REST Resource: projects.locations.datasets.fhirStores

Stay organized with collections Save and categorize content based on your preferences.

Resource: FhirStore

Represents a FHIR store.

JSON representation
{
  "name": string,
  "enableUpdateCreate": boolean,
  "notificationConfig": {
    object(NotificationConfig)
  },
  "disableReferentialIntegrity": boolean,
  "disableResourceVersioning": boolean,
  "labels": {
    string: string,
    ...
  },
  "version": enum(Version),
  "streamConfigs": [
    {
      object(StreamConfig)
    }
  ],
  "validationConfig": {
    object(ValidationConfig)
  },
  "defaultSearchHandlingStrict": boolean,
  "complexDataTypeReferenceParsing": enum(ComplexDataTypeReferenceParsing)
}
Fields
name

string

Output only. Resource name of the FHIR store, of the form projects/{projectId}/datasets/{datasetId}/fhirStores/{fhirStoreId}.

enableUpdateCreate

boolean

Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through the Create operation and attempts to update a non-existent resource return errors. It is strongly advised not to include or encode any sensitive data such as patient identifiers in client-specified resource IDs. Those IDs are part of the FHIR resource path recorded in Cloud audit logs and Pub/Sub notifications. Those IDs can also be contained in reference fields within other resources.

notificationConfig

object(NotificationConfig)

If non-empty, publish all resource modifications of this FHIR store to this destination. The Pub/Sub message attributes contain a map with a string describing the action that has triggered the notification. For example, "action":"fhir.create".

disableReferentialIntegrity

boolean

Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store creation. The default value is false, meaning that the API enforces referential integrity and fails the requests that result in inconsistent state in the FHIR store. When this field is set to true, the API skips referential integrity checks. Consequently, operations that rely on references, such as fhir.Patient-everything, do not return all the results if broken references exist.

disableResourceVersioning

boolean

Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation of FHIR store. If set to false, which is the default behavior, all write operations cause historical versions to be recorded automatically. The historical versions can be fetched through the history APIs, but cannot be updated. If set to true, no historical versions are kept. The server sends errors for attempts to read the historical versions.

labels

map (key: string, value: string)

User-supplied key-value pairs used to organize FHIR stores.

Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}

Label values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63}

No more than 64 labels can be associated with a given store.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

version

enum(Version)

Immutable. The FHIR specification version that this FHIR store supports natively. This field is immutable after store creation. Requests are rejected if they contain FHIR resources of a different version. Version is required for every FHIR store.

streamConfigs[]

object(StreamConfig)

A list of streaming configs that configure the destinations of streaming export for every resource mutation in this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next resource mutation is streamed to the new location in addition to the existing ones. When a location is removed from the list, the server stops streaming to that location. Before adding a new config, you must add the required bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on the order of dozens of seconds) is expected before the results show up in the streaming destination.

validationConfig

object(ValidationConfig)

Configuration for how to validate incoming FHIR resources against configured profiles.

defaultSearchHandlingStrict

boolean

If true, overrides the default search behavior for this FHIR store to handling=strict which returns an error for unrecognized search parameters. If false, uses the FHIR specification default handling=lenient which ignores unrecognized search parameters. The handling can always be changed from the default on an individual API call by setting the HTTP header Prefer: handling=strict or Prefer: handling=lenient.

complexDataTypeReferenceParsing

enum(ComplexDataTypeReferenceParsing)

Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources.

Version

The FHIR specification version.

Enums
VERSION_UNSPECIFIED Users must specify a version on store creation or an error is returned.
DSTU2 Draft Standard for Trial Use, Release 2
STU3 Standard for Trial Use, Release 3
R4 Release 4

StreamConfig

Contains configuration for streaming FHIR export.

JSON representation
{
  "resourceTypes": [
    string
  ],

  // Union field destination can be only one of the following:
  "bigqueryDestination": {
    object(BigQueryDestination)
  },
  "deidentifiedStoreDestination": {
    object(DeidentifiedStoreDestination)
  }
  // End of list of possible types for union field destination.
}
Fields
resourceTypes[]

string

Supply a FHIR resource type (such as "Patient" or "Observation"). See https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats an empty list as an intent to stream all the supported resource types in this FHIR store.

Union field destination. Specifies the streaming destination. destination can be only one of the following:
bigqueryDestination

object(BigQueryDestination)

The destination BigQuery structure that contains both the dataset location and corresponding schema config.

The output is organized in one table per resource type. The server reuses the existing tables (if any) that are named after the resource types. For example, "Patient", "Observation". When there is no existing table for a given resource type, the server attempts to create one.

When a table schema doesn't align with the schema config, either because of existing incompatible schema or out of band incompatible modification, the server does not stream in new data.

BigQuery imposes a 1 MB limit on streaming insert row size, therefore any resource mutation that generates more than 1 MB of BigQuery data is not streamed.

One resolution in this case is to delete the incompatible table and let the server recreate one, though the newly created table only contains data after the table recreation.

Results are written to BigQuery tables according to the parameters in BigQueryDestination.WriteDisposition. Different versions of the same resource are distinguishable by the meta.versionId and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that results in the new version is recorded in the meta.tag.

The tables contain all historical resource versions since streaming was enabled. For query convenience, the server also creates one view per table of the same name containing only the current resource version.

The streamed data in the BigQuery dataset is not guaranteed to be completely unique. The combination of the id and meta.versionId columns should ideally identify a single unique row. But in rare cases, duplicates may exist. At query time, users may use the SQL select statement to keep only one of the duplicate rows given an id and meta.versionId pair. Alternatively, the server created view mentioned above also filters out duplicates.

If a resource mutation cannot be streamed to BigQuery, errors are logged to Cloud Logging. For more information, see Viewing error logs in Cloud Logging).

deidentifiedStoreDestination

object(DeidentifiedStoreDestination)

The destination FHIR store for de-identified resources.

After this field is added, all subsequent creates/updates/patches to the source store will be de-identified using the provided configuration and applied to the destination store. Importing resources to the source store will not trigger the streaming.

If the source store already contains resources when this option is enabled, those resources will not be copied to the destination store unless they are subsequently updated. This may result in invalid references in the destination store.

Before adding this config, you must grant the healthcare.fhirResources.update permission on the destination store to your project's Cloud Healthcare Service Agent service account. The destination store must set enableUpdateCreate to true. The destination store must have disableReferentialIntegrity set to true.

If a resource cannot be de-identified, errors will be logged to Cloud Logging (see Viewing error logs in Cloud Logging).

BigQueryDestination

The configuration for exporting to BigQuery.

JSON representation
{
  "datasetUri": string,
  "schemaConfig": {
    object(SchemaConfig)
  },
  "force": boolean,
  "writeDisposition": enum(WriteDisposition)
}
Fields
datasetUri

string

BigQuery URI to an existing dataset, up to 2000 characters long, in the format bq://projectId.bqDatasetId.

schemaConfig

object(SchemaConfig)

The configuration for the exported BigQuery schema.

force

boolean

If this flag is TRUE, all tables are deleted from the dataset before the new exported tables are written. If the flag is not set and the destination dataset contains tables, the export call returns an error.

If writeDisposition is specified, this parameter is ignored. force=false is equivalent to writeDisposition=WRITE_EMPTY and force=true is equivalent to writeDisposition=WRITE_TRUNCATE.

writeDisposition

enum(WriteDisposition)

Determines if existing data in the destination dataset is overwritten, appended to, or not written if the tables contain data. If a writeDisposition is specified, the force parameter is ignored.

SchemaConfig

Configuration for the FHIR BigQuery schema. Determines how the server generates the schema.

JSON representation
{
  "schemaType": enum(SchemaType),
  "recursiveStructureDepth": string
}
Fields
schemaType

enum(SchemaType)

Specifies the output schema type. Schema type is required.

recursiveStructureDepth

string (int64 format)

The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default value 2. The maximum depth allowed is 5.

SchemaType

An enum consisting of the supported output schema types.

Enums
SCHEMA_TYPE_UNSPECIFIED No schema type specified. This type is unsupported.
ANALYTICS

Analytics schema defined by the FHIR community. See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md.

BigQuery only allows a maximum of 10,000 columns per table. Due to this limitation, the server will not generate schemas for fields of type Resource, which can hold any resource type. The affected fields are Parameters.parameter.resource, Bundle.entry.resource, and Bundle.entry.response.outcome.

ANALYTICS_V2 Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON.

WriteDisposition

The BigQuery WriteDisposition used by the export operation.

Enums
WRITE_DISPOSITION_UNSPECIFIED Default behavior is the same as WRITE_EMPTY.
WRITE_EMPTY Only export data if the destination tables are empty.
WRITE_TRUNCATE Erase all existing data in the destination tables before writing the FHIR resources.
WRITE_APPEND Append data to the destination tables.

DeidentifiedStoreDestination

Contains configuration for streaming de-identified FHIR export.

JSON representation
{
  "store": string,
  "config": {
    object(DeidentifyConfig)
  }
}
Fields
store

string

The full resource name of a Cloud Healthcare FHIR store, for example, projects/{projectId}/locations/{locationId}/datasets/{datasetId}/fhirStores/{fhirStoreId}.

config

object(DeidentifyConfig)

The configuration to use when de-identifying resources that are added to this store.

DeidentifyConfig

Configures de-id options specific to different types of content. Each submessage customizes the handling of an https://tools.ietf.org/html/rfc6838 media type or subtype. Configs are applied in a nested manner at runtime.

JSON representation
{
  "dicom": {
    object(DicomConfig)
  },
  "fhir": {
    object(FhirConfig)
  },
  "image": {
    object(ImageConfig)
  },
  "text": {
    object(TextConfig)
  }
}
Fields
dicom

object(DicomConfig)

Configures de-id of application/DICOM content.

fhir

object(FhirConfig)

Configures de-id of application/FHIR content.

image

object(ImageConfig)

Configures de-identification of image pixels wherever they are found in the sourceDataset.

text

object(TextConfig)

Configures de-identification of text wherever it is found in the sourceDataset.

DicomConfig

Specifies the parameters needed for de-identification of DICOM stores.

JSON representation
{
  "skipIdRedaction": boolean,

  // Union field tag_filter can be only one of the following:
  "keepList": {
    object(TagFilterList)
  },
  "removeList": {
    object(TagFilterList)
  },
  "filterProfile": enum(TagFilterProfile)
  // End of list of possible types for union field tag_filter.
}
Fields
skipIdRedaction

boolean

If true, skip replacing StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched. The Cloud Healthcare API regenerates these UIDs by default based on the DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly to an individual out of context, given access to the original images, or to a database of the original images containing the UIDs, it would be possible to recover the individual's identity." http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html

Union field tag_filter. Determines tag filtering method (meaning which tags to keep/remove). tag_filter can be only one of the following:
keepList

object(TagFilterList)

List of tags to keep. Remove all other tags.

removeList

object(TagFilterList)

List of tags to remove. Keep all other tags.

filterProfile

enum(TagFilterProfile)

Tag filtering profile that determines which tags to keep/remove.

TagFilterList

List of tags to be filtered.

JSON representation
{
  "tags": [
    string
  ]
}
Fields
tags[]

string

Tags to be filtered. Tags must be DICOM Data Elements, File Meta Elements, or Directory Structuring Elements, as defined at: http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,. They may be provided by "Keyword" or "Tag". For example "PatientID", "00100010".

TagFilterProfile

Profile that determines which tags to keep/remove.

Enums
TAG_FILTER_PROFILE_UNSPECIFIED No tag filtration profile provided. Same as KEEP_ALL_PROFILE.
MINIMAL_KEEP_LIST_PROFILE Keep only tags required to produce valid DICOM.
ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE Remove tags based on DICOM Standard's Attribute Confidentiality Basic Profile (DICOM Standard Edition 2018e) http://dicom.nema.org/medical/dicom/2018e/output/chtml/part15/chapter_E.html.
KEEP_ALL_PROFILE Keep all tags.
DEIDENTIFY_TAG_CONTENTS Inspects within tag contents and replaces sensitive text. The process can be configured using the TextConfig. Applies to all tags with the following Value Representation names: AE, LO, LT, PN, SH, ST, UC, UT, DA, DT, AS

FhirConfig

Specifies how to handle de-identification of a FHIR store.

JSON representation
{
  "fieldMetadataList": [
    {
      object(FieldMetadata)
    }
  ],
  "defaultKeepExtensions": boolean
}
Fields
fieldMetadataList[]

object(FieldMetadata)

Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to defaultKeepExtensions.

defaultKeepExtensions

boolean

The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.

FieldMetadata

Specifies FHIR paths to match, and how to handle de-identification of matching fields.

JSON representation
{
  "paths": [
    string
  ],
  "action": enum(Action)
}
Fields
paths[]

string

List of paths to FHIR fields to be redacted. Each path is a period-separated list where each component is either a field name or FHIR type name, for example: Patient, HumanName. For "choice" types (those defined in the FHIR spec with the form: field[x]) we use two separate components. For example, "deceasedAge.unit" is matched by "Deceased.Age.unit". Supported types are: AdministrativeGenderCode, Base64Binary, Boolean, Code, Date, DateTime, Decimal, HumanName, Id, Instant, Integer, LanguageCode, Markdown, Oid, PositiveInt, String, UnsignedInt, Uri, Uuid, Xhtml.

action

enum(Action)

Deidentify action for one field.

Action

Whether or not to redact this field, or whether to inspect it for PHI.

Enums
ACTION_UNSPECIFIED No action specified.
TRANSFORM Transform the entire field.
INSPECT_AND_TRANSFORM Inspect and transform any found PHI.
DO_NOT_TRANSFORM Do not transform.

ImageConfig

Specifies how to handle de-identification of image pixels.

JSON representation
{
  "textRedactionMode": enum(TextRedactionMode)
}
Fields
textRedactionMode

enum(TextRedactionMode)

Determines how to redact text from image.

TextRedactionMode

How to redact text found in images (if at all).

Enums
TEXT_REDACTION_MODE_UNSPECIFIED No text redaction specified. Same as REDACT_NO_TEXT.
REDACT_ALL_TEXT Redact all text.
REDACT_SENSITIVE_TEXT Redact sensitive text. Uses the set of Default DICOM InfoTypes.
REDACT_NO_TEXT Do not redact text.

TextConfig

JSON representation
{
  "transformations": [
    {
      object(InfoTypeTransformation)
    }
  ]
}
Fields
transformations[]

object(InfoTypeTransformation)

The transformations to apply to the detected data.

InfoTypeTransformation

A transformation to apply to text that is identified as a specific infoType.

JSON representation
{
  "infoTypes": [
    string
  ],

  // Union field config can be only one of the following:
  "redactConfig": {
    object(RedactConfig)
  },
  "characterMaskConfig": {
    object(CharacterMaskConfig)
  },
  "dateShiftConfig": {
    object(DateShiftConfig)
  },
  "cryptoHashConfig": {
    object(CryptoHashConfig)
  },
  "replaceWithInfoTypeConfig": {
    object(ReplaceWithInfoTypeConfig)
  }
  // End of list of possible types for union field config.
}
Fields
infoTypes[]

string

InfoTypes to apply this transformation to. If this is not specified, the transformation applies to any infoType.

Union field config.

config can be only one of the following:

redactConfig

object(RedactConfig)

Config for text redaction.

characterMaskConfig

object(CharacterMaskConfig)

Config for character mask.

dateShiftConfig

object(DateShiftConfig)

Config for date shift.

cryptoHashConfig

object(CryptoHashConfig)

Config for crypto hash.

replaceWithInfoTypeConfig

object(ReplaceWithInfoTypeConfig)

Config for replace with InfoType.

RedactConfig

Define how to redact sensitive values. Default behaviour is erase. For example, "My name is Jane." becomes "My name is ."

CharacterMaskConfig

Mask a string by replacing its characters with a fixed character.

JSON representation
{
  "maskingCharacter": string
}
Fields
maskingCharacter

string

Character to mask the sensitive values. If not supplied, defaults to "*".

DateShiftConfig

Shift a date forward or backward in time by a random amount which is consistent for a given patient and crypto key combination.

JSON representation
{
  "cryptoKey": string,
  "kmsWrapped": {
    object(KmsWrappedCryptoKey)
  }
}
Fields
cryptoKey

string (bytes format)

An AES 128/192/256 bit key. Causes the shift to be computed based on this key and the patient ID. A default key is generated for each de-identification operation and is used when neither cryptoKey nor kmsWrapped is specified. Must not be set if kmsWrapped is set.

A base64-encoded string.

kmsWrapped

object(KmsWrappedCryptoKey)

KMS wrapped key. Must not be set if cryptoKey is set.

KmsWrappedCryptoKey

Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. The key must grant the Cloud IAM permission cloudkms.cryptoKeyVersions.useToDecrypt to the project's Cloud Healthcare Service Agent service account.

For more information, see Creating a wrapped key.

JSON representation
{
  "wrappedKey": string,
  "cryptoKey": string
}
Fields
wrappedKey

string (bytes format)

Required. The wrapped data crypto key.

A base64-encoded string.

cryptoKey

string

Required. The resource name of the KMS CryptoKey to use for unwrapping. For example, projects/{projectId}/locations/{locationId}/keyRings/{keyring}/cryptoKeys/{key}.

CryptoHashConfig

Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. Outputs a base64-encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).

JSON representation
{
  "cryptoKey": string,
  "kmsWrapped": {
    object(KmsWrappedCryptoKey)
  }
}
Fields
cryptoKey

string (bytes format)

An AES 128/192/256 bit key. Causes the hash to be computed based on this key. A default key is generated for each Deidentify operation and is used when neither cryptoKey nor kmsWrapped is specified. Must not be set if kmsWrapped is set.

A base64-encoded string.

kmsWrapped

object(KmsWrappedCryptoKey)

KMS wrapped key. Must not be set if cryptoKey is set.

ReplaceWithInfoTypeConfig

When using the INSPECT_AND_TRANSFORM action, each match is replaced with the name of the infoType. For example, "My name is Jane" becomes "My name is [PERSON_NAME]." The TRANSFORM action is equivalent to redacting.

ValidationConfig

Contains the configuration for FHIR profiles and validation.

JSON representation
{
  "disableProfileValidation": boolean,
  "enabledImplementationGuides": [
    string
  ],
  "disableRequiredFieldValidation": boolean,
  "disableReferenceTypeValidation": boolean,
  "disableFhirpathValidation": boolean
}
Fields
disableProfileValidation

boolean

Whether to disable profile validation for this FHIR store. Set this to true to disable checking incoming resources for conformance against structure definitions in this FHIR store.

enabledImplementationGuides[]

string

A list of implementation guide URLs in this FHIR store that are used to configure the profiles to use for validation. For example, to use the US Core profiles for validation, set enabledImplementationGuides to ["http://hl7.org/fhir/us/core/ImplementationGuide/ig"]. If enabledImplementationGuides is empty or omitted, then incoming resources are only required to conform to the base FHIR profiles. Otherwise, a resource must conform to at least one profile listed in the global property of one of the enabled ImplementationGuides.

The Cloud Healthcare API does not currently enforce all of the rules in a StructureDefinition. The following rules are supported:

- min/max
- minValue/maxValue
- maxLength
- type
- fixed[x]
- pattern[x] on simple types
- slicing, when using "value" as the discriminator type

When a URL cannot be resolved (for example, in a type assertion), the server does not return an error.

disableRequiredFieldValidation

boolean

Whether to disable required fields validation for incoming resources. Set this to true to disable checking incoming resources for conformance against required fields requirement defined in the FHIR specification. This property only affects resource types that do not have profiles configured for them, any rules in enabled implementation guides will still be enforced.

disableReferenceTypeValidation

boolean

Whether to disable reference type validation for incoming resources. Set this to true to disable checking incoming resources for conformance against reference type requirement defined in the FHIR specification. This property only affects resource types that do not have profiles configured for them, any rules in enabled implementation guides will still be enforced.

disableFhirpathValidation

boolean

Whether to disable FHIRPath validation for incoming resources. Set this to true to disable checking incoming resources for conformance against FHIRPath requirement defined in the FHIR specification. This property only affects resource types that do not have profiles configured for them, any rules in enabled implementation guides will still be enforced.

ComplexDataTypeReferenceParsing

ComplexDataTypeReferenceParsing defines the parsing behavior of complex FHIR data types.

Enums
COMPLEX_DATA_TYPE_REFERENCE_PARSING_UNSPECIFIED No parsing behavior specified. This is the same as DISABLED for backwards compatibility.
DISABLED References in complex data types are ignored.
ENABLED References in complex data types are parsed.

Methods

create

Creates a new FHIR store within the parent dataset.

deidentify

De-identifies data from the source store and writes it to the destination store.

delete

Deletes the specified FHIR store and removes all resources within it.

export

Export resources from the FHIR store to the specified destination.

get

Gets the configuration of the specified FHIR store.

getIamPolicy

Gets the access control policy for a resource.

import

Imports resources to the FHIR store by loading data from the specified sources.

list

Lists the FHIR stores in the given dataset.

patch

Updates the configuration of the specified FHIR store.

setIamPolicy

Sets the access control policy on the specified resource.

testIamPermissions

Returns permissions that a caller has on the specified resource.