本页面介绍了如何使用 Cloud Healthcare API 在以下级层对 FHIR 资源中的敏感数据进行去标识化:
- 在数据集级层,使用
datasets.deidentify
- 在 FHIR 存储区级层,使用
fhirStores.deidentify
本页面还介绍了在 FHIR 存储区级层对数据进行去标识化时如何应用过滤条件。
去标识化概览
数据集级别去标识化
要在数据集级层对 FHIR 数据进行去标识化,请调用 datasets.deidentify
操作。去标识化 API 调用包含以下组成部分:
- 源数据集:包含 FHIR 存储区的数据集,FHIR 存储区具有一个或多个包含敏感数据的资源。
- 目标数据集:去标识化操作并不会影响原始数据集或其数据。相反,已经去标识化的原始数据副本将会写入到称为目标数据集的新数据集。
- 要进行去标识化的内容:用于指定如何处理数据集的配置参数。如需配置这些参数,您可以在
DeidentifyConfig
对象内的FhirConfig
和/或TextConfig
中指定这些参数,并通过以下任一方式传递:- 设置请求正文的
config
字段 - 以 JSON 格式将其存储在 Cloud Storage 中,并使用请求正文的
gcsConfigUri
字段指定文件在存储桶中的位置
- 设置请求正文的
本指南中的大部分示例展示了如何在数据集级层对 FHIR 数据进行去标识化。
FHIR 存储区级层去标识化
通过在 FHIR 存储区级层对 FHIR 数据进行去标识化,您可以更好地控制要对哪些数据进行去标识化。
要对 FHIR 存储区中的 FHIR 数据进行去标识化,请调用 fhirStores.deidentify
方法。去标识化 API 调用包含以下组成部分:
- 来源 FHIR 存储区:包含一个或多个资源(具有敏感数据)的 FHIR 存储区。
- 目标 FHIR 存储区:去标识化操作并不会影响原始 FHIR 存储区或其数据。相反,已经去标识化的原始数据副本将会写入到目标 FHIR 存储区。目标 FHIR 存储区必须已存在。
- 要进行去标识化的内容:用于指定如何处理 FHIR 存储区的配置参数。如需配置这些参数,您可以在
DeidentifyConfig
对象内的FhirConfig
和/或TextConfig
中指定这些参数,并通过以下任一方式传递:- 设置请求正文的
config
字段 - 以 JSON 格式将其存储在 Cloud Storage 中,并使用请求正文的
gcsConfigUri
字段指定文件在存储桶中的位置
- 设置请求正文的
如需查看示例以了解如何在 FHIR 存储区级层对 FHIR 数据进行去标识化,请参阅在 FHIR 存储区级层对数据进行去标识化。
过滤条件
您可以通过在 fhirStores.deidentify
请求中指定一系列 FHIR 资源 ID,对 FHIR 存储区中的一部分数据进行去标识化。如需查看示例,请参阅对 FHIR 存储区的一部分数据进行去标识化。
本指南中用到的 FHIR 资源示例
本指南中的示例使用 FHIR 存储区中的患者(DSTU2、STU3 和 R4)资源。该患者具有以下示例中显示的属性。id
值由服务器生成。如果您在自己的 FHIR 存储区中创建患者资源,则返回的 id
值与示例患者中显示的值不同。
{
"address": [
{
"city": "Anycity",
"district": "Anydistrict",
"line": [
"123 Main Street"
],
"period": {
"start": "1990-12-05"
},
"postalCode": "12345",
"state": "CA",
"text": "123 Main Street Anycity, Anydistrict, CA 12345",
"type": "both",
"use": "home"
}
],
"birthDate": "1980-12-05",
"gender": "female",
"id": "r77433dd-dkeuc-633743nfd-383nfdsjds732",
"name": [
{
"family": "Smith",
"given": [
"Darcy"
],
"use": "official"
}
],
"resourceType": "Patient",
"text": {
"status": "generated",
"div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>"
}
}
默认 FHIR 数据去标识化
您可以使用“默认”方法对 FHIR 数据进行去标识化,该方法会遮盖 FHIR 存储区内的资源中常见的受保护健康信息 (PHI)。默认方法会遮盖以下信息:
- 在默认 FHIR infoType 中指定的 infoType
- 默认 FHIR 去标识化配置文件中指定的路径
以下示例展示了如何使用 FHIR 默认方法对患者资源进行去标识化。使用默认方法时,请在 DeidentifyConfig
对象内使用空 FhirConfig
。
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': {} } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"服务器返回以下响应:
{ "address": [ { "city": "", "district": "", "line": [ "" ], "period": { "start": "1990-12-05" }, "postalCode": "", "state": "CA", "text": "", "type": "both", "use": "home" } ], "birthDate": "1981-02-24", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMA" }, "name": [ { "family": "", "given": [ "" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: [PERSON_NAME][PERSON_NAME][PERSON_NAME]</p><p><b>DateOfBirth</b>: 1981-02-24</p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': {} } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json服务器返回以下响应:
{ "address": [ { "city": "", "district": "", "line": [ "" ], "period": { "start": "1990-12-05" }, "postalCode": "", "state": "CA", "text": "", "type": "both", "use": "home" } ], "birthDate": "1981-02-24", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMA" }, "name": [ { "family": "", "given": [ "" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: [PERSON_NAME][PERSON_NAME][PERSON_NAME]</p><p><b>DateOfBirth</b>: 1981-02-24</p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
您可以看到已转换以下值,以便对资源进行去标识化:
- 在
birthDate
字段中使用日期偏移技术(其差值为 100 天)提供一个新值。 - 已遮盖
address.city
中的值。 - 已遮盖
address.district
中的值。 - 已遮盖
address.line
中的值。 - 已遮盖
address.postalCode
中的值。 - 已遮盖
address.text
中的值。 - 已遮盖
name.family
中的值。 - 已遮盖
name.given
中的值。 text.div
字段中的自由文本已修改为将患者姓名替换为其 infoType[PERSON_NAME]
。转换患者的出生日期值的方式与转换birthDate
字段中的值的方式相同。
对特定 FHIR 路径进行去标识化
如需指定要进行去标识化的 FHIR 路径及其转换方式,请在 FhirConfig
对象中配置 fieldMetadataList
。
在 fieldMetadataList
内,您可以在 paths
列表中指定以英文句点分隔的字段名称或 FHIR 资源类型名称列表。接下来,您需要指定一个要应用于 paths
中列出的所有内容的 Action
值。如需了解可能的值,请参阅 Action
文档。
如需了解如何在 Cloud Healthcare API 中设置 paths
字段,请参阅 paths
。paths
中值的根据 FHIRPath 设置格式。
默认 FHIR 去标识化配置文件
默认情况下,如果您在 fieldMetadataList
中不指定任何 FHIR 路径,则 Cloud Healthcare API 会应用以下去标识化配置文件来选择和转换 FHIR 路径。应用的配置文件取决于您使用的 FHIR 版本。您可以展开以下部分以查看所用版本的配置文件。您还可以下载配置文件(DSTU2、STU3 和 R4)。
使用路径对资源进行去标识化
以下示例展示了在下列条件下如何配置“患者”资源去标识化:
- “患者”资源的
HumanName
(DSTU2、STU3 和 R4)值自动应用TRANSFORM
(遮盖)。对于示例患者,HumanName 值是"family": "Smith"
和"given": [ "Darcy" ]
。
fieldMetadataList
内的 paths
列表中未提供任何其他值,因此其余数据保持不变。
以下示例展示了如何对“患者”资源的 HumanName 值进行去标识化:
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': [ { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } ] } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"服务器返回以下响应:
{ "address": [ { "city": "Anycity", "district": "Anydistrict", "line": [ "123 Main Street" ], "period": { "start": "1990-12-05" }, "postalCode": "12345", "state": "CA", "text": "123 Main Street Anycity, Anydistrict, CA 12345", "type": "both", "use": "home" } ], "birthDate": "1980-12-05", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA" }, "name": [ { "family": "", "given": [ "" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': [ { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } ] } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json服务器返回以下响应:
{ "address": [ { "city": "Anycity", "district": "Anydistrict", "line": [ "123 Main Street" ], "period": { "start": "1990-12-05" }, "postalCode": "12345", "state": "CA", "text": "123 Main Street Anycity, Anydistrict, CA 12345", "type": "both", "use": "home" } ], "birthDate": "1980-12-05", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA" }, "name": [ { "family": "", "given": [ "" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
您可以看到已转换以下值,以便对资源进行去标识化:
- 已遮盖
name.family
中的值。 - 已遮盖
name.given
中的值。
但是,与默认 FHIR 去标识化中的示例(转换常见 PHI)不同,患者的 address
、birthDate
以及text.div
中的自由文本未被转换,因为未将它们添加到 fieldMetadataList
的 paths
列表中。
将 infoType 和初始转换与 FHIR 资源配合使用
Cloud Healthcare API 可以使用信息类型 (infoType) 来定义在对 FHIR 资源执行去标识化操作时要扫描的数据。infoType 是一种敏感数据类型,例如患者姓名、电子邮件地址、电话号码、身份证号码和信用卡号等等。Cloud Healthcare API 去标识化操作中使用的 infoType 包括在 Cloud Data Loss Prevention 中找到的类型。
初始转换是用于转换输入值的规则。
默认 FHIR infoType
对 FHIR 数据进行去标识化时使用的默认 infoType 如下:
AGE
CREDIT_CARD_NUMBER
DATE
EMAIL_ADDRESS
IP_ADDRESS
LOCATION
MAC_ADDRESS
PASSPORT
PERSON_NAME
PHONE_NUMBER
SWIFT_CODE
US_DRIVERS_LICENSE_NUMBER
US_SOCIAL_SECURITY_NUMBER
US_VEHICLE_IDENTIFICATION_NUMBER
US_INDIVIDUAL_TAXPAYER_IDENTIFICATION_NUMBER
初始转换选项
Cloud Healthcare API 初始转换选项如下:
RedactConfig
:通过删除值来进行遮盖。CharacterMaskConfig
:通过将输入字符替换为所指定的固定字符,全部或部分遮盖字符串。DateShiftConfig
:按随机天数偏移日期,可使同一上下文保持一致。CryptoHashConfig
:使用 SHA-256 将输入值替换为使用给定数据加密密钥生成并以 base64 编码表示的哈希输出字符串。ReplaceWithInfoTypeConfig
:将输入值替换为其 infoType 的名称。
在 TextConfig
中指定配置
InfoType 和初始转换在 InfoTypeTransformation
(它是 TextConfig
内的对象)中指定。将 infoTypes
数组中的 infoType 指定为以逗号分隔的值。
指定 infoType 是可选操作。如果您未指定任何 infoType,则转换将应用于数据中所有内置的 infoType。
如果您在 InfoTypeTransformation
中指定任何 infoType,请至少指定一个初始转换。
以下部分介绍了如何使用 InfoTypeTransformation
中提供的初始转换以及 infoType 来自定义 FHIR 资源的去标识化方式。
RedactConfig
如果指定 redactConfig
,将会彻底移除给定的值来达到遮盖该值的目的。redactConfig
消息不带参数,指定它就会启用转换。
以下示例展示了如何在 Patient.text.div
字段中遮盖“患者”资源的出生日期。通过设置 DATE
infoType 以及 Patient.text.div
路径和 redactConfig
转换来完成此任务。
将去标识化请求发送到 Cloud Healthcare API 之后,Patient.text.div
值中的出生日期会被遮盖。
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.text.div' ], 'action': 'INSPECT_AND_TRANSFORM' } }, 'text': { 'transformations': [ { 'infoTypes': [ 'DATE' ], 'redactConfig': {} } ] } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"服务器返回以下响应:
{ "address": [ { "city": "Anycity", "district": "Anydistrict", "line": [ "123 Main Street" ], "period": { "start": "1990-12-05" }, "postalCode": "12345", "state": "CA", "text": "123 Main Street Anycity, Anydistrict, CA 12345", "type": "both", "use": "home" } ], "birthDate": "1980-12-05", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA" }, "name": [ { "family": "Smith", "given": [ "Darcy" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: </p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.text.div' ], 'action': 'INSPECT_AND_TRANSFORM' } }, 'text': { 'transformations': [ { 'infoTypes': [ 'DATE' ], 'redactConfig': {} } ] } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json服务器返回以下响应:
{ "address": [ { "city": "Anycity", "district": "Anydistrict", "line": [ "123 Main Street" ], "period": { "start": "1990-12-05" }, "postalCode": "12345", "state": "CA", "text": "123 Main Street Anycity, Anydistrict, CA 12345", "type": "both", "use": "home" } ], "birthDate": "1980-12-05", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA" }, "name": [ { "family": "Smith", "given": [ "Darcy" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: </p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
输出结果显示 text.div
中 DateOfBirth
的值已被移除。这与对特定 FHIR 路径进行去标识化中的示例不同,在此示例中,未使用默认配置移除 text.div
中的 DateOfBirth
的值。
CharacterMaskConfig
如果指定 characterMaskConfig
,则会将与给定 infoType 对应的字符串替换为指定的固定字符。例如,您可以将患者姓名替换为一系列星号 (*
),而不是遮盖患者姓名或使用加密哈希技术进行转换。请指定固定字符作为 maskingCharacter
字段的值。
以下示例展示了如何扩展对特定 FHIR 路径进行去标识化中使用的示例,但目前包含设置 PERSON_NAME
infoType 和 characterMaskConfig
转换。未提供固定字符,因此默认使用星号进行遮盖。将去标识化请求发送到 Cloud Healthcare API 之后,name.family
和 name.given
中的值将替换为星号。
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } }, 'text': { 'transformations': [ { 'infoTypes': [ 'PERSON_NAME' ], 'characterMaskConfig': { 'maskingCharacter': '' } } ] } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"服务器返回以下响应:
{ "address": [ { "city": "Anycity", "district": "Anydistrict", "line": [ "123 Main Street" ], "period": { "start": "1990-12-05" }, "postalCode": "12345", "state": "CA", "text": "123 Main Street Anycity, Anydistrict, CA 12345", "type": "both", "use": "home" } ], "birthDate": "1980-12-05", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA" }, "name": [ { "family": "*****", "given": [ "*****" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } }, 'text': { 'transformations': [ { 'infoTypes': [ 'PERSON_NAME' ], 'characterMaskConfig': { 'maskingCharacter': '' } } ] } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json服务器返回以下响应:
{ "address": [ { "city": "Anycity", "district": "Anydistrict", "line": [ "123 Main Street" ], "period": { "start": "1990-12-05" }, "postalCode": "12345", "state": "CA", "text": "123 Main Street Anycity, Anydistrict, CA 12345", "type": "both", "use": "home" } ], "birthDate": "1980-12-05", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA" }, "name": [ { "family": "*****", "given": [ "*****" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
输出结果显示 name.family
和 name.given
中的值已替换为星号。这与对特定 FHIR 路径进行去标识化中的示例不同,其中 name.family
和 name.given
中的值被遮盖。
DateShiftConfig
Cloud Healthcare API 可以通过在预设范围内偏移日期来转换日期。要使日期转换在多个去标识化运行中保持一致,请将 DateShiftConfig
与以下任一项结合使用:
- (已弃用):原始 AES 128/192/256 位 base 64 编码密钥。
- (推荐):Cloud Key Management Service (Cloud KMS) 封装的密钥。如需查看有关如何使用 Cloud KMS 封装密钥的示例,请参阅对敏感文本进行去标识化和重新标识。
您必须向 Cloud Healthcare 服务代理服务账号授予具有 cloudkms.cryptoKeyVersions.useToDecrypt
权限的角色,才能解密 Cloud KMS 封装的密钥。我们建议您使用 Cloud KMS CryptoKey Decrypter 角色 (roles/cloudkms.cryptoKeyDecrypter
)。使用 Cloud KMS 进行加密操作时,需支付费用。请参阅 Cloud Key Management Service 价格了解详情。
Cloud Healthcare API 使用此密钥来计算日期(如患者的出生日期)在 100 天差值范围内的偏移量。
如果您不提供密钥,则每次对日期值运行去标识化操作时,Cloud Healthcare API 都会生成自己的密钥。这可能会导致两次执行操作之间的日期输出不一致。
以下示例展示了如何在 Patient.birthDate
和 Patient.text.div
路径上设置 DATE
infoType 和 DateShiftConfig
转换。将去标识化请求发送到 Cloud Healthcare API 后,Patient.text.div
中的 birthDate
值和出生日期将在原始出生日期 1980-12-05
的正负 100 天之内移动。
示例 U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU=
中提供的加密密钥是使用以下命令生成的原始 AES 加密 256 位 base64 编码密钥。系统提示时,请为命令提供您选择的密码:
echo -n "test" | openssl enc -e -aes-256-ofb -a -salt
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.birthDate', 'Patient.text.div' ], 'action': 'INSPECT_AND_TRANSFORM' } }, 'text': { 'transformations': { 'infoTypes': [ 'DATE' ], 'dateShiftConfig': { 'cryptoKey': 'U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU=' } } } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"服务器返回以下响应:
{ "address": [ { "city": "Anycity", "district": "Anydistrict", "line": [ "123 Main Street" ], "period": { "start": "1990-12-05" }, "postalCode": "12345", "state": "", "text": "123 Main Street Anycity, Anydistrict, CA 12345", "type": "both", "use": "home" } ], "birthDate": "1981-02-19", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA" }, "name": [ { "family": "Smith", "given": [ "Darcy" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1981-02-19</p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName', 'Patient.text.div' ], 'action': 'INSPECT_AND_TRANSFORM' } }, 'text': { 'transformations': { 'infoTypes': [ 'DATE' ], 'dateShiftConfig': { 'cryptoKey': 'U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU=' } } } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json服务器返回以下响应:
{ "address": [ { "city": "Anycity", "district": "Anydistrict", "line": [ "123 Main Street" ], "period": { "start": "1990-12-05" }, "postalCode": "12345", "state": "", "text": "123 Main Street Anycity, Anydistrict, CA 12345", "type": "both", "use": "home" } ], "birthDate": "1981-02-19", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA" }, "name": [ { "family": "Smith", "given": [ "Darcy" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1981-02-19</p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
输出结果显示 birthDate
中的值和 Patient.text.div
中的出生日期已转换为新值 1981-02-19
。将 100 天的差值和患者 ID 与提供的 cryptoKey
值相结合,便会发生此转换。只要提供相同的 cryptoKey
,birthDate
的新值和 Patient.text.div
中的出生日期在此患者的两次去标识化运行之间将保持一致。
CryptoHashConfig
Cloud Healthcare API 可以通过将值替换为加密哈希值(也称为代理值)来转换数据。为此,请指定一条 cryptoHashConfig
消息。
您可以将 cryptoHashConfig
留空,也可以为其提供以下内容之一:
- (已弃用):原始 AES 128/192/256 位 base 64 编码密钥。
- (推荐):Cloud Key Management Service (Cloud KMS) 封装的密钥。如需查看有关如何使用 Cloud KMS 封装密钥的示例,请参阅对敏感文本进行去标识化和重新标识。
您必须向 Cloud Healthcare 服务代理服务账号授予具有 cloudkms.cryptoKeyVersions.useToDecrypt
权限的角色,才能解密 Cloud KMS 封装的密钥。我们建议您使用 Cloud KMS CryptoKey Decrypter 角色 (roles/cloudkms.cryptoKeyDecrypter
)。使用 Cloud KMS 进行加密操作时,需支付费用。请参阅 Cloud Key Management Service 价格了解详情。
提供一致的密钥会生成代理值,这些值在多次去标识化运行之间保持一致。如果您不提供密钥,则在每次运行操作时,Cloud Healthcare API 都会生成一个新密钥。使用不同的密钥会生成不同的代理值。
以下示例扩展了对特定 FHIR 路径进行去标识化中使用的示例,但目前包含在 Patient.HumanName
路径上设置 PERSON_NAME
infoType 和 cryptoKey
转换。将去标识化请求发送到 Cloud Healthcare API 之后,name.family
和 name.given
值将被替换为代理值。
示例 U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU=
中提供的加密密钥是使用以下命令生成的原始 AES 加密 256 位 base64 编码密钥。系统提示时,请为命令提供您选择的密码:
echo -n "test" | openssl enc -e -aes-256-ofb -a -salt
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName' ], 'action': 'INSPECT_AND_TRANSFORM' } }, 'text': { 'transformations': { 'infoTypes': [ 'PERSON_NAME' ], 'cryptoHashConfig': { 'cryptoKey': 'U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU=' } } } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"服务器返回以下响应:
{ "address": [ { "city": "Anycity", "district": "Anydistrict", "line": [ "123 Main Street" ], "period": { "start": "1990-12-05" }, "postalCode": "12345", "state": "CA", "text": "123 Main Street Anycity, Anydistrict, CA 12345", "type": "both", "use": "home" } ], "birthDate": "1980-12-05", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA" }, "name": [ { "family": "NlVBV12Hhb5DD8WNqlTpXboFxzlUSlqAmYDet/jIViQ=", "given": [ "FSH4D/IGb80a1rS0L0kqfC3DCDt6//17VPhIkOzH2pk=" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } }, 'text': { 'transformations': { 'infoTypes': [ 'PERSON_NAME' ], 'cryptoHashConfig': { 'cryptoKey': 'U2FsdGVkX19bS2oZsdbK9X5zi2utBn22uY+I2Vo0zOU=' } } } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json服务器返回以下响应:
{ "address": [ { "city": "Anycity", "district": "Anydistrict", "line": [ "123 Main Street" ], "period": { "start": "1990-12-05" }, "postalCode": "12345", "state": "CA", "text": "123 Main Street Anycity, Anydistrict, CA 12345", "type": "both", "use": "home" } ], "birthDate": "1980-12-05", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA" }, "name": [ { "family": "NlVBV12Hhb5DD8WNqlTpXboFxzlUSlqAmYDet/jIViQ=", "given": [ "FSH4D/IGb80a1rS0L0kqfC3DCDt6//17VPhIkOzH2pk=" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
输出结果显示 name.family
和 name.given
的值已使用加密哈希技术进行转换。将患者 ID 和提供的 cryptoKey
值相结合,便会发生此转换。只要提供相同的 cryptoKey
,新的 name.family
和 name.given
值在此患者的两次去标识化运行之间将保持一致。
ReplaceWithInfoTypeConfig
Cloud Healthcare API 可通过将值替换为值的 infoType
来转换数据。您可以通过指定一条 replaceWithInfoTypeConfig
消息来执行此操作。
以下示例扩展了对特定 FHIR 路径进行去标识化中使用的示例,但它们在 PERSON_NAME
上定义了 replaceWithInfoType
转换,并将 fieldMetadataList
路径设置为Patient.HumanName
。将去标识化请求发送到 Cloud Healthcare API 后,name.family
和 name.given
值将被替换为该值的 infoType
。
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName' ], 'action': 'INSPECT_AND_TRANSFORM' } }, 'text': { 'transformations': { 'infoTypes': [ 'PERSON_NAME' ], 'replaceWithInfoType': {} } } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732"服务器返回以下响应:
{ "address": [ { "city": "Anycity", "district": "Anydistrict", "line": [ "123 Main Street" ], "period": { "start": "1990-12-05" }, "postalCode": "12345", "state": "CA", "text": "123 Main Street Anycity, Anydistrict, CA 12345", "type": "both", "use": "home" } ], "birthDate": "1980-12-05", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA" }, "name": [ { "family": "[PERSON_NAME]", "given": [ "[PERSON_NAME]" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID', 'config': { 'fhir': { 'fieldMetadataList': { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } }, 'text': { 'transformations': { 'infoTypes': [ 'PERSON_NAME' ], 'replaceWithInfoTypeConfig': {} } } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }响应包含操作名称。您可以使用 Operation
get
方法来跟踪操作的状态:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含
"done": true
。{ "name": "projects/PROJECT_ID/locations/REGION/datasets/SOURCE_DATASET_ID/operations/OPERATION_NUMBER", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.dataset.DatasetService.DeidentifyDataset", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/viewer/CLOUD_LOGGING_URL" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifySummary", "successStoreCount": "1", "successResourceCount": "1" } }接下来,使用患者 ID,您可以在新的目标数据集中获取患者资源的详细信息:
$cred = gcloud auth print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-RestMethod ` -Method Get ` -Headers $headers ` -ContentType: "application/fhir+json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/datasets/DESTINATION_DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/r77433dd-dkeuc-633743nfd-383nfdsjds732" | ConvertTo-Json服务器返回以下响应:
{ "address": [ { "city": "Anycity", "district": "Anydistrict", "line": [ "123 Main Street" ], "period": { "start": "1990-12-05" }, "postalCode": "12345", "state": "CA", "text": "123 Main Street Anycity, Anydistrict, CA 12345", "type": "both", "use": "home" } ], "birthDate": "1980-12-05", "gender": "female", "id": "r77433dd-dkeuc-633743nfd-383nfdsjds732", "meta": { "lastUpdated": "2018-01-01T2018-01-01T00:00:00+00:00", "versionId": "MTU0MDU4NTcxNjI2MTUxNDAwMAA" }, "name": [ { "family": "[PERSON_NAME]", "given": [ "[PERSON_NAME]" ], "use": "official" } ], "resourceType": "Patient", "text": { "div": "<div><p><b>Patient</b></p><p><b>Name</b>: Smith, Darcy</p><p><b>DateOfBirth</b>: 1980-12-05</p><p><b>Gender</b>: Female</p></div>", "status": "generated" } }
输出显示 name.family
和 name.given
的值已替换为值的 infoType。
在 FHIR 存储区级层对数据进行去标识化
前面的示例展示了如何在数据集级层对 FHIR 数据进行去标识化。如需将数据集去标识化请求更改为 FHIR 存储区去标识化请求,请进行以下更改:
- 将请求正文中的
destinationDataset
修改为destinationStore
- 在
destinationStore
中的值末尾添加fhirStores/DESTINATION_FHIR_STORE_ID
- 在指定源数据所在的位置时添加
fhirStores/SOURCE_FHIR_STORE_ID
。
例如:
数据集级层去标识化:
'destinationDataset': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID' … "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID:deidentify"
FHIR 存储区级层去标识化:
'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID' … "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify"
以下示例扩展了对特定 FHIR 路径进行去标识化,但会对单个 FHIR 存储区执行去标识化操作,且去标识化后的数据会复制到新 FHIR 存储区中。请注意,DESTINATION_FHIR_STORE_ID 引用的 FHIR 存储区必须已存在。
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID', 'config': { 'fhir': { 'fieldMetadataList': [ { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } ] } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify"
如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }
响应包含操作名称。您可以使用 Operation get
方法来跟踪操作的状态:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
。
{ "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyFhirStore", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL", "counter": { "success": "SUCCESS_COUNT" } }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifyFhirStoreSummary" } }
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID', 'config': { 'fhir': { 'fieldMetadataList': [ { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } ] } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }
响应包含操作 ID。您可以使用 Operation get
方法来跟踪操作的状态:
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
。
{ "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyFhirStore", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL", "counter": { "success": "SUCCESS_COUNT" } }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifyFhirStoreSummary" } }
对 FHIR 存储区的一部分进行去标识化
在 FHIR 存储区级层对 FHIR 数据进行去标识化时,您可以通过指定过滤条件对一部分数据进行去标识化。
过滤条件采用 FHIR 资源 ID 列表的形式。您可以在 FhirFilter
对象内的 Resources
对象中指定 ID。
以下示例对在 FHIR 存储区级层对数据进行去标识化进行了扩展,但提供了包含两个 FHIR 资源 ID 的列表(一个资源用于患者,另一个用于观察结果),用来确定哪些资源要进行去标识化。
curl
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ --data "{ 'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID', 'config': { 'fhir': { 'fieldMetadataList': [ { 'action': 'TRANSFORM', 'paths': [ 'Patient.HumanName' ] } ] } }, 'resourceFilter': { 'resources': { 'resources': [ 'Patient/PATIENT_ID', 'Observation/OBSERVATION_ID' ] } } }" "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify"
如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }
响应包含操作名称。您可以使用 Operation get
方法来跟踪操作的状态:
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID"
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
。
{ "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyFhirStore", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL", "counter": { "success": "SUCCESS_COUNT" } }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifyFhirStoreSummary" } }
PowerShell
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Body "{ 'destinationStore': 'projects/PROJECT_ID/locations/LOCATION/datasets/DESTINATION_DATASET_ID/fhirStores/DESTINATION_FHIR_STORE_ID', 'resourceFilter': { 'resources': { 'resources': [ 'Patient/PATIENT_ID', 'Observation/OBSERVATION_ID' ] } }, 'config': { 'fhir': { 'fieldMetadataList': [ { 'paths': [ 'Patient.HumanName' ], 'action': 'TRANSFORM' } ] } } }" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/fhirStores/SOURCE_FHIR_STORE_ID:deidentify" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应:
{ "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" }
响应包含操作 ID。您可以使用 Operation get
方法来跟踪操作的状态:
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Get ` -Headers $headers ` -ContentType: "application/json; charset=utf-8" ` -Uri "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID" | Select-Object -Expand Content
如果请求成功,服务器将以 JSON 格式返回响应。去标识化过程完成后,响应会包含 "done": true
。
{ "name": "projects/PROJECT_ID/locations/LOCATION/datasets/SOURCE_DATASET_ID/operations/OPERATION_ID", "metadata": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.OperationMetadata", "apiMethodName": "google.cloud.healthcare.v1.deidentify.DeidentifyService.DeidentifyFhirStore", "createTime": "CREATE_TIME", "endTime": "END_TIME", "logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL", "counter": { "success": "SUCCESS_COUNT" } }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.healthcare.v1.deidentify.DeidentifyFhirStoreSummary" } }
在 Google Cloud 控制台中对数据进行去标识化
您可以在 Google Cloud 控制台中对数据集或 FHIR 存储区的数据进行去标识化。默认的 FHIR 去标识化配置用于对数据集和 FHIR 存储区进行去标识化。如需了解详情,请参阅默认的 FHIR 数据去标识化。
对数据集的数据进行去标识化
要对数据集的数据进行去标识化,请完成以下步骤:
在 Google Cloud 控制台中,进入“数据集”页面。
从要去标识化的数据集的操作列表中选择去标识化。
此时将显示对数据集进行去标识化页面。
选择设置目标数据集,并输入新数据集的名称,以存储去标识化的数据。
点击去标识化以对数据集中的数据进行去标识化。
对 FHIR 存储区中的数据进行去标识化
要对 FHIR 存储区中的数据进行去标识化,请完成以下步骤:
在 Google Cloud 控制台中,进入“数据集”页面。
点击要为其去标识化数据的数据集。
在 FHIR 存储区列表中,从要去标识化的 FHIR 存储区的操作列表中选择去标识化。
将显示对 FHIR 存储区进行去标识化页面。
选择设置目标数据存储区,然后选择要保存去标识化数据的数据集和 FHIR 存储区。
注意:如果要在新 FHIR 存储区中存储去标识化的数据,必须先创建新存储区,然后将其选为目标 FHIR 存储区。
点击去标识化,对 FHIR 存储区中的数据进行去标识化。
排查 FHIR 去标识化操作问题
如果在执行 FHIR 去标识化操作期间发生错误,系统会将错误记录到 Cloud Logging。如需了解详情,请参阅在 Cloud Logging 中查看错误日志。
如果整个操作返回错误,请参阅排查长时间运行的操作问题。