-
Type:
Change Request
-
Resolution: Persuasive with Modification
-
Priority:
Medium
-
US Making EHR Data More available for Research and Public Health (MedMorph) (FHIR)
-
0.1.0
-
Public Health
-
Generate Anonymized Bundle
Generate De-Identified Bundle
Generate Pseudonymized Bundle
Generate Re-Identified Bundle -
Artifacts Summary
-
15.0.2
-
-
Kishore Bashyam / Craig Newman : 28 - 0 - 1
-
Correction
-
Compatible, substantive
Techniques for conducting privacy preserving record linkage (PPRL) typically rely on hashing or the construction of Bloom filters (which also relies on hashing). For these techniques to prevent re-identification, they rely on using a salt (or technically a pepper) value that is kept secret and added prior to hashing.
The current definition of the FHIR operations does not offer a parameter that could be used to pass in any context for the operation, such as a salt value or a place to obtain the salt value.
For re-identification, a similar issue applies. It is assumed that the Bundle will contain a set of identifiers that can be used to re-link to PII. Unless the Trust Service maintains a single mapping of identifiers to PII, there will be a need to specify which mapping to use. For example, a Trust Service may generate a new set of identifiers for individuals for each public health research question asked to prevent re-identification across studies.
Consider adding a parameter to these operations to allow specification of de/re-identification context.
- is voted on by
-
BALLOT-15000 Affirmative - Andy Gregorowicz : 2021-Jan-FHIR IG MEDMORPH R1 STU
- Balloted
