"}]},
    "00100020":{"vr":"LO","Value":["S1214223-1"]},
    "00100030":{"vr":"DA","Value":["19000101"]},
    "00100040":{"vr":"CS","Value":["F"]},
    "0020000D":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.201854290391432893460946240745559593763"]},
    "0020000E":{"vr":"UI","Value":["1.3.6.1.4.1.11129.5.1.303327499491957026103380014864616068710"]},
    "00200010":{"vr":"SH"},
    "00200011":{"vr":"IS"},
    "00200013":{"vr":"IS"},
    "00200020":{"vr":"CS"},
    "00280002":{"vr":"US","Value":[3]},
    "00280004":{"vr":"CS","Value":["YBR_FULL_422"]},
    "00280006":{"vr":"US","Value":[0]},
    "00280010":{"vr":"US","Value":[1024]},
    "00280011":{"vr":"US","Value":[1024]},
    "00280100":{"vr":"US","Value":[8]},
    "00280101":{"vr":"US","Value":[8]},
    "00280102":{"vr":"US","Value":[7]},
    "00280103":{"vr":"US","Value":[0]},
    "00282110":{"vr":"CS","Value":["01"]},
    "00282114":{"vr":"CS","Value":["ISO_10918_1"]}
  }
]

在 DICOM 存储区级层对数据进行去标识化

前面的示例展示了如何在数据集级层对 DICOM 数据进行去标识化。本部分介绍如何在 DICOM 存储区级别对数据进行去标识化处理。

如需将数据集去标识化请求更改为 DICOM 存储区去标识化请求，请进行以下更改：

将请求正文中的 destinationDataset 修改为 destinationStore
在指定目标位置时，在 destinationStore 中的值末尾添加 dicomStores/DESTINATION_DICOM_STORE_ID
在指定源数据所在的位置时添加 dicomStores/SOURCE_DICOM_STORE_ID

例如：

数据集级层去标识化：

"destinationDataset": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID"
...
"https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"

DICOM 存储区级层去标识化：

"destinationStore": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID"
...
"https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/dicomStores/SOURCE_DICOM_STORE_ID:deidentify"

以下示例对结合使用标记去标识化和内置文本隐去进行了扩展，但去标识化发生在单个 DICOM 存储区中，去标识化的数据会复制到新的 DICOM 存储区。在运行示例之前，DESTINATION_DICOM_STORE_ID 引用的 DICOM 存储区必须已存在。

控制台

如需使用 Google Cloud 控制台对 DICOM 存储区中的数据进行去标识化处理，请完成以下步骤。

在 Google Cloud 控制台中，进入“数据集”页面。

进入“数据集”
点击要去标识化的数据所在的数据集。
在 DICOM 存储区列表中，从要去标识化的 DICOM 存储区的操作列表中选择去标识化。

系统随即会显示去标识化 DICOM 存储区页面。
选择设置目标数据存储区，然后选择要保存去标识化数据的数据集和 DICOM 存储区。
选择 DICOM 标记去标识化以配置数据的去标识化方式。数据可按以下方式进行去标识化：
- KEEP_ALL_PROFILE：保留所有 DICOM 元标记
- DEIDENTIFY_TAG_CONTENTS：对元标记中的数据进行去标识化处理
- ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE：根据 DICOM 标准中的基本配置文件移除元标记
- MINIMAL_KEEP_LIST_PROFILE：仅保留有效 DICOM 对象所需的元标记
- 跳过 ID 隐去：根据 DICOM 标准重新生成 UID 字段
选择 DICOM 烧屏文字遮盖以配置去标识化期间图片遮盖的执行方式。您可以按如下方式配置图片遮盖：
- REDACT_NO_TEXT：不隐去图片中的文本
- REDACT_SENSITIVE_TEXT：仅隐去图片中的敏感文本
- REDACT_ALL_TEXT：隐去图片中的所有文本
点击去标识化，对 DICOM 存储区中的数据进行去标识化。

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
SOURCE_DICOM_STORE_ID：包含要去标识化的数据的 DICOM 存储区的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID

请求 JSON 正文：

{
  "destinationStore": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "image": {
      "textRedactionMode": "REDACT_ALL_TEXT"
    }
  }
}

如需发送请求，请选择以下方式之一：

curl

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

cat > request.json << 'EOF'
{
  "destinationStore": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "image": {
      "textRedactionMode": "REDACT_ALL_TEXT"
    }
  }
}
EOF

然后，执行以下命令以发送 REST 请求：

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    -d @request.json \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/dicomStores/SOURCE_DICOM_STORE_ID:deidentify"

PowerShell

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

@'
{
  "destinationStore": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "image": {
      "textRedactionMode": "REDACT_ALL_TEXT"
    }
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8

然后，执行以下命令以发送 REST 请求：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/dicomStores/SOURCE_DICOM_STORE_ID:deidentify" | Select-Object -Expand Content

响应

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"
}

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

对 DICOM 存储区的一部分进行去标识化

通过指定过滤条件，您可以对 DICOM 存储区中的部分数据进行去标识化。

过滤条件采用过滤条件文件的形式，您可以指定它作为 DicomFilterConfig 对象中 resourcePathsGcsUri 字段的值。Cloud Storage 存储桶中必须已存在过滤条件文件；您不能指定本地计算机或任何其他来源上存在的过滤条件文件。文件的位置必须采用 gs://BUCKET/PATH/TO/FILE 格式。

创建过滤条件文件

过滤条件文件定义要将哪些 DICOM 文件进行去标识化。您可以在以下级别过滤文件：

在研究级别
在系列级别
在实例级别

在过滤条件文件中，您要进行去标识化的每个研究、系列或实例分别对应一行内容。每行都使用 /studies/STUDY_UID[/series/SERIES_UID[/instances/INSTANCE_UID]] 格式。每行末尾有一个换行符：\n 或 \r\n。

如果您在调用去标识化操作时传递的过滤条件文件中未指定研究、系列或实例，则该研究、系列或实例不会进行去标识化，并且不会出现在目标 DICOM 存储区中。

只需要提供路径的 /studies/STUDY_UID 部分。这意味着您可以通过指定 /studies/STUDY_UID 对研究进行去标识化，也可以通过指定 /studies/STUDY_UID/series/SERIES_UID 对系列进行去标识化。

请考虑以下过滤条件文件。过滤条件文件会导致一项研究、两个系列和三个单独的实例进行去标识化：

/studies/1.123.456.789
/studies/1.666.333.111/series/123.456\n
/studies/1.666.333.111/series/567.890\n
/studies/1.888.999.222/series/123.456/instances/111\n
/studies/1.888.999.222/series/123.456/instances/222\n
/studies/1.888.999.222/series/123.456/instances/333\n

使用 BigQuery 创建过滤条件文件

要创建过滤条件文件，您通常需要先将 DICOM 存储区中的元数据导出到 BigQuery。这样，您就可以使用 BigQuery 来查看 DICOM 存储区中 DICOM 数据的研究、系列和实例 UID。然后，您可以执行以下操作：

查询您感兴趣的研究、系列和实例 UID。例如，将元数据导出到 BigQuery 后，您可以运行以下查询，将研究、系列和实例 UID 串接为符合过滤条件文件要求的格式：
```
SELECT CONCAT
  ('/studies/', StudyInstanceUID, '/series/', SeriesInstanceUID, '/instances/', SOPInstanceUID)
FROM
  [PROJECT_ID:BIGQUERY_DATASET.BIGQUERY_TABLE]
```
如果查询返回大型结果集，您可以通过将查询结果保存到 BigQuery 中的目标表将新表具体化。
将查询结果保存到目标表后，您可以将目标表的内容保存到文件中，并将文件导出到 Cloud Storage。如需了解如何执行此操作，请参阅导出表数据。导出的文件就是您的过滤条件文件。在导出操作中指定过滤条件时，您将使用 Cloud Storage 中的过滤条件文件所在的位置。

手动创建过滤条件文件

您可以创建包含自定义内容的过滤条件文件，然后将其上传到 Cloud Storage 存储桶。在去标识化操作中指定过滤条件时，您将使用 Cloud Storage 中的过滤条件文件所在的位置。以下示例展示了如何使用 gsutil cp 命令将过滤条件文件上传到 Cloud Storage 存储桶：

gsutil cp PATH/TO/FILTER_FILE gs://BUCKET/DIRECTORY

例如：

gsutil cp /home/user/Desktop/filters.txt gs://my-bucket/my-directory

使用过滤条件

配置过滤条件文件后，您可以将其作为值传递到 filterConfig 对象中的 resourcePathsGcsUri 字段。

以下示例对在 DICOM 存储区级层对数据进行去标识化进行了扩展，但提供了 Cloud Storage 中的过滤条件文件，用来确定哪些 DICOM 资源要进行去标识化。

REST

对数据集进行去标识化处理。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
LOCATION：数据集位置
SOURCE_DATASET_ID：包含要去标识化的数据的数据集的 ID
DESTINATION_DATASET_ID：写入去标识化数据的目标数据集的 ID
SOURCE_DICOM_STORE_ID：包含要去标识化的数据的 DICOM 存储区的 ID
DESTINATION_DICOM_STORE_ID：目标数据集中 DICOM 存储区的 ID
BUCKET/PATH/TO/FILE：过滤条件文件在 Cloud Storage 存储桶中的位置

请求 JSON 正文：

{
  "destinationStore": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "image": {
      "textRedactionMode": "REDACT_ALL_TEXT"
    }
  },
  "filterConfig": {
    "resourcePathGcsUri": "gs://BUCKET/PATH/TO/FILE"
  }
}

如需发送请求，请选择以下方式之一：

curl

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

cat > request.json << 'EOF'
{
  "destinationStore": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "image": {
      "textRedactionMode": "REDACT_ALL_TEXT"
    }
  },
  "filterConfig": {
    "resourcePathGcsUri": "gs://BUCKET/PATH/TO/FILE"
  }
}
EOF

然后，执行以下命令以发送 REST 请求：

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    -d @request.json \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/dicomStores/SOURCE_DICOM_STORE_ID:deidentify"

PowerShell

将请求正文保存在名为 request.json 的文件中。在终端中运行以下命令，在当前目录中创建或覆盖此文件：

@'
{
  "destinationStore": "projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/dicomStores/DESTINATION_DICOM_STORE_ID",
  "config": {
    "dicom": {
      "filterProfile": "DEIDENTIFY_TAG_CONTENTS"
    },
    "image": {
      "textRedactionMode": "REDACT_ALL_TEXT"
    }
  },
  "filterConfig": {
    "resourcePathGcsUri": "gs://BUCKET/PATH/TO/FILE"
  }
}
'@  | Out-File -FilePath request.json -Encoding utf8

然后，执行以下命令以发送 REST 请求：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/dicomStores/SOURCE_DICOM_STORE_ID:deidentify" | Select-Object -Expand Content

响应

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"
}

使用 projects.locations.datasets.operations.get 方法可获取长时间运行的操作的状态。

在使用任何请求数据之前，请先进行以下替换：

PROJECT_ID：您的 Google Cloud 项目的 ID
DATASET_ID：数据集 ID
LOCATION：数据集位置
OPERATION_ID：从长时间运行的操作返回的 ID

如需发送请求，请选择以下方式之一：

curl

执行以下命令：

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"

PowerShell

执行以下命令：

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

API Explorer

打开方法参考页面。API Explorer 面板会在页面右侧打开。您可以与此工具进行交互以发送请求。填写所有必填字段，然后点击执行。

输出如下所示。如果响应包含 "done": true，则表示长时间运行的操作已完成。

响应

{
  "name": "projects/PROJECT_ID/locations/SOURCE_DATASET_LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyDicomStore",
    "createTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "endTime": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
    "logsUrl": "https://console.cloud.google.com/CLOUD_LOGGING_URL"
    "counter": {
      "success": "SUCCESS_COUNT",
      // If there were any failures, they display in the `failure` field.
      "failure": "FAILURE_COUNT"
    }
  },
  "done": true,
  // The `response` field only displays if there were no errors.
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary"
  },
  // If there were any errors, an `error` field displays instead of a `response` field.
  // See Troubleshooting long-running operations for a list of response codes.
  "error": {
    "code": ERROR_CODE,
    "message": "DESCRIPTION",
    "details": [
      {
        "@type": "...",
        FIELD1: ...,
        ...
      }
    ]
  }
}

排查 DICOM 去标识化操作问题

如果在执行 DICOM 去标识化操作期间发生错误，系统会将错误记录到 Cloud Logging。如需了解详情，请参阅在 Cloud Logging 中查看错误日志。

如果整个操作返回错误，请参阅排查长时间运行的操作问题。