本頁面說明如何使用 Cloud Healthcare API,在下列層級將 FHIR 資源中的私密資料去識別化:
- 在資料集層級使用
datasets.deidentify - 在 FHIR 儲存庫層級使用
fhirStores.deidentify
本頁面也會說明如何在 FHIR 存放區層級去識別化資料時套用篩選器。
去識別化總覽
資料集層級去識別化
如要在資料集層級將 FHIR 資料去識別化,請呼叫 datasets.deidentify 作業。去識別化 API 呼叫包含下列元件:
- 來源資料集:包含 FHIR 儲存庫的資料集,其中有一或多個資源含有私密資料。
- 目的地資料集:去識別化不會影響原始資料集或其資料。而是將原始資料的去識別化副本寫入新的資料集 (稱為「目的地資料集」)。
- 要將哪些內容去識別化:指定如何處理資料集的設定參數。如要設定這些參數,請在
DeidentifyConfig物件中指定FhirConfig和/或TextConfig,然後透過下列方式傳遞:- 設定要求主體的
config欄位 - 以 JSON 格式儲存在 Cloud Storage 中,並使用要求主體的
gcsConfigUri欄位,指定 bucket 中的檔案位置
- 設定要求主體的
本指南中的大多數範例,都說明如何將資料集層級的 FHIR 資料去識別化。
FHIR 儲存庫層級去識別化
在 FHIR 存放區層級將 FHIR 資料去識別化,可讓您進一步控管要將哪些 FHIR 資料去識別化。
如要對 FHIR 存放區中的 FHIR 資料去識別化,請呼叫 fhirStores.deidentify 方法。去識別化 API 呼叫作業包含下列元件:
- 來源 FHIR 儲存庫:包含一或多個具有私密資料的資源。
- 目的地 FHIR 儲存庫:去識別化不會影響原始 FHIR 儲存庫或其資料。而是將原始資料的去識別化副本寫入目的地 FHIR 儲存庫。目的地 FHIR 儲存庫必須已存在。
- 要進行去識別化的內容:指定如何處理 FHIR 儲存庫的設定參數。如要設定這些參數,請在
DeidentifyConfig物件中指定FhirConfig和/或TextConfig,然後透過下列方式傳遞:- 設定要求主體的
config欄位 - 以 JSON 格式儲存在 Cloud Storage 中,並使用要求主體的
gcsConfigUri欄位,指定 bucket 中的檔案位置
- 設定要求主體的
如要瞭解如何將 FHIR 儲存庫層級資料去識別化,請參閱「將 FHIR 儲存庫層級資料去識別化」一文。
篩選器
如要在 FHIR 儲存庫中去識別化部分資料,請在 fhirStores.deidentify 要求中指定 FHIR 資源 ID 清單。如需範例,請參閱「去識別化 FHIR 儲存庫的子集」。
本指南中使用的 FHIR 資源範例
本指南中的範例會使用 FHIR 儲存庫中的 Patient (DSTU2、STU3 和 R4) 資源。Patient 具有下列範例所示的屬性。id 值是由伺服器產生。如果您在自己的 FHIR 存放區中建立 Patient 資源,傳回的 id 值會與範例 Patient 中顯示的值不同。
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "CA",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1980-12-05",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"name": [
{
"family": "Smith",
"given": [
"Darcy"
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"status": "generated",
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>"
}
}
預設的 FHIR 資料去識別化
您可以使用「預設」方法,對 FHIR 資料去識別化,方法是將 FHIR 儲存庫中資源的常見受保護健康資訊 (PHI) 刪除。預設方法會遮蓋下列資訊:
- 預設 FHIR infoType 中指定的 infoType
- 預設 FHIR 去識別化設定檔中指定的路徑
下列範例說明如何使用 FHIR 預設方法,對 Patient 資源去識別化。使用預設方法時,請在 DeidentifyConfig 物件內使用空白的 FhirConfig。
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': {} } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
{
"address": [
{
"city": "",
"district": "",
"line": [
""
],
"period": {
"start": "1990-12-05"
},
"postalCode": "",
"state": "CA",
"text": "",
"type": "both",
"use": "home"
}
],
"birthDate": "1981-02-24",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMA"
},
"name": [
{
"family": "",
"given": [
""
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: [PERSON_NAME][PERSON_NAME][PERSON_NAME]</p><p><b>DateOfBirth</b>: 1981-02-24</p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': {} } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
{
"address": [
{
"city": "",
"district": "",
"line": [
""
],
"period": {
"start": "1990-12-05"
},
"postalCode": "",
"state": "CA",
"text": "",
"type": "both",
"use": "home"
}
],
"birthDate": "1981-02-24",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMA"
},
"name": [
{
"family": "",
"given": [
""
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: [PERSON_NAME][PERSON_NAME][PERSON_NAME]</p><p><b>DateOfBirth</b>: 1981-02-24</p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
您可以看到下列值已轉換為資源去識別化:
- 使用 日期橫移技術,並以 100 天的差異,在
birthDate欄位中提供新值。 address.city中的值已遭編輯。address.district中的值已遭編輯。address.line中的值已遭編輯。address.postalCode中的值已遭編輯。address.text中的值已遭編輯。name.family中的值已遭編輯。name.given中的值已遭編輯。text.div欄位中的任意文字已修改,將病患姓名替換為 infoType,[PERSON_NAME]。病患的出生日期值會以與birthDate欄位值相同的方式轉換。
將特定 FHIR 路徑去識別化
如要指定要進行去識別化的 FHIR 路徑,以及轉換方式,請在 FhirConfig 物件中設定 fieldMetadataList。
在 fieldMetadataList 中,您可以在 paths 清單中指定以半形句號分隔的欄位名稱或 FHIR 資源類型名稱清單。接著,指定要套用至 paths 中所有項目的 Action 值。如要查看可能的值,請參閱Action說明文件。
如要瞭解如何在 Cloud Healthcare API 中設定 paths 欄位,請參閱paths。
paths 中的值格式是以 FHIRPath 為準。
預設的 FHIR 去識別化設定檔
根據預設,如果您未在 fieldMetadataList 中指定任何 FHIR 路徑,Cloud Healthcare API 會套用下列去識別化設定檔,選取並轉換 FHIR 路徑。套用的設定檔取決於您使用的 FHIR 版本。您可以展開下列各節,查看所用版本的設定檔。您也可以下載設定檔 (DSTU2、STU3 和 R4)。
使用路徑去識別化資源
下列範例說明如何使用下列條件,設定 Patient 資源去識別化:
- 系統會自動對病患資源的
HumanName(DSTU2、STU3 和 R4) 值套用TRANSFORM(修訂) 標記。以範例患者為例,HumanName 值為"family": "Smith"和"given": [ "Darcy" ]。
fieldMetadataList 內的 paths 清單中沒有提供其他值,因此其餘資料維持不變。
下列範例說明如何取消識別 Patient 資源的 HumanName 值:
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': [ { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } ] } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "CA",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1980-12-05",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
},
"name": [
{
"family": "",
"given": [
""
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': [ { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } ] } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "CA",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1980-12-05",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
},
"name": [
{
"family": "",
"given": [
""
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
您可以看到下列值已轉換為資源去識別化:
name.family中的值已遭編輯。name.given中的值已遭編輯。
不過,與預設的 FHIR 去識別化範例不同,由於病患的 address、birthDate 和 text.div 中的任意文字未新增至 fieldMetadataList 的 paths 清單,因此未經過轉換。
搭配 FHIR 資源使用 infoType 和原始轉換
Cloud Healthcare API 可以使用資訊類型 (infoType) 定義對 FHIR 資源執行去識別化時掃描的資料。infoType 是一種機密資料,如病患姓名、電子郵件地址、電話號碼、身分證號碼或信用卡號碼。Cloud Healthcare API 去識別化作業使用的 infoType,包括 Cloud Data Loss Prevention 找到的 infoType。
原始轉換是轉換輸入值的規則。
預設 FHIR infoType
將 FHIR 資料去識別化時,系統會使用下列預設 infoType:
AGECREDIT_CARD_NUMBERDATEEMAIL_ADDRESSIP_ADDRESSLOCATIONMAC_ADDRESSPASSPORTPERSON_NAMEPHONE_NUMBERSWIFT_CODEUS_DRIVERS_LICENSE_NUMBERUS_SOCIAL_SECURITY_NUMBERUS_VEHICLE_IDENTIFICATION_NUMBERUS_INDIVIDUAL_TAXPAYER_IDENTIFICATION_NUMBER
原始轉換選項
Cloud Healthcare API 原始轉換選項包括:
RedactConfig:透過移除的方式刪減值。CharacterMaskConfig:將輸入字元替換為指定的固定字元,以完全或局部遮蔽字串。DateShiftConfig:按隨機天數轉移日期,並提供讓相同背景資訊保持一致的選項。CryptoHashConfig:使用 SHA-256 將輸入值替換為以 Base64 編碼的雜湊輸出字串,該字串是使用指定的資料加密金鑰產生。ReplaceWithInfoTypeConfig:將輸入值替換為其 infoType 名稱。
在「TextConfig」中指定設定
InfoType 和原始轉換是在 InfoTypeTransformation 中指定,這是 TextConfig 內的物件。在 infoTypes 陣列中,以半形逗號分隔值指定 infoType。
您可以選擇是否指定 infoType。如果未指定至少一個 infoType,系統會將轉換套用到資料中的所有內建 infoType。
如果您在 InfoTypeTransformation 中指定任何 infoType,請至少指定一個原始轉換。
以下各節說明如何搭配使用 InfoTypeTransformation 中提供的原始轉換和 infoType,自訂 FHIR 資源的去識別化方式。
RedactConfig
指定 redactConfig 會透過將值徹底移除的方式遮蓋指定值。redactConfig 訊息沒有引數;指定這個物件會啟用轉換。
下列範例說明如何遮蓋 Patient.text.div 欄位中病患資源的出生日期。如要完成這項工作,請使用 Patient.text.div 路徑和 redactConfig 轉換設定 DATE infoType。
將去識別化要求傳送至 Cloud Healthcare API 後,Patient.text.div 值中的生日就會遭到遮蓋。
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.text.div' ], 'action': 'INSPECT_AND_TRANSFORM' } }, 'text': { 'transformations': [ { 'infoTypes': [ 'DATE' ], 'redactConfig': {} } ] } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "CA",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1980-12-05",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
},
"name": [
{
"family": "Smith",
"given": [
"Darcy"
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: </p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.text.div' ], 'action': 'INSPECT_AND_TRANSFORM' } }, 'text': { 'transformations': [ { 'infoTypes': [ 'DATE' ], 'redactConfig': {} } ] } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "CA",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1980-12-05",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
},
"name": [
{
"family": "Smith",
"given": [
"Darcy"
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: </p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
輸出結果顯示 text.div 中的 DateOfBirth 值已移除。這與去識別化特定 FHIR 路徑中的範例不同,在該範例中,text.div 中的 DateOfBirth 值並未透過預設設定移除。
CharacterMaskConfig
指定 characterMaskConfig 會將與指定 infoType 對應的字串替換為指定的固定字元。舉例來說,您可以將病患姓名替換為一連串星號 (*),而非使用密碼編譯雜湊函式遮蓋或轉換姓名。請將固定字元指定為 maskingCharacter 欄位的值。
下列範例說明如何擴充「取消識別特定 FHIR 路徑」中使用的範例,但現在包含使用 characterMaskConfig 轉換設定 PERSON_NAME infoType。系統未提供固定字元,因此遮蓋預設會使用星號。將去識別化要求傳送至 Cloud Healthcare API 後,name.family 和 name.given 中的值會替換為星號。
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } }, 'text': { 'transformations': [ { 'infoTypes': [ 'PERSON_NAME' ], 'characterMaskConfig': { 'maskingCharacter': '' } } ] } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "CA",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1980-12-05",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
},
"name": [
{
"family": "*****",
"given": [
"*****"
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } }, 'text': { 'transformations': [ { 'infoTypes': [ 'PERSON_NAME' ], 'characterMaskConfig': { 'maskingCharacter': '' } } ] } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "CA",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1980-12-05",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
},
"name": [
{
"family": "*****",
"given": [
"*****"
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
輸出內容顯示 name.family 和 name.given 中的值已替換為星號。這與去識別特定 FHIR 路徑中的範例不同,後者會遮蓋 name.family 和 name.given 中的值。
DateShiftConfig
Cloud Healthcare API 可在預設範圍內移動日期,藉此轉換日期。如要確保在多個去識別化作業中,日期轉換作業保持一致,請搭配下列任一方法使用 DateShiftConfig:
- (已淘汰):以 Base64 編碼的原始 AES 128/192/256 位元金鑰。
- (建議):Cloud Key Management Service (Cloud KMS) 包裝的金鑰。如需如何使用 Cloud KMS 包裝金鑰的範例,請參閱「將機密文字去識別化及重新識別化」。
您必須將具有 cloudkms.cryptoKeyVersions.useToDecrypt 權限的角色授予 Cloud Healthcare Service Agent 服務帳戶,才能解密 Cloud KMS 包裝金鑰。建議使用 Cloud KMS CryptoKey 解密者角色 (roles/cloudkms.cryptoKeyDecrypter)。使用 Cloud KMS 進行加密作業時,系統會收取費用。詳情請參閱 Cloud Key Management Service 定價。
Cloud Healthcare API 會使用這個金鑰,計算日期 (例如病患的出生日期) 在 100 天差異內轉移的量。
如果您未提供索引鍵,Cloud Healthcare API 會在每次對日期值執行去識別化作業時,自行產生索引鍵。這可能會導致每次執行時的日期輸出不一致。
下列範例說明如何使用 DateShiftConfig Patient.birthDate 和 Patient.text.div 路徑上的轉換,設定 DATE infoType。將去識別化要求傳送至 Cloud Healthcare API 後,Patient.text.div 中的 birthDate 值和出生日期會變動,與原始出生日期相差最多 100 天,1980-12-05。
範例中提供的 cryptokey U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU= 是原始的 AES 加密 256 位元 Base64 編碼金鑰,使用下列指令產生。系統提示時,請為指令提供您選擇的密碼:
echo -n "test" | openssl enc -e -aes-256-ofb -a -salt
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.birthDate', 'Patient.text.div' ], 'action': 'INSPECT_AND_TRANSFORM' } }, 'text': { 'transformations': { 'infoTypes': [ 'DATE' ], 'dateShiftConfig': { 'cryptoKey': 'U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU=' } } } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1981-02-19",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
},
"name": [
{
"family": "Smith",
"given": [
"Darcy"
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1981-02-19</p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName', 'Patient.text.div' ], 'action': 'INSPECT_AND_TRANSFORM' } }, 'text': { 'transformations': { 'infoTypes': [ 'DATE' ], 'dateShiftConfig': { 'cryptoKey': 'U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU=' } } } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1981-02-19",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
},
"name": [
{
"family": "Smith",
"given": [
"Darcy"
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1981-02-19</p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
輸出內容顯示 birthDate 中的值和 Patient.text.div 中的出生日期已轉換為新值 1981-02-19。這項轉換是將 100 天的差異與病患 ID 和提供的 cryptoKey 值合併所致。只要提供相同的 cryptoKey,這個病患在去識別化作業中,birthDate 的新值和 Patient.text.div 中的出生日期就會保持一致。
CryptoHashConfig
Cloud Healthcare API 可以將值替換為加密雜湊 (也稱為替代值),藉此轉換資料。如要這麼做,請指定 cryptoHashConfig 訊息。
你可以將 cryptoHashConfig 留空,也可以提供下列任一項:
- (已淘汰):以 Base64 編碼的原始 AES 128/192/256 位元金鑰。
- (建議):Cloud Key Management Service (Cloud KMS) 包裝的金鑰。如需如何使用 Cloud KMS 包裝金鑰的範例,請參閱「將機密文字去識別化及重新識別化」。
您必須將具有 cloudkms.cryptoKeyVersions.useToDecrypt 權限的角色授予 Cloud Healthcare Service Agent 服務帳戶,才能解密 Cloud KMS 包裝金鑰。建議使用 Cloud KMS CryptoKey 解密者角色 (roles/cloudkms.cryptoKeyDecrypter)。使用 Cloud KMS 進行加密作業時,系統會收取費用。詳情請參閱 Cloud Key Management Service 定價。
提供一致的鍵可產生一致的替代值,以供去識別化作業使用。如果您未提供金鑰,Cloud Healthcare API 每次執行作業時都會產生新金鑰。使用不同金鑰會產生不同的替代值。
下列範例會擴充「取消識別特定 FHIR 路徑」一節中使用的範例,但現在會一併設定 PERSON_NAME infoType,並在 Patient.HumanName 路徑上進行 cryptoKey 轉換。將去識別化要求傳送至 Cloud Healthcare API 後,name.family 和 name.given 值會替換為代理值。
範例中提供的 cryptokey U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU= 是原始的 AES 加密 256 位元 Base64 編碼金鑰,使用下列指令產生。系統提示時,請為指令提供您選擇的密碼:
echo -n "test" | openssl enc -e -aes-256-ofb -a -salt
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName' ], 'action': 'INSPECT_AND_TRANSFORM' } }, 'text': { 'transformations': { 'infoTypes': [ 'PERSON_NAME' ], 'cryptoHashConfig': { 'cryptoKey': 'U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU=' } } } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "CA",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1980-12-05",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
},
"name": [
{
"family": "NlVBV12Hhb5DD8WNqlTpXboFxzlUSlqAmYDet/jIViQ=",
"given": [
"FSH4D/IGb80a1rS0L0kqfC3DCDt6//17VPhIkOzH2pk="
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } }, 'text': { 'transformations': { 'infoTypes': [ 'PERSON_NAME' ], 'cryptoHashConfig': { 'cryptoKey': 'U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU=' } } } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "CA",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1980-12-05",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
},
"name": [
{
"family": "NlVBV12Hhb5DD8WNqlTpXboFxzlUSlqAmYDet/jIViQ=",
"given": [
"FSH4D/IGb80a1rS0L0kqfC3DCDt6//17VPhIkOzH2pk="
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
輸出內容會顯示 name.family 和 name.given 的值已使用加密雜湊轉換。這項轉換是合併病患 ID 和提供的 cryptoKey 值所致。只要提供相同的 cryptoKey,這個病患在去識別化執行期間的新 name.family 和 name.given 值就會保持一致。
ReplaceWithInfoTypeConfig
Cloud Healthcare API 可以將值替換為該值的 infoType 名稱,藉此轉換資料。方法是指定 replaceWithInfoTypeConfig 訊息。
下列範例會擴充「取消識別特定 FHIR 路徑」中使用的範例,但會定義 PERSON_NAME 上的 replaceWithInfoType 轉換,並將 fieldMetadataList 路徑設為 Patient.HumanName。將去識別化要求傳送至 Cloud Healthcare API 後,name.family 和 name.given 值會替換為該值的 infoType。
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName' ], 'action': 'INSPECT_AND_TRANSFORM' } }, 'text': { 'transformations': { 'infoTypes': [ 'PERSON_NAME' ], 'replaceWithInfoType': {} } } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "CA",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1980-12-05",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
},
"name": [
{
"family": "[PERSON_NAME]",
"given": [
"[PERSON_NAME]"
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } }, 'text': { 'transformations': { 'infoTypes': [ 'PERSON_NAME' ], 'replaceWithInfoTypeConfig': {} } } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
get 方法追蹤作業狀態:$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
"done": true。
{
"name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
"successStoreCount": "1",
"successResourceCount": "1"
}
}
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "CA",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1980-12-05",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"meta": {
"lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
"versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
},
"name": [
{
"family": "[PERSON_NAME]",
"given": [
"[PERSON_NAME]"
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
"status": "generated"
}
}
輸出內容顯示 name.family 和 name.given 的值已由 value 的 infoType 取代。
將 FHIR 存放區層級資料去識別化
上述範例說明如何將資料集層級的 FHIR 資料去識別化。 如要將資料集去識別化要求變更為 FHIR 儲存庫去識別化要求,請進行下列變更:
- 將要求主體中的
destinationDataset修改為destinationStore - 在
destinationStore中值的結尾新增fhirStores/DESTINATION_FHIR_STORE_ID - 指定來源資料位置時,請新增
fhirStores/SOURCE_FHIR_STORE_ID。
例如:
資料集層級去識別化:
'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID' … "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
FHIR 儲存庫層級去識別化:
'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID' … "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify"
下列範例會擴充去識別化特定 FHIR 路徑,但去識別化作業會在單一 FHIR 儲存庫中進行,且去識別化資料會複製到新的 FHIR 儲存庫。請注意,DESTINATION_FHIR_STORE_ID 參照的 FHIR 儲存庫必須已存在。
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID', 'config': { 'fhir': { 'fieldMetadataList': [ { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } ] } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify"
如果要求成功,伺服器會以 JSON 格式傳回回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
回應會包含作業名稱。您可以使用 Operation get 方法追蹤作業狀態:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
如果要求成功,伺服器會以 JSON 格式傳回回應。去識別化程序完成後,回應會包含 "done": true。
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyFhirStore",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL",
"counter": {
"success": "SUCCESS_COUNT"
}
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifyFhirStoreSummary"
}
}
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID', 'config': { 'fhir': { 'fieldMetadataList': [ { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } ] } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify" | Select-Object -Expand Content
如果要求成功,伺服器會以 JSON 格式傳回回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
回應會包含作業 ID。您可以使用 Operation get 方法追蹤作業狀態:
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
如果要求成功,伺服器會以 JSON 格式傳回回應。去識別化程序完成後,回應會包含 "done": true。
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyFhirStore",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL",
"counter": {
"success": "SUCCESS_COUNT"
}
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifyFhirStoreSummary"
}
}
將 FHIR 儲存庫的子集去識別化
在 FHIR 存放區層級將 FHIR 資料去識別化時,您可以指定篩選條件,將部分資料去識別化。
篩選條件的形式為 FHIR 資源 ID 清單。您可以在 FhirFilter 物件內的 Resources 物件中指定 ID。
以下範例會擴充在 FHIR 存放區層級將資料去識別化的內容,但會提供兩個 FHIR 資源 ID 的清單 (一個用於 Patient,另一個用於 Observation),用於判斷要將哪些資源去識別化。
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID', 'config': { 'fhir': { 'fieldMetadataList': [ { 'action': 'TRANSFORM', 'paths': [ 'Patient.HumanName' ] } ] } }, 'resourceFilter': { 'resources': { 'resources': [ 'Patient/PATIENT_ID', 'Observation/OBSERVATION_ID' ] } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify"
如果要求成功,伺服器會以 JSON 格式傳回回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
回應會包含作業名稱。您可以使用 Operation get 方法追蹤作業狀態:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
如果要求成功,伺服器會以 JSON 格式傳回回應。去識別化程序完成後,回應會包含 "done": true。
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyFhirStore",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL",
"counter": {
"success": "SUCCESS_COUNT"
}
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifyFhirStoreSummary"
}
}
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID', 'resourceFilter': { 'resources': { 'resources': [ 'Patient/PATIENT_ID', 'Observation/OBSERVATION_ID' ] } }, 'config': { 'fhir': { 'fieldMetadataList': [ { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } ] } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify" | Select-Object -Expand Content
如果要求成功,伺服器會以 JSON 格式傳回回應:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
回應會包含作業 ID。您可以使用 Operation get 方法追蹤作業狀態:
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
如果要求成功,伺服器會以 JSON 格式傳回回應。去識別化程序完成後,回應會包含 "done": true。
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyFhirStore",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL",
"counter": {
"success": "SUCCESS_COUNT"
}
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifyFhirStoreSummary"
}
}
在 Google Cloud 控制台中將資料去識別化
您可以在 Google Cloud 控制台中,將資料集或 FHIR 儲存庫的資料去識別化。預設的 FHIR 去識別化設定可用於去識別化資料集和 FHIR 儲存庫。詳情請參閱「預設 FHIR 資料去識別化」。
將資料集資料去識別化
如要對資料集中的資料去識別化,請完成下列步驟:
在 Google Cloud 控制台中,前往「資料集」頁面。
在要匿名化的資料集「動作」清單中,選擇「匿名化」。
「De-identify Dataset」(取消識別資料集) 頁面隨即顯示。
選取「設定目的地資料集」,然後輸入新資料集的名稱,以儲存去識別化資料。
按一下「去識別化」,將資料集中的資料去識別化。
將 FHIR 儲存庫中的資料去識別化
如要對 FHIR 存放區中的資料去識別化,請完成下列步驟:
在 Google Cloud 控制台中,前往「資料集」頁面。
按一下要進行資料去識別化的資料集。
在 FHIR 儲存庫清單中,從要進行去識別化的 FHIR 儲存庫的「動作」清單中,選擇「去識別化」。
系統會顯示「De-identify FHIR Store」(去識別化 FHIR 儲存庫) 頁面。
選取「設定目的地資料儲存庫」,然後選擇要將去識別化資料儲存至哪個資料集和 FHIR 儲存庫。
注意:如要在新的 FHIR 儲存庫中儲存去識別化資料,請先建立新的儲存庫,然後選取該儲存庫做為目的地 FHIR 儲存庫。
按一下「去識別化」,將 FHIR 儲存庫中的資料去識別化。
排解 FHIR 去識別化作業問題
如果 FHIR 去識別化作業發生錯誤,系統會將錯誤記錄至 Cloud Logging。詳情請參閱「查看 Cloud Logging 中的錯誤記錄檔」。
如果整個作業傳回錯誤,請參閱「排解長期執行的作業問題」。