Resource: FhirStore
Represents a FHIR store.
JSON representation |
---|
{ "name": string, "enableUpdateCreate": boolean, "notificationConfig": { object( |
Fields | |
---|---|
name |
Output only. Identifier. Resource name of the FHIR store, of the form |
enable |
Optional. Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through the Create operation and attempts to update a non-existent resource return errors. It is strongly advised not to include or encode any sensitive data such as patient identifiers in client-specified resource IDs. Those IDs are part of the FHIR resource path recorded in Cloud audit logs and Pub/Sub notifications. Those IDs can also be contained in reference fields within other resources. Defaults to false. |
notificationConfig |
Deprecated. Use |
disable |
Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store creation. The default value is false, meaning that the API enforces referential integrity and fails the requests that result in inconsistent state in the FHIR store. When this field is set to true, the API skips referential integrity checks. Consequently, operations that rely on references, such as GetPatientEverything, do not return all the results if broken references exist. |
disable |
Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation of FHIR store. If set to false, all write operations cause historical versions to be recorded automatically. The historical versions can be fetched through the history APIs, but cannot be updated. If set to true, no historical versions are kept. The server sends errors for attempts to read the historical versions. Defaults to false. |
labels |
User-supplied key-value pairs used to organize FHIR stores. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} Label values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} No more than 64 labels can be associated with a given store. An object containing a list of |
version |
Required. Immutable. The FHIR specification version that this FHIR store supports natively. This field is immutable after store creation. Requests are rejected if they contain FHIR resources of a different version. Version is required for every FHIR store. |
stream |
Optional. A list of streaming configs that configure the destinations of streaming export for every resource mutation in this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next resource mutation is streamed to the new location in addition to the existing ones. When a location is removed from the list, the server stops streaming to that location. Before adding a new config, you must add the required |
validation |
Optional. Configuration for how to validate incoming FHIR resources against configured profiles. |
default |
Optional. If true, overrides the default search behavior for this FHIR store to |
complex |
Optional. Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources. |
notification |
Optional. Specifies where and whether to send notifications upon changes to a FHIR store. |
consent |
Optional. Specifies whether this store has consent enforcement. Not available for DSTU2 FHIR version due to absence of Consent resources. |
Version
The FHIR specification version.
Enums | |
---|---|
VERSION_UNSPECIFIED |
Users must specify a version on store creation or an error is returned. |
DSTU2 |
Draft Standard for Trial Use, Release 2 |
STU3 |
Standard for Trial Use, Release 3 |
R4 |
Release 4 |
StreamConfig
Contains configuration for streaming FHIR export.
JSON representation |
---|
{ "resourceTypes": [ string ], // Union field |
Fields | |
---|---|
resource |
Optional. Supply a FHIR resource type (such as "Patient" or "Observation"). See https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats an empty list as an intent to stream all the supported resource types in this FHIR store. |
Union field destination . Specifies the streaming destination. destination can be only one of the following: |
|
bigquery |
Optional. The destination BigQuery structure that contains both the dataset location and corresponding schema config. The output is organized in one table per resource type. The server reuses the existing tables (if any) that are named after the resource types. For example, "Patient", "Observation". When there is no existing table for a given resource type, the server attempts to create one. When a table schema doesn't align with the schema config, either because of existing incompatible schema or out of band incompatible modification, the server does not stream in new data. BigQuery imposes a 1 MB limit on streaming insert row size, therefore any resource mutation that generates more than 1 MB of BigQuery data is not streamed. One resolution in this case is to delete the incompatible table and let the server recreate one, though the newly created table only contains data after the table recreation. Results are written to BigQuery tables according to the parameters in The tables contain all historical resource versions since streaming was enabled. For query convenience, the server also creates one view per table of the same name containing only the current resource version. The streamed data in the BigQuery dataset is not guaranteed to be completely unique. The combination of the id and meta.versionId columns should ideally identify a single unique row. But in rare cases, duplicates may exist. At query time, users may use the SQL select statement to keep only one of the duplicate rows given an id and meta.versionId pair. Alternatively, the server created view mentioned above also filters out duplicates. If a resource mutation cannot be streamed to BigQuery, errors are logged to Cloud Logging. For more information, see Viewing error logs in Cloud Logging). |
deidentified |
The destination FHIR store for de-identified resources. After this field is added, all subsequent creates/updates/patches to the source store will be de-identified using the provided configuration and applied to the destination store. Resources deleted from the source store will be deleted from the destination store. Importing resources to the source store will not trigger the streaming. If the source store already contains resources when this option is enabled, those resources will not be copied to the destination store unless they are subsequently updated. This may result in invalid references in the destination store. Before adding this config, you must grant the healthcare.fhirResources.update permission on the destination store to your project's Cloud Healthcare Service Agent service account. The destination store must set If a resource cannot be de-identified, errors will be logged to Cloud Logging (see Viewing error logs in Cloud Logging). |
BigQueryDestination
The configuration for exporting to BigQuery.
JSON representation |
---|
{ "datasetUri": string, "schemaConfig": { object( |
Fields | |
---|---|
dataset |
Optional. BigQuery URI to an existing dataset, up to 2000 characters long, in the format |
schema |
Optional. The configuration for the exported BigQuery schema. |
force |
Optional. The default value is false. If this flag is If |
write |
Optional. Determines if existing data in the destination dataset is overwritten, appended to, or not written if the tables contain data. If a writeDisposition is specified, the |
SchemaConfig
Configuration for the FHIR BigQuery schema. Determines how the server generates the schema.
JSON representation |
---|
{ "schemaType": enum( |
Fields | |
---|---|
schema |
Specifies the output schema type. Schema type is required. |
recursive |
The depth for all recursive structures in the output analytics schema. For example, |
last |
The configuration for exported BigQuery tables to be partitioned by FHIR resource's last updated time column. |
SchemaType
An enum consisting of the supported output schema types.
Enums | |
---|---|
SCHEMA_TYPE_UNSPECIFIED |
No schema type specified. This type is unsupported. |
ANALYTICS |
Analytics schema defined by the FHIR community. See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. BigQuery only allows a maximum of 10,000 columns per table. Due to this limitation, the server will not generate schemas for fields of type Analytics schema does not gracefully handle extensions with one or more occurrences, anaytics schema also does not handle contained resource. Additionally, extensions with a URL ending in "/{existing_resource_field_name}" may cause undefined behavior. |
ANALYTICS_V2 |
Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. Extensions with a URL ending in "/{existing_resource_field_name}" will cause conflict and prevent the resource from being sent to BigQuery. Analytics V2 uses more space in the destination table than Analytics V1. It is generally recommended to use Analytics V2 over Analytics. |
TimePartitioning
Configuration for FHIR BigQuery time-partitioned tables.
JSON representation |
---|
{
"type": enum( |
Fields | |
---|---|
type |
Type of partitioning. |
expiration |
Number of milliseconds for which to keep the storage for a partition. |
PartitionType
List of time partition types.
Enums | |
---|---|
PARTITION_TYPE_UNSPECIFIED |
Default unknown time. |
HOUR |
Data partitioned by hour. |
DAY |
Data partitioned by day. |
MONTH |
Data partitioned by month. |
YEAR |
Data partitioned by year. |
WriteDisposition
The BigQuery WriteDisposition used by the export operation.
Enums | |
---|---|
WRITE_DISPOSITION_UNSPECIFIED |
Default behavior is the same as WRITE_EMPTY. |
WRITE_EMPTY |
Only export data if the destination tables are empty. |
WRITE_TRUNCATE |
Erase all existing data in the destination tables before writing the FHIR resources. |
WRITE_APPEND |
Append data to the destination tables. |
DeidentifiedStoreDestination
Contains configuration for streaming de-identified FHIR export.
JSON representation |
---|
{
"store": string,
"config": {
object( |
Fields | |
---|---|
store |
Optional. The full resource name of a Cloud Healthcare FHIR store, for example, |
config |
Optional. The configuration to use when de-identifying resources that are added to this store. |
DeidentifyConfig
Configures de-id options specific to different types of content. Each submessage customizes the handling of an https://tools.ietf.org/html/rfc6838 media type or subtype. Configs are applied in a nested manner at runtime.
JSON representation |
---|
{ "dicom": { object( |
Fields | |
---|---|
dicom |
Optional. Configures de-id of application/DICOM content. |
fhir |
Optional. Configures de-id of application/FHIR content. |
image |
Optional. Configures de-identification of image pixels wherever they are found in the sourceDataset. |
text |
Optional. Configures de-identification of text wherever it is found in the sourceDataset. |
use |
Optional. Ensures in-flight data remains in the region of origin during de-identification. The default value is false. Using this option results in a significant reduction of throughput, and is not compatible with |
DicomConfig
Specifies the parameters needed for de-identification of DICOM stores.
JSON representation |
---|
{ "skipIdRedaction": boolean, // Union field |
Fields | |
---|---|
skip |
Optional. If true, skip replacing StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched. The Cloud Healthcare API regenerates these UIDs by default based on the DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly to an individual out of context, given access to the original images, or to a database of the original images containing the UIDs, it would be possible to recover the individual's identity." http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html |
Union field tag_filter . Determines tag filtering method (meaning which tags to keep/remove). tag_filter can be only one of the following: |
|
keep |
List of tags to keep. Remove all other tags. |
remove |
List of tags to remove. Keep all other tags. |
filter |
Tag filtering profile that determines which tags to keep/remove. |
TagFilterList
List of tags to be filtered.
JSON representation |
---|
{ "tags": [ string ] } |
Fields | |
---|---|
tags[] |
Optional. Tags to be filtered. Tags must be DICOM Data Elements, File Meta Elements, or Directory Structuring Elements, as defined at: http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,. They may be provided by "Keyword" or "Tag". For example "PatientID", "00100010". |
TagFilterProfile
Profile that determines which tags to keep/remove.
Enums | |
---|---|
TAG_FILTER_PROFILE_UNSPECIFIED |
No tag filtration profile provided. Same as KEEP_ALL_PROFILE. |
MINIMAL_KEEP_LIST_PROFILE |
Keep only tags required to produce valid DICOM. |
ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE |
Remove tags based on DICOM Standard's Attribute Confidentiality Basic Profile (DICOM Standard Edition 2018e) http://dicom.nema.org/medical/dicom/2018e/output/chtml/part15/chapter_E.html. |
KEEP_ALL_PROFILE |
Keep all tags. |
DEIDENTIFY_TAG_CONTENTS |
Inspects within tag contents and replaces sensitive text. The process can be configured using the TextConfig. Applies to all tags with the following Value Representation names: AE, LO, LT, PN, SH, ST, UC, UT, DA, DT, AS |
FhirConfig
Specifies how to handle de-identification of a FHIR store.
JSON representation |
---|
{
"fieldMetadataList": [
{
object( |
Fields | |
---|---|
field |
Optional. Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to |
default |
Optional. The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default. |
FieldMetadata
Specifies FHIR paths to match, and how to handle de-identification of matching fields.
JSON representation |
---|
{
"paths": [
string
],
"action": enum( |
Fields | |
---|---|
paths[] |
Optional. List of paths to FHIR fields to be redacted. Each path is a period-separated list where each component is either a field name or FHIR type name, for example: Patient, HumanName. For "choice" types (those defined in the FHIR spec with the form: field[x]) we use two separate components. For example, "deceasedAge.unit" is matched by "Deceased.Age.unit". Supported types are: AdministrativeGenderCode, Base64Binary, Boolean, Code, Date, DateTime, Decimal, HumanName, Id, Instant, Integer, LanguageCode, Markdown, Oid, PositiveInt, String, UnsignedInt, Uri, Uuid, Xhtml. |
action |
Optional. Deidentify action for one field. |
Action
Whether or not to redact this field, or whether to inspect it for PHI.
Enums | |
---|---|
ACTION_UNSPECIFIED |
No action specified. Defaults to DO_NOT_TRANSFORM. |
TRANSFORM |
Transform the entire field. |
INSPECT_AND_TRANSFORM |
Inspect and transform any found PHI. |
DO_NOT_TRANSFORM |
Do not transform. |
ImageConfig
Specifies how to handle de-identification of image pixels.
JSON representation |
---|
{
"textRedactionMode": enum( |
Fields | |
---|---|
text |
Optional. Determines how to redact text from image. |
TextRedactionMode
How to redact text found in images (if at all).
Enums | |
---|---|
TEXT_REDACTION_MODE_UNSPECIFIED |
No text redaction specified. Same as REDACT_NO_TEXT. |
REDACT_ALL_TEXT |
Redact all text. |
REDACT_SENSITIVE_TEXT |
Redact sensitive text. Uses the set of Default DICOM InfoTypes. |
REDACT_NO_TEXT |
Do not redact text. |
TextConfig
JSON representation |
---|
{ "transformations": [ { object( |
Fields | |
---|---|
transformations[] |
Optional. The transformations to apply to the detected data. Deprecated. Use |
additional |
Optional. Transformations to apply to the detected data, overridden by |
exclude |
Optional. InfoTypes to skip transforming, overriding |
InfoTypeTransformation
A transformation to apply to text that is identified as a specific infoType.
JSON representation |
---|
{ "infoTypes": [ string ], // Union field |
Fields | |
---|---|
info |
Optional. InfoTypes to apply this transformation to. If this is not specified, the transformation applies to any infoType. |
Union field
|
|
redact |
Config for text redaction. |
character |
Config for character mask. |
date |
Config for date shift. |
crypto |
Config for crypto hash. |
replace |
Config for replace with InfoType. |
RedactConfig
This type has no fields.
Define how to redact sensitive values. Default behaviour is erase. For example, "My name is Jane." becomes "My name is ."
CharacterMaskConfig
Mask a string by replacing its characters with a fixed character.
JSON representation |
---|
{ "maskingCharacter": string } |
Fields | |
---|---|
masking |
Optional. Character to mask the sensitive values. If not supplied, defaults to "*". |
DateShiftConfig
Shift a date forward or backward in time by a random amount which is consistent for a given patient and crypto key combination.
JSON representation |
---|
{
"cryptoKey": string,
"kmsWrapped": {
object( |
Fields | |
---|---|
crypto |
An AES 128/192/256 bit key. The date shift is computed based on this key and the patient ID. If the patient ID is empty for a DICOM resource, the date shift is computed based on this key and the study instance UID. If A base64-encoded string. |
kms |
KMS wrapped key. If |
KmsWrappedCryptoKey
Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. The key must grant the Cloud IAM permission cloudkms.cryptoKeyVersions.useToDecrypt
to the project's Cloud Healthcare Service Agent service account.
For more information, see Creating a wrapped key.
JSON representation |
---|
{ "wrappedKey": string, "cryptoKey": string } |
Fields | |
---|---|
wrapped |
Required. The wrapped data crypto key. A base64-encoded string. |
crypto |
Required. The resource name of the KMS CryptoKey to use for unwrapping. For example, |
CryptoHashConfig
Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. Outputs a base64-encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=
).
JSON representation |
---|
{
"cryptoKey": string,
"kmsWrapped": {
object( |
Fields | |
---|---|
crypto |
An AES 128/192/256 bit key. Causes the hash to be computed based on this key. A default key is generated for each Deidentify operation and is used when neither A base64-encoded string. |
kms |
KMS wrapped key. Must not be set if |
ReplaceWithInfoTypeConfig
This type has no fields.
When using the INSPECT_AND_TRANSFORM
action, each match is replaced with the name of the infoType. For example, "My name is Jane" becomes "My name is [PERSON_NAME]." The TRANSFORM
action is equivalent to redacting.
ValidationConfig
Contains the configuration for FHIR profiles and validation.
JSON representation |
---|
{ "disableProfileValidation": boolean, "enabledImplementationGuides": [ string ], "disableRequiredFieldValidation": boolean, "disableReferenceTypeValidation": boolean, "disableFhirpathValidation": boolean } |
Fields | |
---|---|
disable |
Optional. Whether to disable profile validation for this FHIR store. The default value is false. Set this to true to disable checking incoming resources for conformance against structure definitions in this FHIR store. |
enabled |
Optional. A list of implementation guide URLs in this FHIR store that are used to configure the profiles to use for validation. For example, to use the US Core profiles for validation, set The Cloud Healthcare API does not currently enforce all of the rules in a StructureDefinition. The following rules are supported:
When a URL cannot be resolved (for example, in a type assertion), the server does not return an error. |
disable |
Optional. Whether to disable required fields validation for incoming resources. The default value is false. Set this to true to disable checking incoming resources for conformance against required fields requirement defined in the FHIR specification. This property only affects resource types that do not have profiles configured for them, any rules in enabled implementation guides will still be enforced. |
disable |
Optional. Whether to disable reference type validation for incoming resources. The default value is false. Set this to true to disable checking incoming resources for conformance against reference type requirement defined in the FHIR specification. This property only affects resource types that do not have profiles configured for them, any rules in enabled implementation guides will still be enforced. |
disable |
Optional. Whether to disable FHIRPath validation for incoming resources. The default value is false. Set this to true to disable checking incoming resources for conformance against FHIRPath requirement defined in the FHIR specification. This property only affects resource types that do not have profiles configured for them, any rules in enabled implementation guides will still be enforced. |
ComplexDataTypeReferenceParsing
ComplexDataTypeReferenceParsing defines the parsing behavior of complex FHIR data types.
Enums | |
---|---|
COMPLEX_DATA_TYPE_REFERENCE_PARSING_UNSPECIFIED |
No parsing behavior specified. This is the same as DISABLED for backwards compatibility. |
DISABLED |
References in complex data types are ignored. |
ENABLED |
References in complex data types are parsed. |
FhirNotificationConfig
Contains the configuration for FHIR notifications.
JSON representation |
---|
{ "pubsubTopic": string, "sendFullResource": boolean, "sendPreviousResourceOnDelete": boolean } |
Fields | |
---|---|
pubsub |
Optional. The Pub/Sub topic that notifications of changes are published on. Supplied by the client. The notification is a
Note that notifications are only sent if the topic is non-empty. Topic names must be scoped to a project. The Cloud Healthcare API service account, service- If a notification can't be published to Pub/Sub, errors are logged to Cloud Logging. For more information, see Viewing error logs in Cloud Logging. |
send |
Optional. Whether to send full FHIR resource to this Pub/Sub topic. The default value is false. |
send |
Optional. Whether to send full FHIR resource to this Pub/Sub topic for deleting FHIR resource. The default value is false. Note that setting this to true does not guarantee that all previous resources will be sent in the format of full FHIR resource. When a resource change is too large or during heavy traffic, only the resource name will be sent. Clients should always check the "payloadType" label from a Pub/Sub message to determine whether it needs to fetch the full previous resource as a separate operation. |
ConsentConfig
Configures whether to enforce consent for the FHIR store and which consent enforcement version is being used.
JSON representation |
---|
{ "version": enum( |
Fields | |
---|---|
version |
Required. Specifies which consent enforcement version is being used for this FHIR store. This field can only be set once by either [fhirStores.create][] or [fhirStores.patch][]. After that, you must call [fhirStores.applyConsents][] to change the version. |
access |
Optional. The default value is false. If set to true, when accessing FHIR resources, the consent headers will be verified against consents given by patients. See the |
consent |
Optional. Different options to configure the behaviour of the server when handling the |
access |
Optional. Specifies how the server logs the consent-aware requests. If not specified, the |
enforced |
Output only. The versioned names of the enforced admin Consent resource(s), in the format |
ConsentEnforcementVersion
List of consent enforcement versions supported.
Enums | |
---|---|
CONSENT_ENFORCEMENT_VERSION_UNSPECIFIED |
Users must specify an enforcement version or an error is returned. |
V1 |
Enforcement version 1. See the FHIR Consent resources in the Cloud Healthcare API guide for more details. |
ConsentHeaderHandling
How the server handles the consent header.
JSON representation |
---|
{
"profile": enum( |
Fields | |
---|---|
profile |
Optional. Specifies the default server behavior when the header is empty. If not specified, the |
ScopeProfile
Options for general consent header scope handling.
Enums | |
---|---|
SCOPE_PROFILE_UNSPECIFIED |
If not specified, the default value PERMIT_EMPTY_SCOPE is used. |
PERMIT_EMPTY_SCOPE |
When no consent scopes are provided (for example, if there's an empty or missing header), then consent check is disabled, similar to when accessEnforced is false . You can use audit logs to differentiate these two cases by looking at the value of protopayload.metadata.consentMode . If consents scopes are present, they must be valid and within the allowed limits, otherwise the request will be rejected with a 4xx code. |
REQUIRED_ON_READ |
The consent header must be non-empty when performing read and search operations, otherwise the request is rejected with a 4xx code. Additionally, invalid consent scopes or scopes exceeding the allowed limits are rejected. |
AccessDeterminationLogConfig
Configures consent audit log config for FHIR create, read, update, and delete (CRUD) operations. Cloud audit log for healthcare API must be enabled. The consent-related logs are included as part of protoPayload.metadata
.
JSON representation |
---|
{
"logLevel": enum( |
Fields | |
---|---|
log |
Optional. Controls the amount of detail to include as part of the audit logs. |
LogLevel
Lists the options for audit logging.
Enums | |
---|---|
LOG_LEVEL_UNSPECIFIED |
No log level specified. This value is unused. |
DISABLED |
No additional consent-related logging is added to audit logs. |
MINIMUM |
The following information is included:
|
VERBOSE |
Includes Note that this mode adds some overhead to CRUD operations. |
Methods |
|
---|---|
|
Applies the admin Consent resources for the FHIR store and reindexes the underlying resources in the FHIR store according to the aggregate consents. |
|
Apply the Consent resources for the FHIR store and reindex the underlying resources in the FHIR store according to the aggregate consent. |
|
Creates a new FHIR store within the parent dataset. |
|
De-identifies data from the source store and writes it to the destination store. |
|
Deletes the specified FHIR store and removes all resources within it. |
|
Explains all the permitted/denied actor, purpose and environment for a given resource. |
|
Export resources from the FHIR store to the specified destination. |
|
Gets the configuration of the specified FHIR store. |
|
Gets metrics associated with the FHIR store. |
|
Gets the access control policy for a resource. |
|
Imports resources to the FHIR store by loading data from the specified sources. |
|
Lists the FHIR stores in the given dataset. |
|
Updates the configuration of the specified FHIR store. |
|
Rolls back resources from the FHIR store to the specified time. |
|
Sets the access control policy on the specified resource. |
|
Returns permissions that a caller has on the specified resource. |