REST Resource: projects.locations.datasets.fhirStores

string

Output only. Identifier. Resource name of the FHIR store, of the form projects/{projectId}/locations/{location}/datasets/{datasetId}/fhirStores/{fhirStoreId}.

boolean

Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through the Create operation and attempts to update a non-existent resource return errors. It is strongly advised not to include or encode any sensitive data such as patient identifiers in client-specified resource IDs. Those IDs are part of the FHIR resource path recorded in Cloud audit logs and Pub/Sub notifications. Those IDs can also be contained in reference fields within other resources. Defaults to false.

object(NotificationConfig)

Deprecated. Use notificationConfigs instead. If non-empty, publish all resource modifications of this FHIR store to this destination. The Pub/Sub message attributes contain a map with a string describing the action that has triggered the notification. For example, "action":"CreateResource".

boolean

Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store creation. The default value is false, meaning that the API enforces referential integrity and fails the requests that result in inconsistent state in the FHIR store. When this field is set to true, the API skips referential integrity checks. Consequently, operations that rely on references, such as GetPatientEverything, do not return all the results if broken references exist.

boolean

Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation of FHIR store. If set to false, all write operations cause historical versions to be recorded automatically. The historical versions can be fetched through the history APIs, but cannot be updated. If set to true, no historical versions are kept. The server sends errors for attempts to read the historical versions. Defaults to false.

map (key: string, value: string)

User-supplied key-value pairs used to organize FHIR stores.

Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}

Label values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63}

No more than 64 labels can be associated with a given store.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

enum(Version)

Required. Immutable. The FHIR specification version that this FHIR store supports natively. This field is immutable after store creation. Requests are rejected if they contain FHIR resources of a different version. Version is required for every FHIR store.

object(StreamConfig)

A list of streaming configs that configure the destinations of streaming export for every resource mutation in this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next resource mutation is streamed to the new location in addition to the existing ones. When a location is removed from the list, the server stops streaming to that location. Before adding a new config, you must add the required bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on the order of dozens of seconds) is expected before the results show up in the streaming destination.

boolean

Optional. Whether to allow ExecuteBundle to accept history bundles, and directly insert and overwrite historical resource versions into the FHIR store. If set to false, using history bundles fails with an error. Defaults to false.

object(ValidationConfig)

Configuration for how to validate incoming FHIR resources against configured profiles.

boolean

If true, overrides the default search behavior for this FHIR store to handling=strict which returns an error for unrecognized search parameters. If false, uses the FHIR specification default handling=lenient which ignores unrecognized search parameters. The handling can always be changed from the default on an individual API call by setting the HTTP header Prefer: handling=strict or Prefer: handling=lenient. Defaults to false.

object(SearchConfig)

Configuration for how FHIR resources can be searched.

object(FhirNotificationConfig)

Specifies where and whether to send notifications upon changes to a Fhir store.

object(ConsentConfig)

Optional. Specifies whether this store has consent enforcement. Not available for DSTU2 FHIR version due to absence of Consent resources.

enum(ComplexDataTypeReferenceParsing)

Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources.

string

Supply a FHIR resource type (such as "Patient" or "Observation"). See https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats an empty list as an intent to stream all the supported resource types in this FHIR store.

object(BigQueryDestination)

The destination BigQuery structure that contains both the dataset location and corresponding schema config.

The output is organized in one table per resource type. The server reuses the existing tables (if any) that are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given resource type, the server attempts to create one.

When a table schema doesn't align with the schema config, either because of existing incompatible schema or out of band incompatible modification, the server does not stream in new data.

One resolution in this case is to delete the incompatible table and let the server recreate one, though the newly created table only contains data after the table recreation.

BigQuery imposes a 1 MB limit on streaming insert row size, therefore any resource mutation that generates more than 1 MB of BigQuery data will not be streamed.

Results are written to BigQuery tables according to the parameters in BigQueryDestination.WriteDisposition. Different versions of the same resource are distinguishable by the meta.versionId and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that results in the new version is recorded in the meta.tag.

The tables contain all historical resource versions since streaming was enabled. For query convenience, the server also creates one view per table of the same name containing only the current resource version.

The streamed data in the BigQuery dataset is not guaranteed to be completely unique. The combination of the id and meta.versionId columns should ideally identify a single unique row. But in rare cases, duplicates may exist. At query time, users may use the SQL select statement to keep only one of the duplicate rows given an id and meta.versionId pair. Alternatively, the server created view mentioned above also filters out duplicates.

If a resource mutation cannot be streamed to BigQuery, errors will be logged to Cloud Logging (see Viewing error logs in Cloud Logging).

object(DeidentifiedStoreDestination)

The destination FHIR store for de-identified resources.

After this field is added, all subsequent creates/updates/patches to the source store will be de-identified using the provided configuration and applied to the destination store. Resources deleted from the source store will be deleted from the destination store. Importing resources to the source store will not trigger the streaming.

If the source store already contains resources when this option is enabled, those resources will not be copied to the destination store unless they are subsequently updated. This may result in invalid references in the destination store.

Before adding this config, you must grant the healthcare.fhirResources.update permission on the destination store to your project's Cloud Healthcare Service Agent service account. The destination store must set enableUpdateCreate to true. The destination store must have disableReferentialIntegrity set to true.

If a resource cannot be de-identified, errors will be logged to Cloud Logging (see Viewing error logs in Cloud Logging).

string

BigQuery URI to an existing dataset, up to 2000 characters long, in the format bq://projectId.bqDatasetId.

object(SchemaConfig)

The configuration for the exported BigQuery schema.

boolean

Use writeDisposition instead. If writeDisposition is specified, this parameter is ignored. force=false is equivalent to writeDisposition=WRITE_EMPTY and force=true is equivalent to writeDisposition=WRITE_TRUNCATE.

enum(WriteDisposition)

Determines if existing data in the destination dataset is overwritten, appended to, or not written if the tables contain data. If a writeDisposition is specified, the force parameter is ignored.

enum(SchemaType)

Specifies the output schema type. Schema type is required.

string (int64 format)

The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default value 2. The maximum depth allowed is 5.

object(TimePartitioning)

The configuration for exported BigQuery tables to be partitioned by FHIR resource's last updated time column.

enum(PartitionType)

Type of partitioning.

string (int64 format)

Number of milliseconds for which to keep the storage for a partition.

string

The full resource name of a Cloud Healthcare FHIR store, for example, projects/{projectId}/locations/{locationId}/datasets/{datasetId}/fhirStores/{fhirStoreId}.

object(DeidentifyConfig)

The configuration to use when de-identifying resources that are added to this store.

object(DicomConfig)

Configures de-id of application/DICOM content. Deprecated. Use dicomTagConfig instead.

object(DicomTagConfig)

Configures de-id of application/DICOM content.

object(FhirConfig)

Configures de-id of application/FHIR content. Deprecated. Use fhirFieldConfig instead.

object(FhirFieldConfig)

Configures de-id of application/FHIR content.

object(ImageConfig)

Configures the de-identification of image pixels in the sourceDataset. Deprecated. Use dicomTagConfig.options.clean_image instead.

object(AnnotationConfig)

Configures how annotations, meaning that the location and infoType of sensitive information findings, are created during de-identification. If unspecified, no annotations are created.

object(TextConfig)

Configures de-identification of text wherever it is found in the sourceDataset.

object(DeidentifyOperationMetadata)

Details about the work the de-identify operation performed.

boolean

Ensures in-flight data remains in the region of origin during de-identification. The default value is false. Using this option results in a significant reduction of throughput, and is not compatible with LOCATION or ORGANIZATION_NAME infoTypes. If the deprecated DicomConfig or FhirConfig are used, then LOCATION must be excluded within TextConfig, and must also be excluded within ImageConfig if image redaction is required.

boolean

If true, skip replacing StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched. The Cloud Healthcare API regenerates these UIDs by default based on the DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly to an individual out of context, given access to the original images, or to a database of the original images containing the UIDs, it would be possible to recover the individual's identity." http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html

object(TagFilterList)

List of tags to keep. Remove all other tags.

object(TagFilterList)

List of tags to remove. Keep all other tags.

enum(TagFilterProfile)

Tag filtering profile that determines which tags to keep/remove.

string

Tags to be filtered. Tags must be DICOM Data Elements, File Meta Elements, or Directory Structuring Elements, as defined at: http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,. They may be provided by "Keyword" or "Tag". For example, "PatientID", "00100010".

object(Options)

Specifies additional options to apply, overriding the base profile.

object(Action)

Specifies custom tag selections and Actions to apply to them. Overrides options and profile. Conflicting Actions are applied in the order given.

enum(ProfileType)

Base profile type for handling DICOM tags.

object(ImageConfig)

Apply Action.clean_image to PixelData as configured.

enum(PrimaryIdsOption)

Set Action for StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID.

object(CleanDescriptorsOption)

Set Clean Descriptors Option.

enum(TextRedactionMode)

Determines how to redact text from image.

string

Additional InfoTypes to redact in the images in addition to those used by textRedactionMode. Can only be used when textRedactionMode is set to REDACT_SENSITIVE_TEXT, REDACT_SENSITIVE_TEXT_CLEAN_DESCRIPTORS or TEXT_REDACTION_MODE_UNSPECIFIED.

string

InfoTypes to skip redacting, overriding those used by textRedactionMode. Can only be used when textRedactionMode is set to REDACT_SENSITIVE_TEXT or REDACT_SENSITIVE_TEXT_CLEAN_DESCRIPTORS.

string

Select all tags with the listed tag IDs, names, or Value Representations (VRs). Examples: ID: "00100010" Keyword: "PatientName" VR: "PN"

object(KeepTag)

Keep tag unchanged.

object(RemoveTag)

Replace with empty tag.

object(DeleteTag)

Delete tag.

object(ResetTag)

Reset tag to a placeholder value.

object(CleanTextTag)

Inspect text and transform sensitive text. Configurable via TextConfig. Supported Value Representations: AE, LO, LT, PN, SH, ST, UC, UT, DA, DT, AS

object(ImageConfig)

Inspect image and transform sensitive burnt-in text. Doesn't apply to elements nested in a sequence, which revert to Keep. Supported tags: PixelData

object(RegenUidTag)

Replace UID with a new generated UID. Supported Value Representation: UI

object(RecurseTag)

Recursively apply DICOM de-id to tags nested in a sequence. Supported Value Representation: SQ

object(FieldMetadata)

Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to defaultKeepExtensions. If a field can be matched by more than one FieldMetadata, the first FieldMetadata.Action is applied.

boolean

The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.

string

List of paths to FHIR fields to redact. Each path is a period-separated list where each component is either a field name or FHIR type name. All types begin with an upper case letter. For example, the resource field "Patient.Address.city", which uses a string type, can be matched by "Patient.Address.String". Path also supports partial matching. For example, "Patient.Address.city" can be matched by "Address.city" (Patient omitted). Partial matching and type matching can be combined. For example, "Patient.Address.city" can be matched by "Address.String". For "choice" types (those defined in the FHIR spec with the form: field[x]), use two separate components. For example, "deceasedAge.unit" is matched by "Deceased.Age.unit". Supported types are: AdministrativeGenderCode, Base64Binary, Boolean, Code, Date, DateTime, Decimal, HumanName, Id, Instant, Integer, LanguageCode, Markdown, Oid, PositiveInt, String, UnsignedInt, Uri, Uuid, Xhtml. The sub-type for HumanName(for example HumanName.given, HumanName.family) can be omitted.

enum(Action)

Deidentify action for one field.

object(Options)

Specifies additional options, overriding the base ProfileType.

object(FieldMetadata)

Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata action is passed through to the output dataset unmodified. All extensions will be processed according to keepExtensions. If a field can be matched by more than one FieldMetadata action, the first action option is applied. Overrides options and the union field profile in FhirFieldConfig.

enum(ProfileType)

Base profile type for handling FHIR fields.

object(CharacterMaskConfig)

Character mask config for CharacterMaskField.

object(DateShiftConfig)

Date shifting config for CharacterMaskField.

object(CryptoHashConfig)

Crypto hash config for CharacterMaskField.

object(ContextualDeidConfig)

Configure contextual de-id.

object(KeepExtensionsConfig)

Configure keeping extensions by default.

string

Character to mask the sensitive values. If not supplied, defaults to "*".

string (bytes format)

An AES 128/192/256 bit key. The date shift is computed based on this key and the patient ID. If the patient ID is empty for a DICOM resource, the date shift is computed based on this key and the study instance UID. If cryptoKey is not set, then kmsWrapped is used to calculate the date shift. If neither is set, a default key is generated for each de-identify operation. Must not be set if kmsWrapped is set.

A base64-encoded string.

object(KmsWrappedCryptoKey)

KMS wrapped key. If kmsWrapped is not set, then cryptoKey is used to calculate the date shift. If neither is set, a default key is generated for each de-identify operation. Must not be set if cryptoKey is set.

string (bytes format)

Required. The wrapped data crypto key.

A base64-encoded string.

string

Required. The resource name of the KMS CryptoKey to use for unwrapping. For example, projects/{projectId}/locations/{locationId}/keyRings/{keyring}/cryptoKeys/{key}.

string (bytes format)

An AES 128/192/256 bit key. Causes the hash to be computed based on this key. A default key is generated for each Deidentify operation and is used when neither cryptoKey nor kmsWrapped is specified. Must not be set if kmsWrapped is set.

A base64-encoded string.

object(KmsWrappedCryptoKey)

KMS wrapped key. Must not be set if cryptoKey is set.

string

List of paths to FHIR fields to redact. Each path is a period-separated list where each component is either a field name or FHIR type name. All types begin with an upper case letter. For example, the resource field Patient.Address.city, which uses a string type, can be matched by Patient.Address.String.

Partial matching is supported. For example, Patient.Address.city can be matched by Address.city (with Patient omitted). Partial matching and type matching can be combined, for example Patient.Address.city can be matched by Address.String. For "choice" types (those defined in the FHIR spec with the format field[x]), use two separate components. For example, deceasedAge.unit is matched by Deceased.Age.unit.

The following types are supported: AdministrativeGenderCode, Base64Binary, Boolean, Code, Date, DateTime, Decimal, HumanName, Id, Instant, Integer, LanguageCode, Markdown, Oid, PositiveInt, String, UnsignedInt, Uri, Uuid, Xhtml. The sub-type for HumanName (for example HumanName.given, HumanName.family) can be omitted.

object(KeepField)

Keep the field unchanged.

object(RemoveField)

Remove the field.

object(CleanTextField)

Inspect the field's text and transform sensitive text. Configure using TextConfig. Supported types: Code, Date, DateTime, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.

object(CharacterMaskField)

Replace the field's value with a masking character. Supported types: Code, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.

object(DateShiftField)

Shift the date by a randomized number of days. See date shifting for more information. Supported types: Date, DateTime.

object(CryptoHashField)

Replace field value with a hash of that value. Supported types: Code, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.

string

The name of the annotation store, in the form projects/{projectId}/locations/{locationId}/datasets/{datasetId}/annotationStores/{annotationStoreId}).

• The destination annotation store must be in the same project as the source data. De-identifying data across multiple projects is not supported.
• The destination annotation store must exist when using DeidentifyDicomStore or fhirStores.deidentify. DeidentifyDataset automatically creates the destination annotation store.

boolean

If set to true, the sensitive texts are included in SensitiveTextAnnotation of Annotation.

object(InfoTypeTransformation)

The transformations to apply to the detected data. Deprecated. Use additionalTransformations instead.

object(InfoTypeTransformation)

Additional transformations to apply to the detected data, overriding profile.

string

InfoTypes to skip transforming, overriding profile.

enum(ProfileType)

Base profile type for text transformation.

string

InfoTypes to apply this transformation to. If this is not specified, this transformation becomes the default transformation, and is used for any infoType that is not specified in another transformation.

object(RedactConfig)

Config for text redaction.

object(CharacterMaskConfig)

Config for character mask.

object(DateShiftConfig)

Config for date shift.

object(CryptoHashConfig)

Config for crypto hash.

object(ReplaceWithInfoTypeConfig)

Config for replace with InfoType.

object(FhirOutput)

Details about the FHIR store to write the output to.

string

Name of the output FHIR store, which must already exist. You must grant the healthcare.fhirResources.update permission on the destination store to your project's Cloud Healthcare Service Agent service account. The destination store must set enableUpdateCreate to true. The destination store must use FHIR version R4. Writing these resources will consume FHIR operations quota from the project containing the source data. De-identify operation metadata is only generated for DICOM de-identification operations.

boolean

Whether to disable profile validation for this FHIR store. The default value is false. Set this to true to disable checking incoming resources for conformance against StructureDefinitions in this FHIR store.

string

A list of ImplementationGuide URLs in this FHIR store that are used to configure the profiles to use for validation. For example, to use the US Core profiles for validation, set enabledImplementationGuides to ["http://hl7.org/fhir/us/core/ImplementationGuide/ig"]. If enabledImplementationGuides is empty or omitted, then incoming resources are only required to conform to the base FHIR profiles. Otherwise, a resource must conform to at least one profile listed in the global property of one of the enabled ImplementationGuides.

The Cloud Healthcare API does not currently enforce all of the rules in a StructureDefinition. The following rules are supported:

- min/max
- minValue/maxValue
- maxLength
- type
- fixed[x]
- pattern[x] on simple types
- slicing, when using "value" as the discriminator type

When a URL cannot be resolved (for example, in a type assertion), the server does not return an error.

boolean

Whether to disable required fields validation for incoming resources. The default value is false. Set this to true to disable checking incoming resources for conformance against required fields requirement defined in the FHIR specification. This property only affects resource types that do not have profiles configured for them, any rules in enabled implementation guides will still be enforced.

boolean

Whether to disable reference type validation for incoming resources. The default value is false. Set this to true to disable checking incoming resources for conformance against reference type requirement defined in the FHIR specification. This property only affects resource types that do not have profiles configured for them, any rules in enabled implementation guides will still be enforced.

boolean

Whether to disable FHIRPath validation for incoming resources. The default value is false. Set this to true to disable checking incoming resources for conformance against FHIRPath requirement defined in the FHIR specification. This property only affects resource types that do not have profiles configured for them, any rules in enabled implementation guides will still be enforced.

object(SearchParameter)

A list of search parameters in this FHIR store that are used to configure this FHIR store.

string

The versioned name of the search parameter resource. The format is projects/{project-id}/locations/{location}/datasets/{dataset-id}/fhirStores/{fhirStore-id}/fhir/SearchParameter/{resource-id}/_history/{version-id} For fhir stores with disableResourceVersioning=true, the format is projects/{project-id}/locations/{location}/datasets/{dataset-id}/fhirStores/{fhirStore-id}/fhir/SearchParameter/{resource-id}/

string

The canonical url of the search parameter resource.

string

The Pub/Sub topic that notifications of changes are published on. Supplied by the client.

The notification is a PubsubMessage with the following fields:

• PubsubMessage.Data contains the resource name.
• PubsubMessage.MessageId is the ID of this notification. It is guaranteed to be unique within the topic.
• PubsubMessage.PublishTime is the time when the message was published.

Note that notifications are only sent if the topic is non-empty. Topic names must be scoped to a project.

The Cloud Healthcare API service account, service-@gcp-sa-healthcare.iam.gserviceaccount.com, must have publisher permissions on the given Pub/Sub topic. Not having adequate permissions causes the calls that send notifications to fail (https://cloud.google.com/healthcare-api/docs/permissions-healthcare-api-gcp-products#dicom_fhir_and_hl7v2_store_cloud_pubsub_permissions).

If a notification can't be published to Pub/Sub, errors are logged to Cloud Logging. For more information, see Viewing error logs in Cloud Logging.

boolean

Whether to send full FHIR resource to this Pub/Sub topic for Create and Update operation. The default value is false. Note that setting this to true does not guarantee that all resources will be sent in the format of full FHIR resource. When a resource change is too large or during heavy traffic, only the resource name will be sent. Clients should always check the "payloadType" label from a Pub/Sub message to determine whether it needs to fetch the full resource as a separate operation.

boolean

Whether to send full FHIR resource to this Pub/Sub topic for deleting FHIR resource. The default value is false. Note that setting this to true does not guarantee that all previous resources will be sent in the format of full FHIR resource. When a resource change is too large or during heavy traffic, only the resource name will be sent. Clients should always check the "payloadType" label from a Pub/Sub message to determine whether it needs to fetch the full previous resource as a separate operation.

enum(ConsentEnforcementVersion)

Required. Specifies which consent enforcement version is being used for this FHIR store. This field can only be set once by either [fhirStores.create][] or [fhirStores.patch][]. After that, you must call [fhirStores.applyConsents][] to change the version.

boolean

Optional. The default value is false. If set to true, when accessing FHIR resources, the consent headers will be verified against consents given by patients. See the ConsentEnforcementVersion for the supported consent headers.

object(ConsentHeaderHandling)

Optional. Different options to configure the behaviour of the server when handling the X-Consent-Scope header.

object(AccessDeterminationLogConfig)

Optional. Specifies how the server logs the consent-aware requests. If not specified, the AccessDeterminationLogConfig.LogLevel.MINIMUM option is used.

string

The versioned names of the enforced admin Consent resource(s), in the format projects/{projectId}/locations/{location}/datasets/{datasetId}/fhirStores/{fhirStoreId}/fhir/Consent/{resourceId}/_history/{versionId}. For FHIR stores with disableResourceVersioning=true, the format is projects/{projectId}/locations/{location}/datasets/{datasetId}/fhirStores/{fhirStoreId}/fhir/Consent/{resourceId}. This field can only be updated using [fhirStores.applyAdminConsents][].

enum(ScopeProfile)

Optional. Specifies the default server behavior when the header is empty. If not specified, the ScopeProfile.PERMIT_EMPTY_SCOPE option is used.

enum(LogLevel)

Optional. Controls the amount of detail to include as part of the audit logs.