对 FHIR 数据进行去标识化

本页面介绍了如何使用 Cloud Healthcare API 在以下级层对 FHIR 资源中的敏感数据进行去标识化:

本页面还介绍了在 FHIR 存储区级层对数据进行去标识化时如何应用过滤条件。

去标识化概览

数据集级别去标识化

要在数据集级层对 FHIR 数据进行去标识化,请调用 datasets.deidentify 操作。去标识化 API 调用包含以下组成部分:

  • 源数据集:包含 FHIR 存储区的数据集,FHIR 存储区具有一个或多个包含敏感数据的资源。
  • 目标数据集:去标识化操作并不会影响原始数据集或其数据。相反,已经去标识化的原始数据副本将会写入到称为目标数据集的新数据集。
  • 要进行去标识化的内容:用于指定如何处理数据集的配置参数。如需配置这些参数,您可以在 DeidentifyConfig 对象内的 FhirConfig 和/或 TextConfig 中指定这些参数,并通过以下任一方式传递:
    • 设置请求正文的 config 字段
    • 以 JSON 格式将其存储在 Cloud Storage 中,并使用请求正文的 gcsConfigUri 字段指定文件在存储桶中的位置

本指南中的大部分示例展示了如何在数据集级层对 FHIR 数据进行去标识化。

FHIR 存储区级层去标识化

通过在 FHIR 存储区级层对 FHIR 数据进行去标识化,您可以更好地控制要对哪些数据进行去标识化。

要对 FHIR 存储区中的 FHIR 数据进行去标识化,请调用 fhirStores.deidentify 方法。去标识化 API 调用包含以下组成部分:

  • 来源 FHIR 存储区:包含一个或多个资源(具有敏感数据)的 FHIR 存储区。
  • 目标 FHIR 存储区:去标识化操作并不会影响原始 FHIR 存储区或其数据。相反,已经去标识化的原始数据副本将会写入到目标 FHIR 存储区。目标 FHIR 存储区必须已存在。
  • 要进行去标识化的内容:用于指定如何处理 FHIR 存储区的配置参数。如需配置这些参数,您可以在 DeidentifyConfig 对象内的 FhirConfig 和/或 TextConfig 中指定这些参数,并通过以下任一方式传递:
    • 设置请求正文的 config 字段
    • 以 JSON 格式将其存储在 Cloud Storage 中,并使用请求正文的 gcsConfigUri 字段指定文件在存储桶中的位置

如需查看示例以了解如何在 FHIR 存储区级层对 FHIR 数据进行去标识化,请参阅在 FHIR 存储区级层对数据进行去标识化

过滤条件

您可以通过在 fhirStores.deidentify 请求中指定一系列 FHIR 资源 ID,对 FHIR 存储区中的一部分数据进行去标识化。如需查看示例,请参阅对 FHIR 存储区的一部分数据进行去标识化

本指南中用到的 FHIR 资源示例

本指南中的示例使用 FHIR 存储区中的患者(DSTU2STU3R4)资源。该患者具有以下示例中显示的属性。id 值由服务器生成。如果您在自己的 FHIR 存储区中创建患者资源,则返回的 id 值与示例患者中显示的值不同。

{
  "address": [
    {
      "city": "Anycity",
      "district": "Anydistrict",
      "line": [
        "123 Main Street"
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "12345",
      "state": "CA",
      "text": "123 Main Street Anycity, Anydistrict, CA 12345",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1980-12-05",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "name": [
    {
      "family": "Smith",
      "given": [
        "Darcy"
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "status": "generated",
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>"
  }
}

默认 FHIR 数据去标识化

您可以使用“默认”方法对 FHIR 数据进行去标识化,该方法会遮盖 FHIR 存储区内的资源中常见的受保护健康信息 (PHI)。默认方法会遮盖以下信息:

以下示例展示了如何使用 FHIR 默认方法对患者资源进行去标识化。使用默认方法时,请在 DeidentifyConfig 对象内使用空 FhirConfig

curl

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    --data "{
      'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
      'config': {
        'fhir': {}
      }
    }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/fhir+json; charset=utf-8" \
     "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
服务器返回以下响应:
{
  "address": [
    {
      "city": "",
      "district": "",
      "line": [
        ""
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "",
      "state": "CA",
      "text": "",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1981-02-24",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMA"
  },
  "name": [
    {
      "family": "",
      "given": [
        ""
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: [PERSON_NAME][PERSON_NAME][PERSON_NAME]</p><p><b>DateOfBirth</b>: 1981-02-24</p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

PowerShell

$cred = gcloud auth application-default print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Post `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body "{
    'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
    'config': {
      'fhir': {}
    }
  }" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-RestMethod `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/fhir+json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
服务器返回以下响应:
{
  "address": [
    {
      "city": "",
      "district": "",
      "line": [
        ""
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "",
      "state": "CA",
      "text": "",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1981-02-24",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMA"
  },
  "name": [
    {
      "family": "",
      "given": [
        ""
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: [PERSON_NAME][PERSON_NAME][PERSON_NAME]</p><p><b>DateOfBirth</b>: 1981-02-24</p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

您可以看到已转换以下值,以便对资源进行去标识化:

  • birthDate 字段中使用日期偏移技术(其差值为 100 天)提供一个新值。
  • 已遮盖 address.city 中的值。
  • 已遮盖 address.district 中的值。
  • 已遮盖 address.line 中的值。
  • 已遮盖 address.postalCode 中的值。
  • 已遮盖 address.text 中的值。
  • 已遮盖 name.family 中的值。
  • 已遮盖 name.given 中的值。
  • text.div 字段中的自由文本已修改为将患者姓名替换为其 infoType [PERSON_NAME]。转换患者的出生日期值的方式与转换 birthDate 字段中的值的方式相同。

对特定 FHIR 路径进行去标识化

如需指定要进行去标识化的 FHIR 路径及其转换方式,请在 FhirConfig 对象中配置 fieldMetadataList

fieldMetadataList 内,您可以在 paths 列表中指定以英文句点分隔的字段名称或 FHIR 资源类型名称列表。接下来,您需要指定一个要应用于 paths 中列出的所有内容的 Action 值。如需了解可能的值,请参阅 Action 文档。

如需了解如何在 Cloud Healthcare API 中设置 paths 字段,请参阅 pathspaths 中值的根据 FHIRPath 设置格式。

默认 FHIR 去标识化配置文件

默认情况下,如果您在 fieldMetadataList 中不指定任何 FHIR 路径,则 Cloud Healthcare API 会应用以下去标识化配置文件来选择和转换 FHIR 路径。应用的配置文件取决于您使用的 FHIR 版本。您可以展开以下部分以查看所用版本的配置文件。您还可以下载配置文件(DSTU2STU3R4)。

使用路径对资源进行去标识化

以下示例展示了在下列条件下如何配置“患者”资源去标识化:

  • “患者”资源的 HumanNameDSTU2STU3R4)值自动应用 TRANSFORM(遮盖)。对于示例患者,HumanName 值是 "family": "Smith""given": [ "Darcy" ]

fieldMetadataList 内的 paths 列表中未提供任何其他值,因此其余数据保持不变。

以下示例展示了如何对“患者”资源的 HumanName 值进行去标识化:

curl

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    --data "{
      'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
      'config': {
        'fhir': {
          'fieldMetadataList': [
            {
              'paths': [
                'Patient.HumanName'
              ],
              'action': 'TRANSFORM'
            }
          ]
        }
      }
    }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/fhir+json; charset=utf-8" \
     "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
服务器返回以下响应:
{
  "address": [
    {
      "city": "Anycity",
      "district": "Anydistrict",
      "line": [
        "123 Main Street"
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "12345",
      "state": "CA",
      "text": "123 Main Street Anycity, Anydistrict, CA 12345",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1980-12-05",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
  },
  "name": [
    {
      "family": "",
      "given": [
        ""
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

PowerShell

$cred = gcloud auth application-default print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Post `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body "{
    'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
    'config': {
      'fhir': {
        'fieldMetadataList': [
          {
            'paths': [
              'Patient.HumanName'
            ],
            'action': 'TRANSFORM'
          }
        ]
      }
    }
  }" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-RestMethod `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/fhir+json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
服务器返回以下响应:
{
  "address": [
    {
      "city": "Anycity",
      "district": "Anydistrict",
      "line": [
        "123 Main Street"
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "12345",
      "state": "CA",
      "text": "123 Main Street Anycity, Anydistrict, CA 12345",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1980-12-05",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
  },
  "name": [
    {
      "family": "",
      "given": [
        ""
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

您可以看到已转换以下值,以便对资源进行去标识化:

  • 已遮盖 name.family 中的值。
  • 已遮盖 name.given 中的值。

但是,与默认 FHIR 去标识化中的示例(转换常见 PHI)不同,患者的 addressbirthDate 以及text.div 中的自由文本未被转换,因为未将它们添加到 fieldMetadataListpaths 列表中。

将 infoType 和初始转换与 FHIR 资源配合使用

Cloud Healthcare API 可以使用信息类型 (infoType) 来定义在对 FHIR 资源执行去标识化操作时要扫描的数据。infoType 是一种敏感数据类型,例如患者姓名、电子邮件地址、电话号码、身份证号码和信用卡号等等。Cloud Healthcare API 去标识化操作中使用的 infoType 包括在 Cloud Data Loss Prevention 中找到的类型。

初始转换是用于转换输入值的规则。

默认 FHIR infoType

对 FHIR 数据进行去标识化时使用的默认 infoType 如下:

  • AGE
  • CREDIT_CARD_NUMBER
  • DATE
  • EMAIL_ADDRESS
  • IP_ADDRESS
  • LOCATION
  • MAC_ADDRESS
  • PASSPORT
  • PERSON_NAME
  • PHONE_NUMBER
  • SWIFT_CODE
  • US_DRIVERS_LICENSE_NUMBER
  • US_SOCIAL_SECURITY_NUMBER
  • US_VEHICLE_IDENTIFICATION_NUMBER
  • US_INDIVIDUAL_TAXPAYER_IDENTIFICATION_NUMBER

初始转换选项

Cloud Healthcare API 初始转换选项如下:

  • RedactConfig:通过删除值来进行遮盖。
  • CharacterMaskConfig:通过将输入字符替换为所指定的固定字符,全部或部分遮盖字符串。
  • DateShiftConfig:按随机天数偏移日期,可使同一上下文保持一致。
  • CryptoHashConfig:使用 SHA-256 将输入值替换为使用给定数据加密密钥生成并以 base64 编码表示的哈希输出字符串。
  • ReplaceWithInfoTypeConfig:将输入值替换为其 infoType 的名称。

TextConfig 中指定配置

InfoType 和初始转换在 InfoTypeTransformation(它是 TextConfig 内的对象)中指定。将 infoTypes 数组中的 infoType 指定为以逗号分隔的值。

指定 infoType 是可选操作。如果您未指定任何 infoType,则转换将应用于数据中所有内置的 infoType。

如果您在 InfoTypeTransformation 中指定任何 infoType,请至少指定一个初始转换。

以下部分介绍了如何使用 InfoTypeTransformation 中提供的初始转换以及 infoType 来自定义 FHIR 资源的去标识化方式。

RedactConfig

如果指定 redactConfig,将会彻底移除给定的值来达到遮盖该值的目的。redactConfig 消息不带参数,指定它就会启用转换。

以下示例展示了如何在 Patient.text.div 字段中遮盖“患者”资源的出生日期。通过设置 DATE infoType 以及 Patient.text.div 路径和 redactConfig 转换来完成此任务。

将去标识化请求发送到 Cloud Healthcare API 之后,Patient.text.div 值中的出生日期会被遮盖。

curl

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    --data "{
      'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
      'config': {
        'fhir': {
          'fieldMetadataList': {
            'paths': [
              'Patient.text.div'
            ],
            'action': 'INSPECT_AND_TRANSFORM'
          }
        },
        'text': {
          'transformations': [
            {
              'infoTypes': [
                'DATE'
              ],
              'redactConfig': {}
            }
          ]
        }
      }
    }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/fhir+json; charset=utf-8" \
     "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
服务器返回以下响应:
{
  "address": [
    {
      "city": "Anycity",
      "district": "Anydistrict",
      "line": [
        "123 Main Street"
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "12345",
      "state": "CA",
      "text": "123 Main Street Anycity, Anydistrict, CA 12345",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1980-12-05",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
  },
  "name": [
    {
      "family": "Smith",
      "given": [
        "Darcy"
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: </p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

PowerShell

$cred = gcloud auth application-default print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Post `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body "{
    'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
    'config': {
      'fhir': {
        'fieldMetadataList': {
          'paths': [
            'Patient.text.div'
          ],
          'action': 'INSPECT_AND_TRANSFORM'
        }
      },
      'text': {
        'transformations': [
          {
            'infoTypes': [
              'DATE'
            ],
            'redactConfig': {}
          }
        ]
      }
    }
  }" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-RestMethod `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/fhir+json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
服务器返回以下响应:
{
  "address": [
    {
      "city": "Anycity",
      "district": "Anydistrict",
      "line": [
        "123 Main Street"
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "12345",
      "state": "CA",
      "text": "123 Main Street Anycity, Anydistrict, CA 12345",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1980-12-05",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
  },
  "name": [
    {
      "family": "Smith",
      "given": [
        "Darcy"
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: </p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

输出结果显示 text.divDateOfBirth 的值已被移除。这与对特定 FHIR 路径进行去标识化中的示例不同,在此示例中,未使用默认配置移除 text.div 中的 DateOfBirth 的值。

CharacterMaskConfig

如果指定 characterMaskConfig,则会将与给定 infoType 对应的字符串替换为指定的固定字符。例如,您可以将患者姓名替换为一系列星号 (*),而不是遮盖患者姓名或使用加密哈希技术进行转换。请指定固定字符作为 maskingCharacter 字段的值。

以下示例展示了如何扩展对特定 FHIR 路径进行去标识化中使用的示例,但目前包含设置 PERSON_NAME infoType 和 characterMaskConfig 转换。未提供固定字符,因此默认使用星号进行遮盖。将去标识化请求发送到 Cloud Healthcare API 之后,name.familyname.given 中的值将替换为星号。

curl

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    --data "{
      'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
      'config': {
        'fhir': {
          'fieldMetadataList': {
            'paths': [
              'Patient.HumanName'
            ],
            'action': 'TRANSFORM'
          }
        },
        'text': {
          'transformations': [
            {
              'infoTypes': [
                'PERSON_NAME'
              ],
              'characterMaskConfig': {
                'maskingCharacter': ''
              }
            }
          ]
        }
      }
    }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/fhir+json; charset=utf-8" \
     "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
服务器返回以下响应:
{
  "address": [
    {
      "city": "Anycity",
      "district": "Anydistrict",
      "line": [
        "123 Main Street"
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "12345",
      "state": "CA",
      "text": "123 Main Street Anycity, Anydistrict, CA 12345",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1980-12-05",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
  },
  "name": [
    {
      "family": "*****",
      "given": [
        "*****"
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

PowerShell

$cred = gcloud auth application-default print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Post `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body "{
    'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
    'config': {
      'fhir': {
        'fieldMetadataList': {
          'paths': [
            'Patient.HumanName'
          ],
          'action': 'TRANSFORM'
        }
      },
      'text': {
        'transformations': [
          {
            'infoTypes': [
              'PERSON_NAME'
            ],
            'characterMaskConfig': {
              'maskingCharacter': ''
            }
          }
        ]
      }
    }
  }" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-RestMethod `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/fhir+json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
服务器返回以下响应:
{
  "address": [
    {
      "city": "Anycity",
      "district": "Anydistrict",
      "line": [
        "123 Main Street"
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "12345",
      "state": "CA",
      "text": "123 Main Street Anycity, Anydistrict, CA 12345",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1980-12-05",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
  },
  "name": [
    {
      "family": "*****",
      "given": [
        "*****"
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

输出结果显示 name.familyname.given 中的值已替换为星号。这与对特定 FHIR 路径进行去标识化中的示例不同,其中 name.familyname.given 中的值被遮盖。

DateShiftConfig

Cloud Healthcare API 可以通过在预设范围内偏移日期来转换日期。要使日期转换在多个去标识化运行中保持一致,请将 DateShiftConfig 与以下任一项结合使用:

您必须向 Cloud Healthcare 服务代理服务账号授予具有 cloudkms.cryptoKeyVersions.useToDecrypt 权限的角色,才能解密 Cloud KMS 封装的密钥。我们建议您使用 Cloud KMS CryptoKey Decrypter 角色 (roles/cloudkms.cryptoKeyDecrypter)。使用 Cloud KMS 进行加密操作时,需支付费用。请参阅 Cloud Key Management Service 价格了解详情。

Cloud Healthcare API 使用此密钥来计算日期(如患者的出生日期)在 100 天差值范围内的偏移量。

如果您不提供密钥,则每次对日期值运行去标识化操作时,Cloud Healthcare API 都会生成自己的密钥。这可能会导致两次执行操作之间的日期输出不一致。

以下示例展示了如何在 Patient.birthDatePatient.text.div 路径上设置 DATE infoType 和 DateShiftConfig 转换。将去标识化请求发送到 Cloud Healthcare API 后,Patient.text.div 中的 birthDate 值和出生日期将在原始出生日期 1980-12-05 的正负 100 天之内移动。

示例 U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU= 中提供的加密密钥是使用以下命令生成的原始 AES 加密 256 位 base64 编码密钥。系统提示时,请为命令提供您选择的密码:

echo -n "test" | openssl enc -e -aes-256-ofb -a -salt

curl

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    --data "{
      'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
      'config': {
        'fhir': {
          'fieldMetadataList': {
            'paths': [
              'Patient.birthDate',
              'Patient.text.div'
            ],
            'action': 'INSPECT_AND_TRANSFORM'
          }
        },
        'text': {
          'transformations': {
            'infoTypes': [
              'DATE'
            ],
            'dateShiftConfig': {
              'cryptoKey': 'U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU='
            }
          }
        }
      }
    }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/fhir+json; charset=utf-8" \
     "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
服务器返回以下响应:
{
  "address": [
    {
      "city": "Anycity",
      "district": "Anydistrict",
      "line": [
        "123 Main Street"
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "12345",
      "state": "",
      "text": "123 Main Street Anycity, Anydistrict, CA 12345",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1981-02-19",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
  },
  "name": [
    {
      "family": "Smith",
      "given": [
        "Darcy"
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1981-02-19</p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

PowerShell

$cred = gcloud auth application-default print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Post `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body "{
    'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
    'config': {
      'fhir': {
        'fieldMetadataList': {
          'paths': [
            'Patient.HumanName',
            'Patient.text.div'
          ],
          'action': 'INSPECT_AND_TRANSFORM'
        }
      },
      'text': {
        'transformations': {
          'infoTypes': [
            'DATE'
          ],
          'dateShiftConfig': {
            'cryptoKey': 'U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU='
          }
        }
      }
    }
  }" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-RestMethod `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/fhir+json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
服务器返回以下响应:
{
  "address": [
    {
      "city": "Anycity",
      "district": "Anydistrict",
      "line": [
        "123 Main Street"
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "12345",
      "state": "",
      "text": "123 Main Street Anycity, Anydistrict, CA 12345",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1981-02-19",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
  },
  "name": [
    {
      "family": "Smith",
      "given": [
        "Darcy"
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1981-02-19</p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

输出结果显示 birthDate 中的值和 Patient.text.div 中的出生日期已转换为新值 1981-02-19。将 100 天的差值和患者 ID 与提供的 cryptoKey 值相结合,便会发生此转换。只要提供相同的 cryptoKeybirthDate 的新值和 Patient.text.div 中的出生日期在此患者的两次去标识化运行之间将保持一致。

CryptoHashConfig

Cloud Healthcare API 可以通过将值替换为加密哈希值(也称为代理值)来转换数据。为此,请指定一条 cryptoHashConfig 消息。

您可以将 cryptoHashConfig 留空,也可以为其提供以下内容之一:

您必须向 Cloud Healthcare 服务代理服务账号授予具有 cloudkms.cryptoKeyVersions.useToDecrypt 权限的角色,才能解密 Cloud KMS 封装的密钥。我们建议您使用 Cloud KMS CryptoKey Decrypter 角色 (roles/cloudkms.cryptoKeyDecrypter)。使用 Cloud KMS 进行加密操作时,需支付费用。请参阅 Cloud Key Management Service 价格了解详情。

提供一致的密钥会生成代理值,这些值在多次去标识化运行之间保持一致。如果您不提供密钥,则在每次运行操作时,Cloud Healthcare API 都会生成一个新密钥。使用不同的密钥会生成不同的代理值。

以下示例扩展了对特定 FHIR 路径进行去标识化中使用的示例,但目前包含在 Patient.HumanName 路径上设置 PERSON_NAME infoType 和 cryptoKey 转换。将去标识化请求发送到 Cloud Healthcare API 之后,name.familyname.given 值将被替换为代理值。

示例 U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU= 中提供的加密密钥是使用以下命令生成的原始 AES 加密 256 位 base64 编码密钥。系统提示时,请为命令提供您选择的密码:

echo -n "test" | openssl enc -e -aes-256-ofb -a -salt

curl

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    --data "{
      'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
      'config': {
        'fhir': {
          'fieldMetadataList': {
            'paths': [
              'Patient.HumanName'
            ],
            'action': 'INSPECT_AND_TRANSFORM'
          }
        },
        'text': {
          'transformations': {
            'infoTypes': [
              'PERSON_NAME'
            ],
            'cryptoHashConfig': {
              'cryptoKey': 'U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU='
            }
          }
        }
      }
    }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/fhir+json; charset=utf-8" \
     "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
服务器返回以下响应:
{
  "address": [
    {
      "city": "Anycity",
      "district": "Anydistrict",
      "line": [
        "123 Main Street"
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "12345",
      "state": "CA",
      "text": "123 Main Street Anycity, Anydistrict, CA 12345",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1980-12-05",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
  },
  "name": [
    {
      "family": "NlVBV12Hhb5DD8WNqlTpXboFxzlUSlqAmYDet/jIViQ=",
      "given": [
        "FSH4D/IGb80a1rS0L0kqfC3DCDt6//17VPhIkOzH2pk="
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

PowerShell

$cred = gcloud auth application-default print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Post `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body "{
    'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
    'config': {
      'fhir': {
        'fieldMetadataList': {
          'paths': [
            'Patient.HumanName'
          ],
          'action': 'TRANSFORM'
        }
      },
      'text': {
        'transformations': {
          'infoTypes': [
            'PERSON_NAME'
          ],
          'cryptoHashConfig': {
            'cryptoKey': 'U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU='
          }
        }
      }
    }
  }" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-RestMethod `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/fhir+json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
服务器返回以下响应:
{
  "address": [
    {
      "city": "Anycity",
      "district": "Anydistrict",
      "line": [
        "123 Main Street"
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "12345",
      "state": "CA",
      "text": "123 Main Street Anycity, Anydistrict, CA 12345",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1980-12-05",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
  },
  "name": [
    {
      "family": "NlVBV12Hhb5DD8WNqlTpXboFxzlUSlqAmYDet/jIViQ=",
      "given": [
        "FSH4D/IGb80a1rS0L0kqfC3DCDt6//17VPhIkOzH2pk="
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

输出结果显示 name.familyname.given 的值已使用加密哈希技术进行转换。将患者 ID 和提供的 cryptoKey 值相结合,便会发生此转换。只要提供相同的 cryptoKey,新的 name.familyname.given 值在此患者的两次去标识化运行之间将保持一致。

ReplaceWithInfoTypeConfig

Cloud Healthcare API 可通过将值替换为值的 infoType 来转换数据。您可以通过指定一条 replaceWithInfoTypeConfig 消息来执行此操作。

以下示例扩展了对特定 FHIR 路径进行去标识化中使用的示例,但它们在 PERSON_NAME 上定义了 replaceWithInfoType 转换,并将 fieldMetadataList 路径设置为Patient.HumanName。将去标识化请求发送到 Cloud Healthcare API 后,name.familyname.given 值将被替换为该值的 infoType

curl

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    --data "{
      'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
      'config': {
        'fhir': {
          'fieldMetadataList': {
            'paths': [
              'Patient.HumanName'
            ],
            'action': 'INSPECT_AND_TRANSFORM'
          }
        },
        'text': {
          'transformations': {
            'infoTypes': [
              'PERSON_NAME'
            ],
            'replaceWithInfoType': {}
          }
        }
      }
    }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
curl -X GET \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/fhir+json; charset=utf-8" \
     "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"
服务器返回以下响应:
{
  "address": [
    {
      "city": "Anycity",
      "district": "Anydistrict",
      "line": [
        "123 Main Street"
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "12345",
      "state": "CA",
      "text": "123 Main Street Anycity, Anydistrict, CA 12345",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1980-12-05",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
  },
  "name": [
    {
      "family": "[PERSON_NAME]",
      "given": [
        "[PERSON_NAME]"
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

PowerShell

$cred = gcloud auth application-default print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Post `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body "{
    'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID',
    'config': {
      'fhir': {
        'fieldMetadataList': {
          'paths': [
            'Patient.HumanName'
          ],
          'action': 'TRANSFORM'
        }
      },
      'text': {
        'transformations': {
          'infoTypes': [
            'PERSON_NAME'
          ],
          'replaceWithInfoTypeConfig': {}
        }
      }
    }
  }" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应:
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
{
  "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL"
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary",
    "successStoreCount": "1",
    "successResourceCount": "1"
  }
}
接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-RestMethod `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/fhir+json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json
服务器返回以下响应:
{
  "address": [
    {
      "city": "Anycity",
      "district": "Anydistrict",
      "line": [
        "123 Main Street"
      ],
      "period": {
        "start": "1990-12-05"
      },
      "postalCode": "12345",
      "state": "CA",
      "text": "123 Main Street Anycity, Anydistrict, CA 12345",
      "type": "both",
      "use": "home"
    }
  ],
  "birthDate": "1980-12-05",
  "gender": "female",
  "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
  "meta": {
    "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00",
    "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA"
  },
  "name": [
    {
      "family": "[PERSON_NAME]",
      "given": [
        "[PERSON_NAME]"
      ],
      "use": "official"
    }
  ],
  "resourceType": "Patient",
  "text": {
    "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>",
    "status": "generated"
  }
}

输出显示 name.familyname.given 的值已替换为值的 infoType。

在 FHIR 存储区级层对数据进行去标识化

前面的示例展示了如何在数据集级层对 FHIR 数据进行去标识化。如需将数据集去标识化请求更改为 FHIR 存储区去标识化请求,请进行以下更改:

  • 将请求正文中的 destinationDataset 修改为 destinationStore
  • destinationStore 中的值末尾添加 fhirStores/DESTINATION_FHIR_STORE_ID
  • 在指定源数据所在的位置时添加 fhirStores/SOURCE_FHIR_STORE_ID

例如:

数据集级层去标识化

'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID'
…
"https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"

FHIR 存储区级层去标识化

'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID'
…
"https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify"

以下示例扩展了对特定 FHIR 路径进行去标识化,但会对单个 FHIR 存储区执行去标识化操作,且去标识化后的数据会复制到新 FHIR 存储区中。请注意,DESTINATION_FHIR_STORE_ID 引用的 FHIR 存储区必须已存在。

curl

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    --data "{
      'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID',
     'config': {
        'fhir': {
          'fieldMetadataList': [
            {
              'paths': [
                'Patient.HumanName'
              ],
              'action': 'TRANSFORM'
            }
          ]
        }
      }
    }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify"

如果请求成功,服务器将以 JSON 格式返回响应:

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}

响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"

如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyFhirStore",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL",
    "counter": {
      "success": "SUCCESS_COUNT"
    }
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifyFhirStoreSummary"
  }
}

PowerShell

$cred = gcloud auth application-default print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Post `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body "{
    'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID',
    'config': {
      'fhir': {
        'fieldMetadataList': [
          {
            'paths': [
              'Patient.HumanName'
            ],
            'action': 'TRANSFORM'
          }
        ]
      }
    }
  }" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify" | Select-Object -Expand Content

如果请求成功,服务器将以 JSON 格式返回响应:

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}

响应包含操作 ID。您可以使用 Operation get 方法来跟踪操作的状态:

$cred = gcloud auth application-default print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyFhirStore",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL",
    "counter": {
      "success": "SUCCESS_COUNT"
    }
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifyFhirStoreSummary"
  }
}

对 FHIR 存储区的一部分进行去标识化

在 FHIR 存储区级层对 FHIR 数据进行去标识化时,您可以通过指定过滤条件对一部分数据进行去标识化。

过滤条件采用 FHIR 资源 ID 列表的形式。您可以在 FhirFilter 对象内的 Resources 对象中指定 ID。

以下示例对在 FHIR 存储区级层对数据进行去标识化进行了扩展,但提供了包含两个 FHIR 资源 ID 的列表(一个资源用于患者,另一个用于观察结果),用来确定哪些资源要进行去标识化。

curl

curl -X POST \
    -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    --data "{
      'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID',
      'config': {
        'fhir': {
          'fieldMetadataList': [
            {
              'action': 'TRANSFORM',
              'paths': [
                'Patient.HumanName'
              ]
            }
          ]
        }
      },
      'resourceFilter': {
        'resources': {
          'resources': [
            'Patient/PATIENT_ID',
            'Observation/OBSERVATION_ID'
          ]
        }
      }
    }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify"

如果请求成功,服务器将以 JSON 格式返回响应:

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}

响应包含操作名称。您可以使用 Operation get 方法来跟踪操作的状态:

curl -X GET \
    -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"

如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyFhirStore",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL",
    "counter": {
      "success": "SUCCESS_COUNT"
    }
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifyFhirStoreSummary"
  }
}

PowerShell

$cred = gcloud auth application-default print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Post `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body "{
    'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID',
    'resourceFilter': {
      'resources': {
        'resources': [
          'Patient/PATIENT_ID',
          'Observation/OBSERVATION_ID'
        ]
      }
    },
    'config': {
      'fhir': {
        'fieldMetadataList': [
          {
            'paths': [
              'Patient.HumanName'
            ],
            'action': 'TRANSFORM'
          }
        ]
      }
    }
  }" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify" | Select-Object -Expand Content

如果请求成功,服务器将以 JSON 格式返回响应:

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
}

响应包含操作 ID。您可以使用 Operation get 方法来跟踪操作的状态:

$cred = gcloud auth application-default print-access-token
$headers = @{ Authorization = "Bearer $cred" }

Invoke-WebRequest `
  -Method Get `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content

如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata",
    "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyFhirStore",
    "createTime": "CREATE_TIME",
    "endTime": "END_TIME",
    "logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL",
    "counter": {
      "success": "SUCCESS_COUNT"
    }
  },
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifyFhirStoreSummary"
  }
}

在 Google Cloud 控制台中对数据进行去标识化

您可以在 Google Cloud 控制台中对数据集或 FHIR 存储区的数据进行去标识化。默认的 FHIR 去标识化配置用于对数据集和 FHIR 存储区进行去标识化。如需了解详情,请参阅默认的 FHIR 数据去标识化

对数据集的数据进行去标识化

要对数据集的数据进行去标识化,请完成以下步骤:

  1. 在 Google Cloud 控制台中,进入“数据集”页面。

    进入“数据集”

  2. 从要去标识化的数据集的操作列表中选择去标识化

    此时将显示对数据集进行去标识化页面。

  3. 选择设置目标数据集,并输入新数据集的名称,以存储去标识化的数据。

  4. 点击去标识化以对数据集中的数据进行去标识化。

对 FHIR 存储区中的数据进行去标识化

要对 FHIR 存储区中的数据进行去标识化,请完成以下步骤:

  1. 在 Google Cloud 控制台中,进入“数据集”页面。

    进入“数据集”

  2. 点击要为其去标识化数据的数据集。

  3. 在 FHIR 存储区列表中,从要去标识化的 FHIR 存储区的操作列表中选择去标识化

    将显示对 FHIR 存储区进行去标识化页面。

  4. 选择设置目标数据存储区,然后选择要保存去标识化数据的数据集和 FHIR 存储区。

    注意:如果要在新 FHIR 存储区中存储去标识化的数据,必须先创建新存储区,然后将其选为目标 FHIR 存储区。

  5. 点击去标识化,对 FHIR 存储区中的数据进行去标识化。

排查 FHIR 去标识化操作问题

如果在执行 FHIR 去标识化操作期间发生错误,系统会将错误记录到 Cloud Logging。如需了解详情,请参阅在 Cloud Logging 中查看错误日志

如果整个操作返回错误,请参阅排查长时间运行的操作问题