Making Electronic Data More available for Research and Public Health (MedMorph), published by HL7 International - Public Health Work Group. This is not an authorized publication; it is the continuous build for version 1.0.0). This version is based on the current content of https://github.com/HL7/fhir-medmorph/ and changes regularly. See the Directory of published versions
This section defines the specific requirements for a Trust Service Provider as specified in this MedMorph Reference Architecture (RA) Implementation Guide (IG). In order to better understand the trust services, readers can refer to the following documentation.
IHE IT Infrastructure Handbook on De-Identification. This includes literature on de-identification, pseudonymization and re-linking.
National Institute of Standards and Technology (NIST), Secure Hashing website
A Trust Service Provider enables trust services such as anonymization, de-identification, re-identification, hashing, and pseudonymization. These services are used when required (e.g., to de-identify data sent to research organizations).
The next section identifies specific requirements for a Trust Service Provider:
Trust Service Provider SHALL support the APIs defined by the Trust Service Provider Capability Statement.
Trust Service Providers SHALL allow re-identification of bundles that were previously de-identified.
Trust Service Providers SHOULD implement algorithms specified by the content IGs for the different use cases. Trust Service Provider MAY choose their own anonymization, de-identification, re-identification, hashing and pseudonymization algorithms in case none are specified in the content IGs.
Trust Service Providers MAY ignore extensions on data elements when they are not understood by the Trust Service Provider.
Content IGs will identify specific data elements within resources that need to be processed by Trust Services based on the use case.