Plain Language Summary goes here

Introduction

The health care industry has embraced FHIR as the standard for data exchange and has been implementing FHIR in the real-world as part of the various accelerators such as Argonaut, DaVinci, and Helios. The adoption of FHIR has been further expedited by the Assistant Secretary for Technology Policy (ASTP) and Centers for Medicare and Medicaid Services (CMS) regulations that require the implementation of FHIR for multiple use cases. One of the competing requirements that is emerging in the industry is the need for data that does not contain protected health information (PHI) or personally identifiable information (PII). These requirements are common among federal reporting use cases such as Health Resources and Services Administration (HRSA) reporting, public health reporting to Centers for Disease Control and Prevention (CDC), data needs for training artificial intelligence (AI) models, and data needs for research programs. This implementation guide creates a set of services that can de-identify, anonymize, and redact data represented by United States Core Data for Interoperability (USCDI) resources based on a policy identifier.

This implementation guide (IG) defines the specifications by which federal agencies such as HRSA, Substance Abuse and Mental Health Administration (SAMHSA), and others can receive line level de-identified information and can publish anonymized datasets. The IG specifies services to

• Psuedonymize patient data
• De-identify patient data based on a policy identifier
• Anonymize health care data sets using specific techniques

The main sections of this IG are:

• Background - The page provides introduction and definitions for de-identification, pseudonymization, and anonymization.
• Use Cases - Defines the use case, workflows. actors and systems that will be used as part of the IG.
• Formal Specification - Defines the formal specification in terms of requirements that need to be implemented by a service provider.
• FHIR Artifacts - Defines the FHIR artifacts for the IG.
• Downloads - Allows downloading a copy of this implementation guide and other useful information

Relationship to other Implementation Guides

This section elaborates the relationship of this IG to other implementation guides.

Relationship to US Core Implementation Guide

This implementation guide, leverages terminology from US Core, and also uses US Core profiles to specify the inputs to the DARTS services. The outputs of DARTS services will be represented using profiles specified in the DAPL IG.

Relationship to De-identified, Anonymized FHIR Profiles Library (DAPL) Implementation Guide

This DARTS IG complements the De-identified, Anonymized FHIR Profiles Library (DAPL) Implementation Guide by defining the services that implement techniques and algorithms for de-identification and anonymization, whereas the DAPL IG defines the set of profiles to represent the de-identified and anonymized information.

Relationship to Data Segmentation for Privacy (DS4P) Implementation Guide

The DS4P IG provides guidance for applying security labels in FHIR that can be used to protect the privacy of patients' data. DARTS IG on the other hand aims to remove PHI/PII from the data and hence will not be using the DS4P tags currently.