DeidentifyConfig

Configures de-id options specific to different types of content. Each submessage customizes the handling of an https://tools.ietf.org/html/rfc6838 media type or subtype. Configs are applied in a nested manner at runtime.

JSON representation

JSON representation
{ "dicom": { object(`DicomConfig`) }, "fhir": { object(`FhirConfig`) }, "image": { object(`ImageConfig`) }, "annotation": { object(`AnnotationConfig`) }, "text": { object(`TextConfig`) }, "operationMetadata": { object(`DeidentifyOperationMetadata`) } }

{
  "dicom": {
    object(DicomConfig)
  },
  "fhir": {
    object(FhirConfig)
  },
  "image": {
    object(ImageConfig)
  },
  "annotation": {
    object(AnnotationConfig)
  },
  "text": {
    object(TextConfig)
  },
  "operationMetadata": {
    object(DeidentifyOperationMetadata)
  }
}

Fields
`dicom`	`object(DicomConfig)` Configures de-id of application/DICOM content.
`fhir`	`object(FhirConfig)` Configures de-id of application/FHIR content.
`image`	`object(ImageConfig)` Configures de-identification of image pixels wherever they are found in the sourceDataset.
`annotation`	`object(AnnotationConfig)` Configures how annotations, meaning that the location and infoType of sensitive information findings, are created during de-identification. If unspecified, no annotations are created.
`text`	`object(TextConfig)` Configures de-identification of text wherever it is found in the sourceDataset.
`operationMetadata`	`object(DeidentifyOperationMetadata)` Details about the work the de-identify operation performed.

DicomConfig

Specifies the parameters needed for de-identification of DICOM stores.

JSON representation

JSON representation
{ "skipIdRedaction": boolean, // Union field `tag_filter` can be only one of the following: "keepList": { object(`TagFilterList`) }, "removeList": { object(`TagFilterList`) }, "filterProfile": enum(`TagFilterProfile`) // End of list of possible types for union field `tag_filter`. }

{
  "skipIdRedaction": boolean,

  // Union field tag_filter can be only one of the following:
  "keepList": {
    object(TagFilterList)
  },
  "removeList": {
    object(TagFilterList)
  },
  "filterProfile": enum(TagFilterProfile)
  // End of list of possible types for union field tag_filter.
}

Fields
`skipIdRedaction`	`boolean` If true, skip replacing StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched. The Cloud Healthcare API regenerates these UIDs by default based on the DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly to an individual out of context, given access to the original images, or to a database of the original images containing the UIDs, it would be possible to recover the individual's identity." http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html
Union field `tag_filter`. Determines tag filtering method (meaning which tags to keep/remove). `tag_filter` can be only one of the following:
`keepList`	`object(TagFilterList)` List of tags to keep. Remove all other tags.
`removeList`	`object(TagFilterList)` List of tags to remove. Keep all other tags.
`filterProfile`	`enum(TagFilterProfile)` Tag filtering profile that determines which tags to keep/remove.

TagFilterList

List of tags to be filtered.

JSON representation
{ "tags": [ string ] }

Fields

Fields
`tags[]`	`string` Tags to be filtered. Tags must be DICOM Data Elements, File Meta Elements, or Directory Structuring Elements, as defined at: http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,. They may be provided by "Keyword" or "Tag". For example, "PatientID", "00100010".

tags[]

string

Tags to be filtered. Tags must be DICOM Data Elements, File Meta Elements, or Directory Structuring Elements, as defined at: http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,. They may be provided by "Keyword" or "Tag". For example, "PatientID", "00100010".

TagFilterProfile

Profile that determines which tags to keep/remove.

Enums
`TAG_FILTER_PROFILE_UNSPECIFIED`	No tag filtration profile provided. Same as KEEP_ALL_PROFILE.
`MINIMAL_KEEP_LIST_PROFILE`	Keep only tags required to produce valid DICOM.
`ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE`	Remove tags based on DICOM Standard's Attribute Confidentiality Basic Profile (DICOM Standard Edition 2018e) http://dicom.nema.org/medical/dicom/2018e/output/chtml/part15/chapter_E.html.
`KEEP_ALL_PROFILE`	Keep all tags.
`DEIDENTIFY_TAG_CONTENTS`	Inspects within tag contents and replaces sensitive text. The process can be configured using the TextConfig. Applies to all tags with the following Value Representation names: AE, LO, LT, PN, SH, ST, UC, UT, DA, DT, AS

FhirConfig

Specifies how to handle de-identification of a FHIR store.

JSON representation
{ "fieldMetadataList": [ { object(`FieldMetadata`) } ], "defaultKeepExtensions": boolean }

Fields

Fields
`fieldMetadataList[]`	`object(FieldMetadata)` Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to `defaultKeepExtensions`. If a field can be matched by more than one FieldMetadata, the first FieldMetadata.Action is applied.
`defaultKeepExtensions`	`boolean` The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.

fieldMetadataList[]

object(FieldMetadata)

Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to defaultKeepExtensions. If a field can be matched by more than one FieldMetadata, the first FieldMetadata.Action is applied.

defaultKeepExtensions

boolean

The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.

FieldMetadata

Specifies FHIR paths to match, and how to handle de-identification of matching fields.

JSON representation
{ "paths": [ string ], "action": enum(`Action`) }

Fields

paths[]

string

List of paths to FHIR fields to redact. Each path is a period-separated list where each component is either a field name or FHIR type name. All types begin with an upper case letter. For example, the resource field "Patient.Address.city", which uses a string type, can be matched by "Patient.Address.String". Path also supports partial matching. For example, "Patient.Address.city" can be matched by "Address.city" (Patient omitted). Partial matching and type matching can be combined. For example, "Patient.Address.city" can be matched by "Address.String". For "choice" types (those defined in the FHIR spec with the form: field[x]), use two separate components. For example, "deceasedAge.unit" is matched by "Deceased.Age.unit". Supported types are: AdministrativeGenderCode, Base64Binary, Boolean, Code, Date, DateTime, Decimal, HumanName, Id, Instant, Integer, LanguageCode, Markdown, Oid, PositiveInt, String, UnsignedInt, Uri, Uuid, Xhtml. The sub-type for HumanName(for example HumanName.given, HumanName.family) can be omitted.

action

enum(Action)

Deidentify action for one field.

Action

Whether or not to redact this field, or whether to inspect it for PHI.

Enums
`ACTION_UNSPECIFIED`	No action specified.
`TRANSFORM`	Transform the entire field based on transformations specified in TextConfig. When the specified transformation cannot be applied to a field, RedactConfig is used. For example, a Crypto Hash transformation can't be applied to a FHIR Date field.
`INSPECT_AND_TRANSFORM`	Inspect and transform any found PHI. When `AnnotationConfig` is provided, annotations of PHI will be generated, except for `Date` and `Datetime`.
`DO_NOT_TRANSFORM`	Do not transform.

ImageConfig

Specifies how to handle de-identification of image pixels.

JSON representation
{ "textRedactionMode": enum(`TextRedactionMode`) }

Fields

Fields
`textRedactionMode`	`enum(TextRedactionMode)` Determines how to redact text from image.

textRedactionMode

enum(TextRedactionMode)

Determines how to redact text from image.

TextRedactionMode

How to redact text found in images (if at all).

Enums
`TEXT_REDACTION_MODE_UNSPECIFIED`	No text redaction specified. Same as REDACT_NO_TEXT.
`REDACT_ALL_TEXT`	Redact all text.
`REDACT_SENSITIVE_TEXT`	Redact sensitive text. Uses the set of Default DICOM InfoTypes.
`REDACT_NO_TEXT`	Do not redact text.

AnnotationConfig

Specifies how to store annotations during de-identification operation.

JSON representation
{ "annotationStoreName": string, "storeQuote": boolean }

Fields

Fields
`annotationStoreName`	`string` The name of the annotation store, in the form `projects/{projectId}/locations/{locationId}/datasets/{datasetId}/annotationStores/{annotationStoreId}`). The destination annotation store must be in the same project as the source data. De-identifying data across multiple projects is not supported. The destination annotation store must exist when using `dicomStores.deidentify` or `fhirStores.deidentify`. `datasets.deidentify` automatically creates the destination annotation store.
`storeQuote`	`boolean` If set to true, the sensitive texts are included in `SensitiveTextAnnotation` of `Annotation`.

annotationStoreName

string

The name of the annotation store, in the form projects/{projectId}/locations/{locationId}/datasets/{datasetId}/annotationStores/{annotationStoreId}).

The destination annotation store must be in the same project as the source data. De-identifying data across multiple projects is not supported.
The destination annotation store must exist when using dicomStores.deidentify or fhirStores.deidentify. datasets.deidentify automatically creates the destination annotation store.

storeQuote

boolean

If set to true, the sensitive texts are included in SensitiveTextAnnotation of Annotation.

TextConfig

JSON representation
{ "transformations": [ { object(`InfoTypeTransformation`) } ] }

Fields

Fields
`transformations[]`	`object(InfoTypeTransformation)` The transformations to apply to the detected data.

transformations[]

object(InfoTypeTransformation)

The transformations to apply to the detected data.

InfoTypeTransformation

A transformation to apply to text that is identified as a specific infoType.

JSON representation

JSON representation
{ "infoTypes": [ string ], // Union field `config` can be only one of the following: "redactConfig": { object(`RedactConfig`) }, "characterMaskConfig": { object(`CharacterMaskConfig`) }, "dateShiftConfig": { object(`DateShiftConfig`) }, "cryptoHashConfig": { object(`CryptoHashConfig`) }, "replaceWithInfoTypeConfig": { object(`ReplaceWithInfoTypeConfig`) } // End of list of possible types for union field `config`. }

{
  "infoTypes": [
    string
  ],

  // Union field config can be only one of the following:
  "redactConfig": {
    object(RedactConfig)
  },
  "characterMaskConfig": {
    object(CharacterMaskConfig)
  },
  "dateShiftConfig": {
    object(DateShiftConfig)
  },
  "cryptoHashConfig": {
    object(CryptoHashConfig)
  },
  "replaceWithInfoTypeConfig": {
    object(ReplaceWithInfoTypeConfig)
  }
  // End of list of possible types for union field config.
}

Fields
`infoTypes[]`	`string` InfoTypes to apply this transformation to. If this is not specified, this transformation becomes the default transformation, and is used for any infoType that is not specified in another transformation.
Union field `config`. `config` can be only one of the following:
`redactConfig`	`object(RedactConfig)` Config for text redaction.
`characterMaskConfig`	`object(CharacterMaskConfig)` Config for character mask.
`dateShiftConfig`	`object(DateShiftConfig)` Config for date shift.
`cryptoHashConfig`	`object(CryptoHashConfig)` Config for crypto hash.
`replaceWithInfoTypeConfig`	`object(ReplaceWithInfoTypeConfig)` Config for replace with InfoType.

RedactConfig

Define how to redact sensitive values. Default behaviour is erase. For example, "My name is Jane." becomes "My name is ."

CharacterMaskConfig

Mask a string by replacing its characters with a fixed character.

JSON representation
{ "maskingCharacter": string }

Fields

Fields
`maskingCharacter`	`string` Character to mask the sensitive values. If not supplied, defaults to "*".

maskingCharacter

string

Character to mask the sensitive values. If not supplied, defaults to "*".

DateShiftConfig

Shift a date forward or backward in time by a random amount which is consistent for a given patient and crypto key combination.

JSON representation
{ "cryptoKey": string, "kmsWrapped": { object(`KmsWrappedCryptoKey`) } }

Fields

Fields
`cryptoKey`	`string (bytes format)` An AES 128/192/256 bit key. Causes the shift to be computed based on this key and the patient ID. A default key is generated for each de-identification operation and is used when neither `cryptoKey` nor `kmsWrapped` is specified. Must not be set if `kmsWrapped` is set. A base64-encoded string.
`kmsWrapped`	`object(KmsWrappedCryptoKey)` KMS wrapped key. Must not be set if `cryptoKey` is set.

cryptoKey

string (bytes format)

An AES 128/192/256 bit key. Causes the shift to be computed based on this key and the patient ID. A default key is generated for each de-identification operation and is used when neither cryptoKey nor kmsWrapped is specified. Must not be set if kmsWrapped is set.

A base64-encoded string.

kmsWrapped

object(KmsWrappedCryptoKey)

KMS wrapped key. Must not be set if cryptoKey is set.

KmsWrappedCryptoKey

Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. The key must grant the Cloud IAM permission cloudkms.cryptoKeyVersions.useToDecrypt to the project's Cloud Healthcare Service Agent service account.

For more information, see Creating a wrapped key.

JSON representation
{ "wrappedKey": string, "cryptoKey": string }

Fields

Fields
`wrappedKey`	`string (bytes format)` Required. The wrapped data crypto key. A base64-encoded string.
`cryptoKey`	`string` Required. The resource name of the KMS CryptoKey to use for unwrapping. For example, `projects/{projectId}/locations/{locationId}/keyRings/{keyring}/cryptoKeys/{key}`.

wrappedKey

string (bytes format)

Required. The wrapped data crypto key.

A base64-encoded string.

cryptoKey

string

Required. The resource name of the KMS CryptoKey to use for unwrapping. For example, projects/{projectId}/locations/{locationId}/keyRings/{keyring}/cryptoKeys/{key}.

CryptoHashConfig

Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. Outputs a base64-encoded representation of the hashed output. For example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=.

JSON representation
{ "cryptoKey": string, "kmsWrapped": { object(`KmsWrappedCryptoKey`) } }

Fields

Fields
`cryptoKey`	`string (bytes format)` An AES 128/192/256 bit key. Causes the hash to be computed based on this key. A default key is generated for each Deidentify operation and is used when neither `cryptoKey` nor `kmsWrapped` is specified. Must not be set if `kmsWrapped` is set. A base64-encoded string.
`kmsWrapped`	`object(KmsWrappedCryptoKey)` KMS wrapped key. Must not be set if `cryptoKey` is set.

cryptoKey

string (bytes format)

An AES 128/192/256 bit key. Causes the hash to be computed based on this key. A default key is generated for each Deidentify operation and is used when neither cryptoKey nor kmsWrapped is specified. Must not be set if kmsWrapped is set.

A base64-encoded string.

kmsWrapped

object(KmsWrappedCryptoKey)

KMS wrapped key. Must not be set if cryptoKey is set.

ReplaceWithInfoTypeConfig

When using the INSPECT_AND_TRANSFORM action, each match is replaced with the name of the infoType. For example, "My name is Jane" becomes "My name is [PERSON_NAME]." The TRANSFORM action is equivalent to redacting.

DeidentifyOperationMetadata

Details about the work the de-identify operation performed.

JSON representation
{ "fhirOutput": { object(`FhirOutput`) } }

Fields

fhirOutput

object(FhirOutput)

Details about the FHIR store to write the output to.

FhirOutput

Details about the FHIR store to write the output to.

JSON representation
{ "fhirStore": string }

Fields

Fields
`fhirStore`	`string` Name of the output FHIR store, which must already exist. You must grant the healthcare.fhirResources.update permission on the destination store to your project's Cloud Healthcare Service Agent service account. The destination store must set [`enableUpdateCreate`][FhirStore.enable_update_create] to true. The destination store must use FHIR version R4. Writing these resources will consume FHIR operations quota from the project containing the source data. De-identify operation metadata is only generated for DICOM de-identification operations.

fhirStore

string

Name of the output FHIR store, which must already exist. You must grant the healthcare.fhirResources.update permission on the destination store to your project's Cloud Healthcare Service Agent service account. The destination store must set [enableUpdateCreate][FhirStore.enable_update_create] to true. The destination store must use FHIR version R4. Writing these resources will consume FHIR operations quota from the project containing the source data. De-identify operation metadata is only generated for DICOM de-identification operations.