匿名化FHIR Json的例子或插件

Question

我有一套FHIR json格式的医疗保健信息。在存储这些敏感信息之前，我想匿名化敏感信息，如姓名、电话号码、地址、医生联系人等。

我在谷歌上搜索了一下fhir json的非殖化，发现有一些安全标签将这些信息分类为机密、受限等- https://www.hl7.org/fhir/valueset-security-labels.html。

https://www.hl7.org/fhir/extension-auditevent-anonymized.html --这是关于匿名数据的扩展和结构。

我不知道如何用安全代码替换这些变量。是否有这样做的api，或者我必须找到所有敏感的标记，循环json并用安全代码替换标记。

有人能给我举个例子吗？

我附上了一个通过人工合成生成的json样本。

{
  "fullUrl": "urn:uuid:7a534e34-40a2-48ab-bc92-066d23251a8b",
  "resource": {
    "resourceType": "Patient",
    "id": "7a534e34-40a2-48ab-bc92-066d23251a8b",
    "text": {
      "status": "generated",
      "div": "<div xmlns=\"http://www.w3.org/1999/xhtml\">Generated by <a href=\"https://github.com/synthetichealth/synthea\">Synthea</a>.Version identifier: v2.5.0-378-gee8c6470\n .   Person seed: 6477291342685874262  Population seed: 1586936726889</div>"
    },
    "extension": [
      {
        "url": "http://hl7.org/fhir/StructureDefinition/patient-mothersMaidenName",
        "valueString": "Hilma831 Luettgen772"
      },
      {
        "url": "http://hl7.org/fhir/StructureDefinition/patient-birthPlace",
        "valueAddress": {
          "city": "Boston",
          "state": "Massachusetts",
          "country": "US"
        }
      },
      {
        "url": "http://synthetichealth.github.io/synthea/disability-adjusted-life-years",
        "valueDecimal": 3.3178400761167306
      },
      {
        "url": "http://synthetichealth.github.io/synthea/quality-adjusted-life-years",
        "valueDecimal": 71.68215992388328
      }
    ],
    "identifier": [
      {
        "system": "https://github.com/synthetichealth/synthea",
        "value": "7a534e34-40a2-48ab-bc92-066d23251a8b"
      },
      {
        "type": {
          "coding": [
            {
              "system": "http://terminology.hl7.org/CodeSystem/v2-0203",
              "code": "MR",
              "display": "Medical Record Number"
            }
          ],
          "text": "Medical Record Number"
        },
        "system": "http://hospital.smarthealthit.org",
        "value": "7a534e34-40a2-48ab-bc92-066d23251a8b"
      },
      {
        "type": {
          "coding": [
            {
              "system": "http://terminology.hl7.org/CodeSystem/v2-0203",
              "code": "SS",
              "display": "Social Security Number"
            }
          ],
          "text": "Social Security Number"
        },
        "system": "http://hl7.org/fhir/sid/us-ssn",
        "value": "999-80-4232"
      },
      {
        "type": {
          "coding": [
            {
              "system": "http://terminology.hl7.org/CodeSystem/v2-0203",
              "code": "DL",
              "display": "Driver's License"
            }
          ],
          "text": "Driver's License"
        },
        "system": "urn:oid:2.16.840.1.113883.4.3.25",
        "value": "S99911013"
      },
      {
        "type": {
          "coding": [
            {
              "system": "http://terminology.hl7.org/CodeSystem/v2-0203",
              "code": "PPN",
              "display": "Passport Number"
            }
          ],
          "text": "Passport Number"
        },
        "system": "http://standardhealthrecord.org/fhir/StructureDefinition/passportNumber",
        "value": "X66843459X"
      }
    ],
    "name": [
      {
        "use": "official",
        "family": "Kreiger457",
        "given": [
          "Anthony633"
        ],
        "prefix": [
          "Mr."
        ]
      }
    ],
    "telecom": [
      {
        "system": "phone",
        "value": "555-660-2614",
        "use": "home"
      }
    ],
    "gender": "male",
    "birthDate": "1939-12-25",
    "deceasedDateTime": "2015-02-02T22:36:55+05:30",
    "address": [
      {
        "extension": [
          {
            "url": "http://hl7.org/fhir/StructureDefinition/geolocation",
            "extension": [
              {
                "url": "latitude",
                "valueDecimal": 42.11942297974089
              },
              {
                "url": "longitude",
                "valueDecimal": -71.21834679934824
              }
            ]
          }
        ],
        "line": [
          "496 Tromp Mews Unit 96"
        ],
        "city": "Walpole",
        "state": "Massachusetts",
        "postalCode": "02081",
        "country": "US"
      }
    ],
    "maritalStatus": {
      "coding": [
        {
          "system": "http://terminology.hl7.org/CodeSystem/v3-MaritalStatus",
          "code": "M",
          "display": "M"
        }
      ],
      "text": "M"
    },
    "multipleBirthBoolean": false,
    "communication": [
      {
        "language": {
          "coding": [
            {
              "system": "urn:ietf:bcp:47",
              "code": "en-US",
              "display": "English"
            }
          ],
          "text": "English"
        }
      }
    ]
  },
  "request": {
    "method": "POST",
    "url": "Patient"
  }
}

Answer 1

不存在匿名的“标准”方式，因为匿名是一种降低风险的方法，它需要了解您试图防范的威胁以及如何使用这些数据。当与其他数据相结合时，任何元素都可能是“敏感的”。这对预期的分析也是必要的。

您正在查看的扩展是特定于审计事件的。实际上，您将病人资源标记为已匿名的方式是使用resource.meta中的ANONYED安全标记。我不认为有一个标准的扩展标记哪些元素应该匿名。如果有这样的元素，元素还需要说明如何匿名化数据，算法通常需要考虑多个元素--甚至是多个资源。例如，是将日期更改为随机值，还是只是将日期更改？是将一组相关资源中的所有日期调整到相同的数额，还是独立调整。如果你要改变不同资源所指向的从业者，他们是否应该保持原样，每个人都是随机变化的，同样的从业者改变为相同的随机从业者？