Anonymization-on-FHIR
0.0.1 - draft
Anonymization-on-FHIR
0.0.1 - draft
Anonymization-on-FHIR, published by . This guide is not an authorized publication; it is the continuous build for version 0.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/ErwanBrunelliere/Anonymization-on-FHIR/ and changes regularly. See the Directory of published versions
| Draft as of 2024-09-10 |
Definitions for the AnonymizationOperation logical model.
Guidance on how to interpret the contents of this table can be found here
| 0. AnonymizationOperation | |
| Logical Model | Instances of this logical model are not marked to be the target of a Reference |
| 2. AnonymizationOperation.purpose | |
| Definition | Defines what is the goal of this operation. |
| Short | Purpose of the operation. |
| Control | 0..* |
| Type | string |
| Primitive Value | This primitive type must have a value (the value must be present, and cannot be replaced by an extension) |
| Value Required | true |
| 4. AnonymizationOperation.request | |
| Control | 1..1 |
| Type | string |
| Primitive Value | This primitive type must have a value (the value must be present, and cannot be replaced by an extension) |
| Value Required | true |
| Example | <br/><b>All Patient resources.</b>:Patient/ <br/><b>All active Patient resources.</b>:Patient/?active=true |
| 6. AnonymizationOperation.element | |
| Definition | Values that the anonymization process will keep and possibly modify with the specified rules. |
| Short | Values kept by the anonymization (and only ones). |
| Control | 0..* |
| Type | BackboneElement |
| 8. AnonymizationOperation.element.path | |
| Definition | A FHIRPath string that points the value being kept and might be modified. |
| Short | FHIRPath pointing the value. |
| Control | 1..1 |
| Type | string |
| Primitive Value | This primitive type must have a value (the value must be present, and cannot be replaced by an extension) |
| Value Required | true |
| 10. AnonymizationOperation.element.defaultValue[x] | |
| Definition | A new value that will be taken by all of the elements. Should be used alone. |
| Short | A new value that will be taken by all of the elements. |
| Control | 0..1 |
| Type | Choice of: url, uri, string, code, markdown, id, canonical, positiveInt, integer, boolean, dateTime, unsignedInt |
| [x] Note | SeeChoice of Data Typesfor further information about how to use [x] |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 12. AnonymizationOperation.element.noise[x] | |
| Definition | A noise that will be applied randomly on all elements. |
| Short | Noise added to values. |
| Control | 0..1 |
| Type | Choice of: integer, decimal, date, time, instant |
| [x] Note | SeeChoice of Data Typesfor further information about how to use [x] |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 14. AnonymizationOperation.element.shuffle | |
| Definition | All elements will be shuffled, none of the resources will keep their original value, but will get one from another resource. |
| Short | Shuffle elements from resources. |
| Control | 0..1 |
| Type | boolean |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| Default Value | false |
| 16. AnonymizationOperation.element.encryptionAlgorithm | |
| Definition | Encryption algorithm supported, depending from the anonymizer. |
| Short | Encryption algorithm. |
| Control | 0..1 |
| Type | string |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 18. AnonymizationOperation.element.hashFunction | |
| Definition | Hashing algorithm supported, depending from the anonymizer. |
| Short | Hashing algorithm. |
| Control | 0..1 |
| Type | string |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 20. AnonymizationOperation.element.rank | |
| Definition | Every value will get unique value unrelated from his original value. |
| Short | Defines if the value is replaced with a not related id. |
| Control | 0..1 |
| Type | boolean |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 22. AnonymizationOperation.element.aggregation | |
| Definition | If the value is a int (k), ll the value will be in a group with at least k value. If the value is a ConceptMap, all values will get their target value. |
| Short | Defines an aggregation, automatic with a k value or with a ConceptMap. |
| Control | 0..1 |
| Type | Choice of: unsignedInt, ConceptMap |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 24. AnonymizationOperation.element.diversity | |
| Definition | In addition with the k-anonymization (aggregation) of another element, the l-diversity indicate how much of |
| Short | Defines l diversity for the element. |
| Control | 0..1 |
| Type | unsignedInt |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| Default Value | 0 |
| 26. AnonymizationOperation.element.closeness | |
| Definition | If t-closeness is set, each group from k-anonymization will get the same distribution as the whole dataset. |
| Short | Defines the use of t-closeness. |
| Control | 0..1 |
| Type | boolean |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
Guidance on how to interpret the contents of this table can be found here
| 0. AnonymizationOperation | |
| Definition | Base definition for all types defined in FHIR type system. |
| Short | Base for all types and resources |
| Control | 0..* |
| Is Modifier | false |
| Logical Model | Instances of this logical model are not marked to be the target of a Reference |
| 2. AnonymizationOperation.purpose | |
| Definition | Defines what is the goal of this operation. |
| Short | Purpose of the operation. |
| Control | 0..* |
| Type | string |
| Primitive Value | This primitive type must have a value (the value must be present, and cannot be replaced by an extension) |
| Value Required | true |
| 4. AnonymizationOperation.request | |
| Control | 1..1 |
| Type | string |
| Primitive Value | This primitive type must have a value (the value must be present, and cannot be replaced by an extension) |
| Summary | true |
| Value Required | true |
| Example | <br/><b>All Patient resources.</b>:Patient/ <br/><b>All active Patient resources.</b>:Patient/?active=true |
| 6. AnonymizationOperation.element | |
| Definition | Values that the anonymization process will keep and possibly modify with the specified rules. |
| Short | Values kept by the anonymization (and only ones). |
| Control | 0..* |
| Type | BackboneElement |
| Summary | true |
| Invariants | ele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count())) |
| 8. AnonymizationOperation.element.modifierExtension | |
| Definition | May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself). |
| Short | Extensions that cannot be ignored even if unrecognized |
| Comments | There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. |
| Control | 0..* |
| Type | Extension |
| Is Modifier | true because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them |
| Summary | true |
| Requirements | Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions. |
| Alternate Names | extensions, user content, modifiers |
| Invariants | ele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count())) ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists()) |
| 10. AnonymizationOperation.element.path | |
| Definition | A FHIRPath string that points the value being kept and might be modified. |
| Short | FHIRPath pointing the value. |
| Control | 1..1 |
| Type | string |
| Primitive Value | This primitive type must have a value (the value must be present, and cannot be replaced by an extension) |
| Summary | true |
| Value Required | true |
| 12. AnonymizationOperation.element.defaultValue[x] | |
| Definition | A new value that will be taken by all of the elements. Should be used alone. |
| Short | A new value that will be taken by all of the elements. |
| Control | 0..1 |
| Type | Choice of: url, uri, string, code, markdown, id, canonical, positiveInt, integer, boolean, dateTime, unsignedInt |
| [x] Note | SeeChoice of Data Typesfor further information about how to use [x] |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 14. AnonymizationOperation.element.noise[x] | |
| Definition | A noise that will be applied randomly on all elements. |
| Short | Noise added to values. |
| Control | 0..1 |
| Type | Choice of: integer, decimal, date, time, instant |
| [x] Note | SeeChoice of Data Typesfor further information about how to use [x] |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 16. AnonymizationOperation.element.shuffle | |
| Definition | All elements will be shuffled, none of the resources will keep their original value, but will get one from another resource. |
| Short | Shuffle elements from resources. |
| Control | 0..1 |
| Type | boolean |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| Default Value | false |
| 18. AnonymizationOperation.element.encryptionAlgorithm | |
| Definition | Encryption algorithm supported, depending from the anonymizer. |
| Short | Encryption algorithm. |
| Control | 0..1 |
| Type | string |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 20. AnonymizationOperation.element.hashFunction | |
| Definition | Hashing algorithm supported, depending from the anonymizer. |
| Short | Hashing algorithm. |
| Control | 0..1 |
| Type | string |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 22. AnonymizationOperation.element.rank | |
| Definition | Every value will get unique value unrelated from his original value. |
| Short | Defines if the value is replaced with a not related id. |
| Control | 0..1 |
| Type | boolean |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 24. AnonymizationOperation.element.aggregation | |
| Definition | If the value is a int (k), ll the value will be in a group with at least k value. If the value is a ConceptMap, all values will get their target value. |
| Short | Defines an aggregation, automatic with a k value or with a ConceptMap. |
| Control | 0..1 |
| Type | Choice of: unsignedInt, ConceptMap |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 26. AnonymizationOperation.element.diversity | |
| Definition | In addition with the k-anonymization (aggregation) of another element, the l-diversity indicate how much of |
| Short | Defines l diversity for the element. |
| Control | 0..1 |
| Type | unsignedInt |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| Default Value | 0 |
| 28. AnonymizationOperation.element.closeness | |
| Definition | If t-closeness is set, each group from k-anonymization will get the same distribution as the whole dataset. |
| Short | Defines the use of t-closeness. |
| Control | 0..1 |
| Type | boolean |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
Guidance on how to interpret the contents of this table can be found here
| 0. AnonymizationOperation | |
| Definition | Base definition for all types defined in FHIR type system. |
| Short | Base for all types and resources |
| Control | 0..* |
| Is Modifier | false |
| Logical Model | Instances of this logical model are not marked to be the target of a Reference |
| 2. AnonymizationOperation.purpose | |
| Definition | Defines what is the goal of this operation. |
| Short | Purpose of the operation. |
| Control | 0..* |
| Type | string |
| Primitive Value | This primitive type must have a value (the value must be present, and cannot be replaced by an extension) |
| Value Required | true |
| 4. AnonymizationOperation.request | |
| Control | 1..1 |
| Type | string |
| Primitive Value | This primitive type must have a value (the value must be present, and cannot be replaced by an extension) |
| Summary | true |
| Value Required | true |
| Example | <br/><b>All Patient resources.</b>:Patient/ <br/><b>All active Patient resources.</b>:Patient/?active=true |
| 6. AnonymizationOperation.element | |
| Definition | Values that the anonymization process will keep and possibly modify with the specified rules. |
| Short | Values kept by the anonymization (and only ones). |
| Control | 0..* |
| Type | BackboneElement |
| Summary | true |
| Invariants | ele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count())) |
| 8. AnonymizationOperation.element.id | |
| Definition | Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces. |
| Short | Unique id for inter-element referencing |
| Control | 0..1 This element is affected by the following invariants: ele-1 |
| Type | id |
| Is Modifier | false |
| XML Format | In the XML format, this property is represented as an attribute. |
| Summary | false |
| 10. AnonymizationOperation.element.extension | |
| Definition | May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. |
| Short | Additional content defined by implementations |
| Comments | There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. |
| Control | 0..* |
| Type | Extension |
| Is Modifier | false |
| Summary | false |
| Alternate Names | extensions, user content |
| Invariants | ele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))ext-1: Must have either extensions or value[x], not both ( extension.exists() != value.exists()) |
| Slicing | This element introduces a set of slices on AnonymizationOperation.element.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators: |
| 12. AnonymizationOperation.element.modifierExtension | |
| Definition | May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself). |
| Short | Extensions that cannot be ignored even if unrecognized |
| Comments | There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. |
| Control | 0..* |
| Type | Extension |
| Is Modifier | true because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them |
| Summary | true |
| Requirements | Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions. |
| Alternate Names | extensions, user content, modifiers |
| Invariants | ele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))ext-1: Must have either extensions or value[x], not both ( extension.exists() != value.exists()) |
| 14. AnonymizationOperation.element.path | |
| Definition | A FHIRPath string that points the value being kept and might be modified. |
| Short | FHIRPath pointing the value. |
| Control | 1..1 |
| Type | string |
| Primitive Value | This primitive type must have a value (the value must be present, and cannot be replaced by an extension) |
| Summary | true |
| Value Required | true |
| 16. AnonymizationOperation.element.defaultValue[x] | |
| Definition | A new value that will be taken by all of the elements. Should be used alone. |
| Short | A new value that will be taken by all of the elements. |
| Control | 0..1 |
| Type | Choice of: url, uri, string, code, markdown, id, canonical, positiveInt, integer, boolean, dateTime, unsignedInt |
| [x] Note | SeeChoice of Data Typesfor further information about how to use [x] |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 18. AnonymizationOperation.element.noise[x] | |
| Definition | A noise that will be applied randomly on all elements. |
| Short | Noise added to values. |
| Control | 0..1 |
| Type | Choice of: integer, decimal, date, time, instant |
| [x] Note | SeeChoice of Data Typesfor further information about how to use [x] |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 20. AnonymizationOperation.element.shuffle | |
| Definition | All elements will be shuffled, none of the resources will keep their original value, but will get one from another resource. |
| Short | Shuffle elements from resources. |
| Control | 0..1 |
| Type | boolean |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| Default Value | false |
| 22. AnonymizationOperation.element.encryptionAlgorithm | |
| Definition | Encryption algorithm supported, depending from the anonymizer. |
| Short | Encryption algorithm. |
| Control | 0..1 |
| Type | string |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 24. AnonymizationOperation.element.hashFunction | |
| Definition | Hashing algorithm supported, depending from the anonymizer. |
| Short | Hashing algorithm. |
| Control | 0..1 |
| Type | string |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 26. AnonymizationOperation.element.rank | |
| Definition | Every value will get unique value unrelated from his original value. |
| Short | Defines if the value is replaced with a not related id. |
| Control | 0..1 |
| Type | boolean |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 28. AnonymizationOperation.element.aggregation | |
| Definition | If the value is a int (k), ll the value will be in a group with at least k value. If the value is a ConceptMap, all values will get their target value. |
| Short | Defines an aggregation, automatic with a k value or with a ConceptMap. |
| Control | 0..1 |
| Type | Choice of: unsignedInt, ConceptMap |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| 30. AnonymizationOperation.element.diversity | |
| Definition | In addition with the k-anonymization (aggregation) of another element, the l-diversity indicate how much of |
| Short | Defines l diversity for the element. |
| Control | 0..1 |
| Type | unsignedInt |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |
| Default Value | 0 |
| 32. AnonymizationOperation.element.closeness | |
| Definition | If t-closeness is set, each group from k-anonymization will get the same distribution as the whole dataset. |
| Short | Defines the use of t-closeness. |
| Control | 0..1 |
| Type | boolean |
| Primitive Value | This primitive element may be present, or absent, or replaced by an extension |