Resource: FhirStore
Represents a FHIR store.
JSON representation |
---|
{ "name": string, "enableUpdateCreate": boolean, "notificationConfig": { object( |
Fields | |
---|---|
name |
Output only. Identifier. Resource name of the FHIR store, of the form |
enable |
Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through the Create operation and attempts to update a non-existent resource return errors. It is strongly advised not to include or encode any sensitive data such as patient identifiers in client-specified resource IDs. Those IDs are part of the FHIR resource path recorded in Cloud audit logs and Pub/Sub notifications. Those IDs can also be contained in reference fields within other resources. Defaults to false. |
notificationConfig |
Deprecated. Use |
disable |
Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store creation. The default value is false, meaning that the API enforces referential integrity and fails the requests that result in inconsistent state in the FHIR store. When this field is set to true, the API skips referential integrity checks. Consequently, operations that rely on references, such as GetPatientEverything, do not return all the results if broken references exist. |
disable |
Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation of FHIR store. If set to false, all write operations cause historical versions to be recorded automatically. The historical versions can be fetched through the history APIs, but cannot be updated. If set to true, no historical versions are kept. The server sends errors for attempts to read the historical versions. Defaults to false. |
labels |
User-supplied key-value pairs used to organize FHIR stores. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} Label values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} No more than 64 labels can be associated with a given store. An object containing a list of |
version |
Required. Immutable. The FHIR specification version that this FHIR store supports natively. This field is immutable after store creation. Requests are rejected if they contain FHIR resources of a different version. Version is required for every FHIR store. |
stream |
A list of streaming configs that configure the destinations of streaming export for every resource mutation in this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next resource mutation is streamed to the new location in addition to the existing ones. When a location is removed from the list, the server stops streaming to that location. Before adding a new config, you must add the required |
enable |
Optional. Whether to allow |
validation |
Configuration for how to validate incoming FHIR resources against configured profiles. |
default |
If true, overrides the default search behavior for this FHIR store to |
search |
Configuration for how FHIR resources can be searched. |
notification |
Specifies where and whether to send notifications upon changes to a Fhir store. |
consent |
Optional. Specifies whether this store has consent enforcement. Not available for DSTU2 FHIR version due to absence of Consent resources. |
complex |
Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources. |
Version
The FHIR specification version.
Enums | |
---|---|
VERSION_UNSPECIFIED |
VERSION_UNSPECIFIED is treated as STU3 to accommodate the existing FHIR stores. |
DSTU2 |
Draft Standard for Trial Use, Release 2 |
STU3 |
Standard for Trial Use, Release 3 |
R4 |
Release 4 |
StreamConfig
Contains configuration for streaming FHIR export.
JSON representation |
---|
{ "resourceTypes": [ string ], // Union field |
Fields | |
---|---|
resource |
Supply a FHIR resource type (such as "Patient" or "Observation"). See https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats an empty list as an intent to stream all the supported resource types in this FHIR store. |
Union field destination . Specifies the streaming destination. destination can be only one of the following: |
|
bigquery |
The destination BigQuery structure that contains both the dataset location and corresponding schema config. The output is organized in one table per resource type. The server reuses the existing tables (if any) that are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given resource type, the server attempts to create one. When a table schema doesn't align with the schema config, either because of existing incompatible schema or out of band incompatible modification, the server does not stream in new data. One resolution in this case is to delete the incompatible table and let the server recreate one, though the newly created table only contains data after the table recreation. BigQuery imposes a 1 MB limit on streaming insert row size, therefore any resource mutation that generates more than 1 MB of BigQuery data will not be streamed. Results are written to BigQuery tables according to the parameters in The tables contain all historical resource versions since streaming was enabled. For query convenience, the server also creates one view per table of the same name containing only the current resource version. The streamed data in the BigQuery dataset is not guaranteed to be completely unique. The combination of the id and meta.versionId columns should ideally identify a single unique row. But in rare cases, duplicates may exist. At query time, users may use the SQL select statement to keep only one of the duplicate rows given an id and meta.versionId pair. Alternatively, the server created view mentioned above also filters out duplicates. If a resource mutation cannot be streamed to BigQuery, errors will be logged to Cloud Logging (see Viewing error logs in Cloud Logging). |
deidentified |
The destination FHIR store for de-identified resources. After this field is added, all subsequent creates/updates/patches to the source store will be de-identified using the provided configuration and applied to the destination store. Resources deleted from the source store will be deleted from the destination store. Importing resources to the source store will not trigger the streaming. If the source store already contains resources when this option is enabled, those resources will not be copied to the destination store unless they are subsequently updated. This may result in invalid references in the destination store. Before adding this config, you must grant the healthcare.fhirResources.update permission on the destination store to your project's Cloud Healthcare Service Agent service account. The destination store must set If a resource cannot be de-identified, errors will be logged to Cloud Logging (see Viewing error logs in Cloud Logging). |
BigQueryDestination
The configuration for exporting to BigQuery.
JSON representation |
---|
{ "datasetUri": string, "schemaConfig": { object( |
Fields | |
---|---|
dataset |
BigQuery URI to an existing dataset, up to 2000 characters long, in the format |
schema |
The configuration for the exported BigQuery schema. |
force |
Use |
write |
Determines if existing data in the destination dataset is overwritten, appended to, or not written if the tables contain data. If a writeDisposition is specified, the |
change |
Optional. Setting this field will enable BigQuery's Change Data Capture (CDC) on the destination tables. Use this field if you: - Want to only keep the latest version of each resource. Updates and deletes to an existing resource will overwrite the corresponding row. - Have a store with enabled history modifications and want to keep the entire history of resource versions but want the history to be mutable. Updates and deletes to a specific resource version will overwrite the corresponding row. See https://cloud.google.com/bigquery/docs/change-data-capture for details. |
SchemaConfig
Configuration for the FHIR BigQuery schema. Determines how the server generates the schema.
JSON representation |
---|
{ "schemaType": enum( |
Fields | |
---|---|
schema |
Specifies the output schema type. Schema type is required. |
recursive |
The depth for all recursive structures in the output analytics schema. For example, |
last |
The configuration for exported BigQuery tables to be partitioned by FHIR resource's last updated time column. |
SchemaType
An enum consisting of the supported output schema types.
Enums | |
---|---|
SCHEMA_TYPE_UNSPECIFIED |
No schema type specified. This type is unsupported. |
LOSSLESS |
A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. This type cannot be used for streaming to BigQuery. |
ANALYTICS |
Analytics schema defined by the FHIR community. See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. BigQuery only allows a maximum of 10,000 columns per table. Due to this limitation, the server will not generate schemas for fields of type Analytics schema does not gracefully handle extensions with one or more occurrences, anaytics schema also does not handle contained resource. Additionally, extensions with a URL ending in "/{existing_resource_field_name}" may cause undefined behavior. |
ANALYTICS_V2 |
Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. Extensions with a URL ending in "/{existing_resource_field_name}" will cause conflict and prevent the resource from being sent to BigQuery. Analytics V2 uses more space in the destination table than Analytics V1. It is generally recommended to use Analytics V2 over Analytics. |
TimePartitioning
Configuration for FHIR BigQuery time-partitioned tables.
JSON representation |
---|
{
"type": enum( |
Fields | |
---|---|
type |
Type of partitioning. |
expiration |
Number of milliseconds for which to keep the storage for a partition. |
PartitionType
List of time partition types.
Enums | |
---|---|
PARTITION_TYPE_UNSPECIFIED |
Default unknown time. |
HOUR |
Data partitioned by hour. |
DAY |
Data partitioned by day. |
MONTH |
Data partitioned by month. |
YEAR |
Data partitioned by year. |
WriteDisposition
The BigQuery WriteDisposition used by the export operation.
Enums | |
---|---|
WRITE_DISPOSITION_UNSPECIFIED |
Default behavior is the same as WRITE_EMPTY. |
WRITE_EMPTY |
Only export data if the destination tables are empty. |
WRITE_TRUNCATE |
Erase all existing data in the destination tables before writing the FHIR resources. |
WRITE_APPEND |
Append data to the destination tables. |
ChangeDataCaptureConfig
BigQuery Change Data Capture configuration.
JSON representation |
---|
{
"historyMode": enum( |
Fields | |
---|---|
history |
Optional. Configures how historical versions of FHIR resources will be reflected in the destination table through updates and deletes. Defaults to |
HistoryMode
The history mode controlling the behavior of updates and deletes to existing rows.
Enums | |
---|---|
HISTORY_MODE_UNSPECIFIED |
Default behavior is the same as KEEP_LATEST_VERSION. |
KEEP_LATEST_VERSION |
The table will have a unique entry for each resource ID. Updates and deletes will overwrite the row matching the resource ID if it exists in the table. |
KEEP_ALL_VERSIONS |
Historical versions of resources will be maintained. However, history mutation is allowed. Updates will overwrite the row matching the resource ID and version if it exists in the table. This option is only supported for stores with history enabled. |
DeidentifiedStoreDestination
Contains configuration for streaming de-identified FHIR export.
JSON representation |
---|
{
"store": string,
"config": {
object( |
Fields | |
---|---|
store |
The full resource name of a Cloud Healthcare FHIR store, for example, |
config |
The configuration to use when de-identifying resources that are added to this store. |
DeidentifyConfig
Configures de-id options specific to different types of content. Each submessage customizes the handling of an https://tools.ietf.org/html/rfc6838 media type or subtype. Configs are applied in a nested manner at runtime.
JSON representation |
---|
{ "dicom": { object( |
Fields | |
---|---|
dicom |
Configures de-id of application/DICOM content. Deprecated. Use |
dicom |
Configures de-id of application/DICOM content. |
fhir |
Configures de-id of application/FHIR content. Deprecated. Use |
fhir |
Configures de-id of application/FHIR content. |
image |
Configures the de-identification of image pixels in the sourceDataset. Deprecated. Use |
annotation |
Configures how annotations, meaning that the location and infoType of sensitive information findings, are created during de-identification. If unspecified, no annotations are created. |
text |
Configures de-identification of text wherever it is found in the sourceDataset. |
operation |
Details about the work the de-identify operation performed. |
use |
Ensures in-flight data remains in the region of origin during de-identification. The default value is false. Using this option results in a significant reduction of throughput, and is not compatible with |
DicomConfig
Specifies the parameters needed for de-identification of DICOM stores.
JSON representation |
---|
{ "skipIdRedaction": boolean, // Union field |
Fields | |
---|---|
skip |
If true, skip replacing StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched. The Cloud Healthcare API regenerates these UIDs by default based on the DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly to an individual out of context, given access to the original images, or to a database of the original images containing the UIDs, it would be possible to recover the individual's identity." http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html |
Union field tag_filter . Determines tag filtering method (meaning which tags to keep/remove). tag_filter can be only one of the following: |
|
keep |
List of tags to keep. Remove all other tags. |
remove |
List of tags to remove. Keep all other tags. |
filter |
Tag filtering profile that determines which tags to keep/remove. |
TagFilterList
List of tags to be filtered.
JSON representation |
---|
{ "tags": [ string ] } |
Fields | |
---|---|
tags[] |
Tags to be filtered. Tags must be DICOM Data Elements, File Meta Elements, or Directory Structuring Elements, as defined at: http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,. They may be provided by "Keyword" or "Tag". For example, "PatientID", "00100010". |
TagFilterProfile
Profile that determines which tags to keep/remove.
Enums | |
---|---|
TAG_FILTER_PROFILE_UNSPECIFIED |
No tag filtration profile provided. Same as KEEP_ALL_PROFILE. |
MINIMAL_KEEP_LIST_PROFILE |
Keep only the tags required to produce valid DICOM objects. |
ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE |
Remove tags based on DICOM Standard's Attribute Confidentiality Basic Profile (DICOM Standard Edition 2018e) http://dicom.nema.org/medical/dicom/2018e/output/chtml/part15/chapter_E.html. |
KEEP_ALL_PROFILE |
Keep all tags. |
DEIDENTIFY_TAG_CONTENTS |
Inspect within tag contents and replace sensitive text. The process can be configured using the TextConfig. Applies to all tags with the following Value Representation names: AE, LO, LT, PN, SH, ST, UC, UT, DA, DT, AS |
DicomTagConfig
Specifies the parameters needed for the de-identification of DICOM stores.
JSON representation |
---|
{ "options": { object( |
Fields | |
---|---|
options |
Specifies additional options to apply, overriding the base |
actions[] |
Specifies custom tag selections and |
Union field profile . Base profile that specifies how to handle tags. This behavior can be customized using Options or custom Actions . profile can be only one of the following: |
|
profile |
Base profile type for handling DICOM tags. |
ProfileType
Base profile that specifies how to handle tags.
Enums | |
---|---|
PROFILE_TYPE_UNSPECIFIED |
No profile provided. Same as ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE . |
MINIMAL_KEEP_LIST_PROFILE |
Keep only the tags required to produce valid DICOM objects. |
ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE |
Remove tags based on DICOM Standard's Attribute Confidentiality Basic Profile (DICOM Standard Edition 2018e). |
KEEP_ALL_PROFILE |
Keep all tags. |
DEIDENTIFY_TAG_CONTENTS |
Inspect tag contents and replace sensitive text. The process can be configured using the TextConfig . Applies to all tags with the following Value Representations: AE, LO, LT, PN, SH, ST, UC, UT, DA, DT, AS |
Options
Specifies additional options to apply to the base profile.
JSON representation |
---|
{ "cleanImage": { object( |
Fields | |
---|---|
clean |
Apply |
primary |
Set |
clean |
Set Clean Descriptors Option. |
ImageConfig
Specifies how to handle de-identification of image pixels.
JSON representation |
---|
{
"textRedactionMode": enum( |
Fields | |
---|---|
text |
Determines how to redact text from image. |
additional |
Additional InfoTypes to redact in the images in addition to those used by |
exclude |
InfoTypes to skip redacting, overriding those used by |
TextRedactionMode
How to redact text found in images (if at all).
Enums | |
---|---|
TEXT_REDACTION_MODE_UNSPECIFIED |
No text redaction specified. Same as REDACT_NO_TEXT. |
REDACT_ALL_TEXT |
Redact all text. |
REDACT_SENSITIVE_TEXT |
Redact sensitive text. Uses the set of Default DICOM InfoTypes. |
REDACT_NO_TEXT |
Do not redact text. |
REDACT_SENSITIVE_TEXT_CLEAN_DESCRIPTORS |
This mode is like REDACT_SENSITIVE_TEXT with the addition of the Clean Descriptors Option enabled: When cleaning text, the process attempts to transform phrases matching any of the tags marked for removal (action codes D, Z, X, and U) in the Basic Profile. These contextual phrases are replaced with the token "[CTX]". This mode uses an additional InfoType during inspection. |
PrimaryIdsOption
Set Action
for StudyInstanceUID
, SeriesInstanceUID
, SOPInstanceUID
, and MediaStorageSOPInstanceUID
.
Enums | |
---|---|
PRIMARY_IDS_OPTION_UNSPECIFIED |
No value provided. Default to the behavior specified by the base profile. |
KEEP |
Keep primary IDs. |
REGEN |
Regenerate primary IDs. |
CleanDescriptorsOption
This type has no fields.
This option is based on the DICOM Standard's Clean Descriptors Option, and the CleanText
Action
is applied to all the specified fields. When cleaning text, the process attempts to transform phrases matching any of the tags marked for removal (action codes D, Z, X, and U) in the Basic Profile. These contextual phrases are replaced with the token "[CTX]". This option uses an additional infoType during inspection.
Action
Specifies a selection of tags and an Action
to apply to each one.
JSON representation |
---|
{ "queries": [ string ], // Union field |
Fields | |
---|---|
queries[] |
Select all tags with the listed tag IDs, names, or Value Representations (VRs). Examples: ID: "00100010" Keyword: "PatientName" VR: "PN" |
Union field type . Type of action to apply to all selected tags. type can be only one of the following: |
|
keep |
Keep tag unchanged. |
remove |
Replace with empty tag. |
delete |
Delete tag. |
reset |
Reset tag to a placeholder value. |
clean |
Inspect text and transform sensitive text. Configurable via |
clean |
Inspect image and transform sensitive burnt-in text. Doesn't apply to elements nested in a sequence, which revert to |
regen |
Replace UID with a new generated UID. Supported Value Representation: UI |
recurse |
Recursively apply DICOM de-id to tags nested in a sequence. Supported Value Representation: SQ |
KeepTag
This type has no fields.
Keep tag unchanged.
RemoveTag
This type has no fields.
Replace with empty tag.
DeleteTag
This type has no fields.
Delete tag.
ResetTag
This type has no fields.
Reset tag to a placeholder value.
CleanTextTag
This type has no fields.
Inspect text and transform sensitive text. Configurable using TextConfig
. Supported Value Representations: AE, LO, LT, PN, SH, ST, UC, UT, DA, DT, AS
RegenUidTag
This type has no fields.
Replace UID with a new generated UID. Supported Value Representation: UI
RecurseTag
This type has no fields.
Recursively apply DICOM de-id to tags nested in a sequence. Supported Value Representation: SQ
FhirConfig
Specifies how to handle de-identification of a FHIR store.
JSON representation |
---|
{
"fieldMetadataList": [
{
object( |
Fields | |
---|---|
field |
Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to |
default |
The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default. |
FieldMetadata
Specifies FHIR paths to match, and how to handle de-identification of matching fields.
JSON representation |
---|
{
"paths": [
string
],
"action": enum( |
Fields | |
---|---|
paths[] |
List of paths to FHIR fields to redact. Each path is a period-separated list where each component is either a field name or FHIR type name. All types begin with an upper case letter. For example, the resource field "Patient.Address.city", which uses a string type, can be matched by "Patient.Address.String". Path also supports partial matching. For example, "Patient.Address.city" can be matched by "Address.city" (Patient omitted). Partial matching and type matching can be combined. For example, "Patient.Address.city" can be matched by "Address.String". For "choice" types (those defined in the FHIR spec with the form: field[x]), use two separate components. For example, "deceasedAge.unit" is matched by "Deceased.Age.unit". Supported types are: AdministrativeGenderCode, Base64Binary, Boolean, Code, Date, DateTime, Decimal, HumanName, Id, Instant, Integer, LanguageCode, Markdown, Oid, PositiveInt, String, UnsignedInt, Uri, Uuid, Xhtml. The sub-type for HumanName(for example HumanName.given, HumanName.family) can be omitted. |
action |
Deidentify action for one field. |
Action
Whether or not to redact this field, or whether to inspect it for PHI.
Enums | |
---|---|
ACTION_UNSPECIFIED |
No action specified. |
TRANSFORM |
Transform the entire field based on transformations specified in TextConfig. When the specified transformation cannot be applied to a field, RedactConfig is used. For example, a Crypto Hash transformation can't be applied to a FHIR Date field. |
INSPECT_AND_TRANSFORM |
Inspect and transform any found PHI. When AnnotationConfig is provided, annotations of PHI will be generated, except for Date and Datetime . |
DO_NOT_TRANSFORM |
Do not transform. |
FhirFieldConfig
Specifies how to handle the de-identification of a FHIR store.
JSON representation |
---|
{ "options": { object( |
Fields | |
---|---|
options |
Specifies additional options, overriding the base |
field |
Specifies FHIR paths to match and how to transform them. Any field that is not matched by a |
Union field profile . Base profile that specifies how to handle fields. This behavior can be customized using Options or FieldMetadata . profile can be only one of the following: |
|
profile |
Base profile type for handling FHIR fields. |
ProfileType
Base profile that specifies how to handle fields.
Enums | |
---|---|
PROFILE_TYPE_UNSPECIFIED |
No profile provided. Same as BASIC . |
KEEP_ALL |
Keep all fields. |
BASIC |
Transforms known HIPAA 18 fields and cleans known unstructured text fields. |
CLEAN_ALL |
Cleans all supported tags. Applies to types: Code, Date, DateTime, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml. |
Options
Specifies additional options to apply to the base ProfileType
.
JSON representation |
---|
{ "characterMaskConfig": { object( |
Fields | |
---|---|
character |
Character mask config for |
date |
Date shifting config for |
crypto |
Crypto hash config for |
contextual |
Configure contextual de-id. |
keep |
Configure keeping extensions by default. |
CharacterMaskConfig
Mask a string by replacing its characters with a fixed character.
JSON representation |
---|
{ "maskingCharacter": string } |
Fields | |
---|---|
masking |
Character to mask the sensitive values. If not supplied, defaults to "*". |
DateShiftConfig
Shift a date forward or backward in time by a random amount which is consistent for a given patient and crypto key combination.
JSON representation |
---|
{
"cryptoKey": string,
"kmsWrapped": {
object( |
Fields | |
---|---|
crypto |
An AES 128/192/256 bit key. The date shift is computed based on this key and the patient ID. If the patient ID is empty for a DICOM resource, the date shift is computed based on this key and the study instance UID. If A base64-encoded string. |
kms |
KMS wrapped key. If |
KmsWrappedCryptoKey
Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. The key must grant the Cloud IAM permission cloudkms.cryptoKeyVersions.useToDecrypt
to the project's Cloud Healthcare Service Agent service account.
For more information, see Creating a wrapped key.
JSON representation |
---|
{ "wrappedKey": string, "cryptoKey": string } |
Fields | |
---|---|
wrapped |
Required. The wrapped data crypto key. A base64-encoded string. |
crypto |
Required. The resource name of the KMS CryptoKey to use for unwrapping. For example, |
CryptoHashConfig
Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. Outputs a base64-encoded representation of the hashed output. For example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=
.
JSON representation |
---|
{
"cryptoKey": string,
"kmsWrapped": {
object( |
Fields | |
---|---|
crypto |
An AES 128/192/256 bit key. Causes the hash to be computed based on this key. A default key is generated for each Deidentify operation and is used when neither A base64-encoded string. |
kms |
KMS wrapped key. Must not be set if |
ContextualDeidConfig
This type has no fields.
Fields that don't match a KeepField
or CleanTextField
action
in the BASIC
profile are collected into a contextual phrase list. For fields that match a CleanTextField
action
in FieldMetadata
or ProfileType
, the process attempts to transform phrases matching these contextual entries. These contextual phrases are replaced with the token "[CTX]". This feature uses an additional InfoType during inspection.
KeepExtensionsConfig
This type has no fields.
The behavior for handling FHIR extensions that aren't otherwise specified for de-identification. If provided, all extensions are preserved during de-identification by default. If unspecified, all extensions are removed during de-identification by default.
FieldMetadata
Specifies the FHIR paths to match and how to handle the de-identification of matching fields.
JSON representation |
---|
{ "paths": [ string ], // Union field |
Fields | |
---|---|
paths[] |
List of paths to FHIR fields to redact. Each path is a period-separated list where each component is either a field name or FHIR type name. All types begin with an upper case letter. For example, the resource field Partial matching is supported. For example, The following types are supported: AdministrativeGenderCode, Base64Binary, Boolean, Code, Date, DateTime, Decimal, HumanName, Id, Instant, Integer, LanguageCode, Markdown, Oid, PositiveInt, String, UnsignedInt, Uri, Uuid, Xhtml. The sub-type for HumanName (for example |
Union field action . Specifies the action to apply to the applicable fields. action can be only one of the following: |
|
keep |
Keep the field unchanged. |
remove |
Remove the field. |
clean |
Inspect the field's text and transform sensitive text. Configure using |
character |
Replace the field's value with a masking character. Supported types: Code, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml. |
date |
Shift the date by a randomized number of days. See date shifting for more information. Supported types: Date, DateTime. |
crypto |
Replace field value with a hash of that value. Supported types: Code, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml. |
KeepField
This type has no fields.
Keep field unchanged.
RemoveField
This type has no fields.
Remove field.
CleanTextField
This type has no fields.
Inspect text and transform sensitive text. Configure using TextConfig
. Supported types: Code, Date, DateTime, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.
CharacterMaskField
This type has no fields.
Replace field value with masking character. Supported types: Code, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.
DateShiftField
This type has no fields.
Shift the date by a randomized number of days. See date shifting for more information. Supported types: Date, DateTime.
CryptoHashField
This type has no fields.
Replace field value with a hash of that value. Supported types: Code, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.
AnnotationConfig
Specifies how to store annotations during de-identification operation.
JSON representation |
---|
{ "annotationStoreName": string, "storeQuote": boolean } |
Fields | |
---|---|
annotation |
The name of the annotation store, in the form
|
store |
If set to true, the sensitive texts are included in |
TextConfig
Configures how to transform sensitive text InfoTypes
.
JSON representation |
---|
{ "transformations": [ { object( |
Fields | |
---|---|
transformations[] |
The transformations to apply to the detected data. Deprecated. Use |
additional |
Additional transformations to apply to the detected data, overriding |
exclude |
InfoTypes to skip transforming, overriding |
Union field
|
|
profile |
Base profile type for text transformation. |
InfoTypeTransformation
A transformation to apply to text that is identified as a specific infoType.
JSON representation |
---|
{ "infoTypes": [ string ], // Union field |
Fields | |
---|---|
info |
|
Union field
|
|
redact |
Config for text redaction. |
character |
Config for character mask. |
date |
Config for date shift. |
crypto |
Config for crypto hash. |
replace |
Config for replace with InfoType. |
RedactConfig
This type has no fields.
Define how to redact sensitive values. Default behaviour is erase. For example, "My name is Jane." becomes "My name is ."
ReplaceWithInfoTypeConfig
This type has no fields.
When using the INSPECT_AND_TRANSFORM
action, each match is replaced with the name of the infoType. For example, "My name is Jane" becomes "My name is [PERSON_NAME]." The TRANSFORM
action is equivalent to redacting.
ProfileType
Base profile that specifies how to transform InfoTypes
.
Enums | |
---|---|
PROFILE_TYPE_UNSPECIFIED |
No profile provided. Same as BASIC . |
EMPTY |
Empty profile which does not perform any transformations. |
BASIC |
Automatically converts "DATE" infoTypes using a DateShiftConfig , and all other infoTypes using a ReplaceWithInfoTypeConfig . |
DeidentifyOperationMetadata
Details about the work the de-identify operation performed.
JSON representation |
---|
{
"fhirOutput": {
object( |
Fields | |
---|---|
fhir |
Details about the FHIR store to write the output to. |
FhirOutput
Details about the FHIR store to write the output to.
JSON representation |
---|
{ "fhirStore": string } |
Fields | |
---|---|
fhir |
Name of the output FHIR store, which must already exist. You must grant the healthcare.fhirResources.update permission on the destination store to your project's Cloud Healthcare Service Agent service account. The destination store must set |
ValidationConfig
Contains the configuration for FHIR profiles and validation.
JSON representation |
---|
{ "disableProfileValidation": boolean, "enabledImplementationGuides": [ string ], "disableRequiredFieldValidation": boolean, "disableReferenceTypeValidation": boolean, "disableFhirpathValidation": boolean } |
Fields | |
---|---|
disable |
Whether to disable profile validation for this FHIR store. The default value is false. Set this to true to disable checking incoming resources for conformance against StructureDefinitions in this FHIR store. |
enabled |
A list of ImplementationGuide URLs in this FHIR store that are used to configure the profiles to use for validation. For example, to use the US Core profiles for validation, set The Cloud Healthcare API does not currently enforce all of the rules in a StructureDefinition. The following rules are supported:
When a URL cannot be resolved (for example, in a type assertion), the server does not return an error. |
disable |
Whether to disable required fields validation for incoming resources. The default value is false. Set this to true to disable checking incoming resources for conformance against required fields requirement defined in the FHIR specification. This property only affects resource types that do not have profiles configured for them, any rules in enabled implementation guides will still be enforced. |
disable |
Whether to disable reference type validation for incoming resources. The default value is false. Set this to true to disable checking incoming resources for conformance against reference type requirement defined in the FHIR specification. This property only affects resource types that do not have profiles configured for them, any rules in enabled implementation guides will still be enforced. |
disable |
Whether to disable FHIRPath validation for incoming resources. The default value is false. Set this to true to disable checking incoming resources for conformance against FHIRPath requirement defined in the FHIR specification. This property only affects resource types that do not have profiles configured for them, any rules in enabled implementation guides will still be enforced. |
SearchConfig
Contains the configuration for FHIR search.
JSON representation |
---|
{
"searchParameters": [
{
object( |
Fields | |
---|---|
search |
A list of search parameters in this FHIR store that are used to configure this FHIR store. |
SearchParameter
Contains the versioned name and the URL for one SearchParameter.
JSON representation |
---|
{ "parameter": string, "canonicalUrl": string } |
Fields | |
---|---|
parameter |
The versioned name of the search parameter resource. The format is projects/{project-id}/locations/{location}/datasets/{dataset-id}/fhirStores/{fhirStore-id}/fhir/SearchParameter/{resource-id}/_history/{version-id} For fhir stores with disableResourceVersioning=true, the format is projects/{project-id}/locations/{location}/datasets/{dataset-id}/fhirStores/{fhirStore-id}/fhir/SearchParameter/{resource-id}/ |
canonical |
The canonical url of the search parameter resource. |
FhirNotificationConfig
Contains the configuration for FHIR notifications.
JSON representation |
---|
{ "pubsubTopic": string, "sendFullResource": boolean, "sendPreviousResourceOnDelete": boolean } |
Fields | |
---|---|
pubsub |
The Pub/Sub topic that notifications of changes are published on. Supplied by the client. The notification is a
Note that notifications are only sent if the topic is non-empty. Topic names must be scoped to a project. The Cloud Healthcare API service account, service- If a notification can't be published to Pub/Sub, errors are logged to Cloud Logging. For more information, see Viewing error logs in Cloud Logging. |
send |
Whether to send full FHIR resource to this Pub/Sub topic for Create and Update operation. The default value is false. Note that setting this to true does not guarantee that all resources will be sent in the format of full FHIR resource. When a resource change is too large or during heavy traffic, only the resource name will be sent. Clients should always check the "payloadType" label from a Pub/Sub message to determine whether it needs to fetch the full resource as a separate operation. |
send |
Whether to send full FHIR resource to this Pub/Sub topic for deleting FHIR resource. The default value is false. Note that setting this to true does not guarantee that all previous resources will be sent in the format of full FHIR resource. When a resource change is too large or during heavy traffic, only the resource name will be sent. Clients should always check the "payloadType" label from a Pub/Sub message to determine whether it needs to fetch the full previous resource as a separate operation. |
ConsentConfig
Configures whether to enforce consent for the FHIR store and which consent enforcement version is being used.
JSON representation |
---|
{ "version": enum( |
Fields | |
---|---|
version |
Required. Specifies which consent enforcement version is being used for this FHIR store. This field can only be set once by either [fhirStores.create][] or [fhirStores.patch][]. After that, you must call [fhirStores.applyConsents][] to change the version. |
access |
Optional. The default value is false. If set to true, when accessing FHIR resources, the consent headers will be verified against consents given by patients. See the |
consent |
Optional. Different options to configure the behaviour of the server when handling the |
access |
Optional. Specifies how the server logs the consent-aware requests. If not specified, the |
enforced |
The versioned names of the enforced admin Consent resource(s), in the format |
ConsentEnforcementVersion
List of consent enforcement versions supported.
Enums | |
---|---|
CONSENT_ENFORCEMENT_VERSION_UNSPECIFIED |
Users must specify an enforcement version or an error is returned. |
V1 |
Enforcement version 1. See the FHIR Consent resources in the Cloud Healthcare API guide for more details. |
ConsentHeaderHandling
How the server handles the consent header.
JSON representation |
---|
{
"profile": enum( |
Fields | |
---|---|
profile |
Optional. Specifies the default server behavior when the header is empty. If not specified, the |
ScopeProfile
Options for general consent header scope handling.
Enums | |
---|---|
SCOPE_PROFILE_UNSPECIFIED |
If not specified, the default value PERMIT_EMPTY_SCOPE is used. |
PERMIT_EMPTY_SCOPE |
When no consent scopes are provided (for example, if there's an empty or missing header), then consent check is disabled, similar to when accessEnforced is false . You can use audit logs to differentiate these two cases by looking at the value of protopayload.metadata.consentMode . If consents scopes are present, they must be valid and within the allowed limits, otherwise the request will be rejected with a 4xx code. |
REQUIRED_ON_READ |
The consent header must be non-empty when performing read and search operations, otherwise the request is rejected with a 4xx code. Additionally, invalid consent scopes or scopes exceeding the allowed limits are rejected. |
AccessDeterminationLogConfig
Configures consent audit log config for FHIR create, read, update, and delete (CRUD) operations. Cloud audit log for healthcare API must be enabled. The consent-related logs are included as part of protoPayload.metadata
.
JSON representation |
---|
{
"logLevel": enum( |
Fields | |
---|---|
log |
Optional. Controls the amount of detail to include as part of the audit logs. |
LogLevel
Lists the options for audit logging.
Enums | |
---|---|
LOG_LEVEL_UNSPECIFIED |
No log level specified. This value is unused. |
DISABLED |
No additional consent-related logging is added to audit logs. |
MINIMUM |
The following information is included:
|
VERBOSE |
Includes Note that this mode adds some overhead to CRUD operations. |
ComplexDataTypeReferenceParsing
ComplexDataTypeReferenceParsing defines the parsing behavior of complex FHIR data types.
Enums | |
---|---|
COMPLEX_DATA_TYPE_REFERENCE_PARSING_UNSPECIFIED |
No parsing behavior specified. This is the same as DISABLED for backwards compatibility. |
DISABLED |
References in complex data types are ignored. |
ENABLED |
References in complex data types are parsed. |
Methods |
|
---|---|
|
Applies the admin Consent resources for the FHIR store and reindexes the underlying resources in the FHIR store according to the aggregate consents. |
|
Apply the Consent resources for the FHIR store and reindex the underlying resources in the FHIR store according to the aggregate consent. |
|
Configure the search parameters for the FHIR store and reindex resources in the FHIR store according to the defined search parameters. |
|
Creates a new FHIR store within the parent dataset. |
|
De-identifies data from the source store and writes it to the destination store. |
|
Deletes the specified FHIR store and removes all resources within it. |
|
Explains all the permitted/denied actor, purpose and environment for a given resource. |
|
Export resources from the FHIR store to the specified destination. |
|
Export resources including historical versions from the FHIR store to the specified destination. |
|
Gets the configuration of the specified FHIR store. |
|
Gets metrics associated with the FHIR store. |
|
Gets the access control policy for a resource. |
|
Import resources to the FHIR store by loading data from the specified sources. |
|
Import resource historical versions from Cloud Storage source to destination fhir store. |
|
Lists the FHIR stores in the given dataset. |
|
Updates the configuration of the specified FHIR store. |
|
Rolls back resources from the FHIR store to the specified time. |
|
Sets the access control policy on the specified resource. |
|
Returns permissions that a caller has on the specified resource. |