De-identification is the process of removing identifying information from data. The Cloud Healthcare API detects sensitive data in DICOM instances and FHIR resources, such as protected health information (PHI), and then uses a de-identification transformation to mask, delete, or otherwise obscure the data. De-identification has multiple uses cases, including:
- When sharing health information with non-privileged parties
- When creating datasets from multiple sources and analyzing them
- When anonymizing data so that it can be used in machine learning models
De-identification works at the following levels:
- At the dataset level. De-identification occurs on all data in DICOM
stores and FHIR stores in the dataset. If a dataset
contains both DICOM instances and FHIR resources, you can de-identify all of
the instances and resources at the same time.
To de-identify sensitive data at the dataset level, call the Cloud Healthcare API
- At the FHIR store level. De-identification occurs on all data in a
specific FHIR store in a dataset.
To de-identify sensitive data at the FHIR store level, call the Cloud Healthcare API
- At the DICOM store level. De-identification occurs on all data in a specific
DICOM store in a dataset.
To de-identify sensitive data at the DICOM store level, call the Cloud Healthcare API
De-identification doesn impact the original dataset, FHIR store, DICOM store, or the original data. Depending on how you configure the de-identification, the operation behaves as follows:
- If you are de-identifying data at the dataset level, de-identified copies of the original data are written to a new dataset called the destination dataset.
- If you are de-identifying data at the DICOM or FHIR store level, de-identified copies of the original data are written to a new or existing DICOM or FHIR store in an existing dataset. The new DICOM store and FHIR store are called the destination DICOM store and destination FHIR store, respectively. The operation creates the destination data store if the data store doesn't already exist.
The source dataset, FHIR store, or DICOM store and the destination dataset, FHIR store, or DICOM store must reside in the same Google Cloud project. De-identifying data across multiple Google Cloud projects is not supported.