Details
-
Change Request
-
Resolution: Persuasive with Modification
-
Medium
-
US Making EHR Data More available for Research and Public Health (MedMorph) (FHIR)
-
0.1.0
-
Public Health
-
Generate Anonymized Bundle
Generate De-Identified Bundle
Generate Pseudonymized Bundle
Generate Re-Identified Bundle -
Artifacts Summary
-
15.0.2
-
-
Kishore Bashyam / Craig Newman : 28 - 0 - 1
-
Correction
-
Compatible, substantive
Description
Techniques for conducting privacy preserving record linkage (PPRL) typically rely on hashing or the construction of Bloom filters (which also relies on hashing). For these techniques to prevent re-identification, they rely on using a salt (or technically a pepper) value that is kept secret and added prior to hashing.
The current definition of the FHIR operations does not offer a parameter that could be used to pass in any context for the operation, such as a salt value or a place to obtain the salt value.
For re-identification, a similar issue applies. It is assumed that the Bundle will contain a set of identifiers that can be used to re-link to PII. Unless the Trust Service maintains a single mapping of identifiers to PII, there will be a need to specify which mapping to use. For example, a Trust Service may generate a new set of identifiers for individuals for each public health research question asked to prevent re-identification across studies.
Consider adding a parameter to these operations to allow specification of de/re-identification context.
Attachments
Issue Links
- is voted on by
-
BALLOT-15000 Affirmative - Andy Gregorowicz : 2021-Jan-FHIR IG MEDMORPH R1 STU
- Balloted