De-identifying sensitive data

De-identification is the process of removing identifying information from data. The Cloud Healthcare API detects sensitive data in DICOM instances and FHIR resources, such as protected health information (PHI), and then uses a de-identification transformation to mask, delete, or otherwise obscure the data. De-identification has multiple uses cases, including:

  • When sharing health information with non-privileged parties
  • When creating datasets from multiple sources and analyzing them
  • When anonymizing data so that it can be used in machine learning models

De-identification overview

De-identification works at the following levels:

  • At the dataset level. De-identification occurs on all data in DICOM stores and FHIR stores in the dataset. If a dataset contains both DICOM instances and FHIR resources, you can de-identify all of the instances and resources at the same time.

    To de-identify sensitive data at the dataset level, call the Cloud Healthcare API datasets.deidentify method.
  • At the FHIR store level. De-identification occurs on all data in a specific FHIR store in a dataset.

    To de-identify sensitive data at the FHIR store level, call the Cloud Healthcare API fhirStores.deidentify method.
  • At the DICOM store level. De-identification occurs on all data in a specific DICOM store in a dataset.

    To de-identify sensitive data at the DICOM store level, call the Cloud Healthcare API dicomStores.deidentify method.

De-identification doesn impact the original dataset, FHIR store, DICOM store, or the original data. Depending on how you configure the de-identification, the operation behaves as follows:

  • If you are de-identifying data at the dataset level, de-identified copies of the original data are written to a new dataset called the destination dataset.
  • If you are de-identifying data at the DICOM or FHIR store level, de-identified copies of the original data are written to a new or existing DICOM or FHIR store in an existing dataset. The new DICOM store and FHIR store are called the destination DICOM store and destination FHIR store, respectively. The operation creates the destination data store if the data store doesn't already exist.

The source dataset, FHIR store, or DICOM store and the destination dataset, FHIR store, or DICOM store must reside in the same Google Cloud project. De-identifying data across multiple Google Cloud projects is not supported.