Persuasive with Mod Add a H4 to the Privacy and Security Module Page http://build.fhir.org/secpriv-module.html "De-Identification, pseudonymization, anonymization" De-Identifiction is inclusive of pseudonymization and anonymization; which are Process of reducing privacy risk by eliminating and modifying data elements to meet a targeted use-case. Use-Case : "Requesting Client should have access to De-Identifed data only." Trigger : Based on an Access Control decision that results in a PERMIT with an Obligation to De-Identify, the Results delivered to the Requesting Client would be de-identified. Consideration : This assumes the system knows the type and intencity of the de-identificaiton algorithm. Where de-identification is best viewed as a Process, not an algorithm. A Process that reduces Privacy risk while enabling a targeted and authorized use-case. Discussion : With the Observation Resource, one would remove the subject element as it is a Direct Identifier. However there are many other Reference elements that can easily be used to navigate back to the Subject; e.g., Observation.context value of Encounter or EpisodeOfCare; or Observation.performer. Some identifiers in Observation Resource: Direct Identifiers: .identifier, .subject, . performer, .text, .specimen, .device, .related, .text, .comment Indirect Identifiers: ..issued, .component Emphasis: The .specimen is a direct identifier of a particular specimen; and would be an indirect identifier of a particular person. There is a ramification of having the specimen identifier. One solution is to create pseudo specimen resources that will standin for the original specimen resource. This psudo specimen management is supplied by a trusted-third-party that maintains a database of pseudo-identifiers with authorized reversability. Further Standards : ISO Pseudonymization, NIST, IHE De-Identificaiton Handbook, DICOM (Part 15...) ****Editor fill in appropriate references and links