Anonymization Operation - Anonymization-on-FHIR v0.0.1

Anonymization-on-FHIR
0.0.1 - draft

Anonymization-on-FHIR, published by . This guide is not an authorized publication; it is the continuous build for version 0.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/ErwanBrunelliere/Anonymization-on-FHIR/ and changes regularly. See the Directory of published versions

Logical Model: Anonymization Operation ( Experimental )

Official URL: https://build.fhir.org/ig/ErwanBrunelliere/Anonymization-on-FHIR/StructureDefinition/AnonymizationOperation				Version: 0.0.1
Draft as of 2024-09-10				Computable Name: AnonymizationOperation

This logical model defines an operation that will or has been processed for transforming a fhir request result in a anonymized dataset. We specify by ruleset the values that we want to keep and with which operation.

Defines past or future anonymization operation.

Usage:

This Logical Model Profile is not used by any profiles in this Implementation Guide

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

Differential Table
Key Elements Table
Snapshot Table
Statistics/References
All

This structure is derived from Base

Name	Flags	Card.	Type	Description & Constraints
AnonymizationOperation		0..*	Base	Base for all types and resources Instances of this logical model are not marked to be the target of a Reference
purpose	V	0..*	string	Purpose of the operation.
request	ΣV	1..1	string	Example All Patient resources.: Patient/ Example All active Patient resources.: Patient/?active=true
element	Σ	0..*	BackboneElement	Values kept by the anonymization (and only ones).
path	ΣV	1..1	string	FHIRPath pointing the value.
defaultValue[x]		0..1		A new value that will be taken by all of the elements.
defaultValueUrl			url
defaultValueUri			uri
defaultValueString			string
defaultValueCode			code
defaultValueMarkdown			markdown
defaultValueId			id
defaultValueCanonical			canonical(Any)
defaultValuePositiveInt			positiveInt
defaultValueInteger			integer
defaultValueBoolean			boolean
defaultValueDateTime			dateTime
defaultValueUnsignedInt			unsignedInt
noise[x]		0..1		Noise added to values.
noiseInteger			integer
noiseDecimal			decimal
noiseDate			date
noiseTime			time
noiseInstant			instant
shuffle		0..1	boolean	Shuffle elements from resources.
encryptionAlgorithm		0..1	string	Encryption algorithm.
hashFunction		0..1	string	Hashing algorithm.
rank		0..1	boolean	Defines if the value is replaced with a not related id.
aggregation		0..1		Defines an aggregation, automatic with a k value or with a ConceptMap.
aggregation			unsignedInt
aggregation			ConceptMap
diversity		0..1	unsignedInt	Defines l diversity for the element.
closeness		0..1	boolean	Defines the use of t-closeness.
Documentation for this format

Name	Flags	Card.	Type	Description & Constraints
AnonymizationOperation		0..*	Base	Base for all types and resources Instances of this logical model are not marked to be the target of a Reference
purpose	V	0..*	string	Purpose of the operation.
request	ΣV	1..1	string	Example All Patient resources.: Patient/ Example All active Patient resources.: Patient/?active=true
element	Σ	0..*	BackboneElement	Values kept by the anonymization (and only ones).
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
path	ΣV	1..1	string	FHIRPath pointing the value.
defaultValue[x]		0..1		A new value that will be taken by all of the elements.
defaultValueUrl			url
defaultValueUri			uri
defaultValueString			string
defaultValueCode			code
defaultValueMarkdown			markdown
defaultValueId			id
defaultValueCanonical			canonical(Any)
defaultValuePositiveInt			positiveInt
defaultValueInteger			integer
defaultValueBoolean			boolean
defaultValueDateTime			dateTime
defaultValueUnsignedInt			unsignedInt
noise[x]		0..1		Noise added to values.
noiseInteger			integer
noiseDecimal			decimal
noiseDate			date
noiseTime			time
noiseInstant			instant
shuffle		0..1	boolean	Shuffle elements from resources.
encryptionAlgorithm		0..1	string	Encryption algorithm.
hashFunction		0..1	string	Hashing algorithm.
rank		0..1	boolean	Defines if the value is replaced with a not related id.
aggregation		0..1		Defines an aggregation, automatic with a k value or with a ConceptMap.
aggregation			unsignedInt
aggregation			ConceptMap
diversity		0..1	unsignedInt	Defines l diversity for the element.
closeness		0..1	boolean	Defines the use of t-closeness.
Documentation for this format

Constraints

Id	Grade	Path(s)	Details	Requirements
ele-1	error	ALL elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())
ext-1	error	ALL extensions	Must have either extensions or value[x], not both : extension.exists() != value.exists()

Name	Flags	Card.	Type	Description & Constraints
AnonymizationOperation		0..*	Base	Base for all types and resources Instances of this logical model are not marked to be the target of a Reference
purpose	V	0..*	string	Purpose of the operation.
request	ΣV	1..1	string	Example All Patient resources.: Patient/ Example All active Patient resources.: Patient/?active=true
element	Σ	0..*	BackboneElement	Values kept by the anonymization (and only ones).
@id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
path	ΣV	1..1	string	FHIRPath pointing the value.
defaultValue[x]		0..1		A new value that will be taken by all of the elements.
defaultValueUrl			url
defaultValueUri			uri
defaultValueString			string
defaultValueCode			code
defaultValueMarkdown			markdown
defaultValueId			id
defaultValueCanonical			canonical(Any)
defaultValuePositiveInt			positiveInt
defaultValueInteger			integer
defaultValueBoolean			boolean
defaultValueDateTime			dateTime
defaultValueUnsignedInt			unsignedInt
noise[x]		0..1		Noise added to values.
noiseInteger			integer
noiseDecimal			decimal
noiseDate			date
noiseTime			time
noiseInstant			instant
shuffle		0..1	boolean	Shuffle elements from resources.
encryptionAlgorithm		0..1	string	Encryption algorithm.
hashFunction		0..1	string	Hashing algorithm.
rank		0..1	boolean	Defines if the value is replaced with a not related id.
aggregation		0..1		Defines an aggregation, automatic with a k value or with a ConceptMap.
aggregation			unsignedInt
aggregation			ConceptMap
diversity		0..1	unsignedInt	Defines l diversity for the element.
closeness		0..1	boolean	Defines the use of t-closeness.
Documentation for this format

Constraints

Id	Grade	Path(s)	Details	Requirements
ele-1	error	ALL elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())
ext-1	error	ALL extensions	Must have either extensions or value[x], not both : extension.exists() != value.exists()

This structure is derived from Base

Summary

Mandatory: 0 element(2 nested mandatory elements)

Differential View

This structure is derived from Base

Name	Flags	Card.	Type	Description & Constraints
AnonymizationOperation		0..*	Base	Base for all types and resources Instances of this logical model are not marked to be the target of a Reference
purpose	V	0..*	string	Purpose of the operation.
request	ΣV	1..1	string	Example All Patient resources.: Patient/ Example All active Patient resources.: Patient/?active=true
element	Σ	0..*	BackboneElement	Values kept by the anonymization (and only ones).
path	ΣV	1..1	string	FHIRPath pointing the value.
defaultValue[x]		0..1		A new value that will be taken by all of the elements.
defaultValueUrl			url
defaultValueUri			uri
defaultValueString			string
defaultValueCode			code
defaultValueMarkdown			markdown
defaultValueId			id
defaultValueCanonical			canonical(Any)
defaultValuePositiveInt			positiveInt
defaultValueInteger			integer
defaultValueBoolean			boolean
defaultValueDateTime			dateTime
defaultValueUnsignedInt			unsignedInt
noise[x]		0..1		Noise added to values.
noiseInteger			integer
noiseDecimal			decimal
noiseDate			date
noiseTime			time
noiseInstant			instant
shuffle		0..1	boolean	Shuffle elements from resources.
encryptionAlgorithm		0..1	string	Encryption algorithm.
hashFunction		0..1	string	Hashing algorithm.
rank		0..1	boolean	Defines if the value is replaced with a not related id.
aggregation		0..1		Defines an aggregation, automatic with a k value or with a ConceptMap.
aggregation			unsignedInt
aggregation			ConceptMap
diversity		0..1	unsignedInt	Defines l diversity for the element.
closeness		0..1	boolean	Defines the use of t-closeness.
Documentation for this format

Key Elements View

Name	Flags	Card.	Type	Description & Constraints
AnonymizationOperation		0..*	Base	Base for all types and resources Instances of this logical model are not marked to be the target of a Reference
purpose	V	0..*	string	Purpose of the operation.
request	ΣV	1..1	string	Example All Patient resources.: Patient/ Example All active Patient resources.: Patient/?active=true
element	Σ	0..*	BackboneElement	Values kept by the anonymization (and only ones).
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
path	ΣV	1..1	string	FHIRPath pointing the value.
defaultValue[x]		0..1		A new value that will be taken by all of the elements.
defaultValueUrl			url
defaultValueUri			uri
defaultValueString			string
defaultValueCode			code
defaultValueMarkdown			markdown
defaultValueId			id
defaultValueCanonical			canonical(Any)
defaultValuePositiveInt			positiveInt
defaultValueInteger			integer
defaultValueBoolean			boolean
defaultValueDateTime			dateTime
defaultValueUnsignedInt			unsignedInt
noise[x]		0..1		Noise added to values.
noiseInteger			integer
noiseDecimal			decimal
noiseDate			date
noiseTime			time
noiseInstant			instant
shuffle		0..1	boolean	Shuffle elements from resources.
encryptionAlgorithm		0..1	string	Encryption algorithm.
hashFunction		0..1	string	Hashing algorithm.
rank		0..1	boolean	Defines if the value is replaced with a not related id.
aggregation		0..1		Defines an aggregation, automatic with a k value or with a ConceptMap.
aggregation			unsignedInt
aggregation			ConceptMap
diversity		0..1	unsignedInt	Defines l diversity for the element.
closeness		0..1	boolean	Defines the use of t-closeness.
Documentation for this format

Constraints

Id	Grade	Path(s)	Details	Requirements
ele-1	error	ALL elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())
ext-1	error	ALL extensions	Must have either extensions or value[x], not both : extension.exists() != value.exists()

Snapshot View

Name	Flags	Card.	Type	Description & Constraints
AnonymizationOperation		0..*	Base	Base for all types and resources Instances of this logical model are not marked to be the target of a Reference
purpose	V	0..*	string	Purpose of the operation.
request	ΣV	1..1	string	Example All Patient resources.: Patient/ Example All active Patient resources.: Patient/?active=true
element	Σ	0..*	BackboneElement	Values kept by the anonymization (and only ones).
@id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
path	ΣV	1..1	string	FHIRPath pointing the value.
defaultValue[x]		0..1		A new value that will be taken by all of the elements.
defaultValueUrl			url
defaultValueUri			uri
defaultValueString			string
defaultValueCode			code
defaultValueMarkdown			markdown
defaultValueId			id
defaultValueCanonical			canonical(Any)
defaultValuePositiveInt			positiveInt
defaultValueInteger			integer
defaultValueBoolean			boolean
defaultValueDateTime			dateTime
defaultValueUnsignedInt			unsignedInt
noise[x]		0..1		Noise added to values.
noiseInteger			integer
noiseDecimal			decimal
noiseDate			date
noiseTime			time
noiseInstant			instant
shuffle		0..1	boolean	Shuffle elements from resources.
encryptionAlgorithm		0..1	string	Encryption algorithm.
hashFunction		0..1	string	Hashing algorithm.
rank		0..1	boolean	Defines if the value is replaced with a not related id.
aggregation		0..1		Defines an aggregation, automatic with a k value or with a ConceptMap.
aggregation			unsignedInt
aggregation			ConceptMap
diversity		0..1	unsignedInt	Defines l diversity for the element.
closeness		0..1	boolean	Defines the use of t-closeness.
Documentation for this format

Constraints

Id	Grade	Path(s)	Details	Requirements
ele-1	error	ALL elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())
ext-1	error	ALL extensions	Must have either extensions or value[x], not both : extension.exists() != value.exists()

This structure is derived from Base

Summary

Mandatory: 0 element(2 nested mandatory elements)

Other representations of profile: CSV, Excel

Notes:

Aggregation

Given a dataset of individuals with their age and their disease.

Their data is not anonymized. If we know someone's age, we can know his disease.

k-anonymization

We made an aggregation with k=2. Groups has been created with a least 2 individuals in each.

Now, the problem is that if we know someone who is older than 25 years, we can say that he has disease A.

l-diversity

After l = 1 diversity, we have now at least one of each disease in every group.

With these, we cannot be sure of the disease of an individual given his age.

But we can still statistically guess his disease. For example, an individual older than 14 has a 2 in 3 chance of having disease B. While with the whole data set a person has one chance in two to have disease B.

t-closeness

t-closeness means that each group will have the same distribution if it has the complete original data set. In our case, each group will have the same amount of disease A as disease B.