Package google.cloud.healthcare.v1beta1.deidentify

Index

DeidentifyService (interface)
CharacterMaskConfig (message)
CryptoHashConfig (message)
DateShiftConfig (message)
DeidentifyConfig (message)
DeidentifyConfig.AnnotationConfig (message)
DeidentifyConfig.DeidentifyOperationMetadata (message)
DeidentifyConfig.DeidentifyOperationMetadata.FhirOutput (message)
DeidentifyConfig.DicomConfig (message)
DeidentifyConfig.DicomConfig.TagFilterList (message)
DeidentifyConfig.DicomConfig.TagFilterProfile (enum)
DeidentifyConfig.DicomTagConfig (message)
DeidentifyConfig.DicomTagConfig.Action (message)
DeidentifyConfig.DicomTagConfig.CleanTextTag (message)
DeidentifyConfig.DicomTagConfig.DeleteTag (message)
DeidentifyConfig.DicomTagConfig.KeepTag (message)
DeidentifyConfig.DicomTagConfig.Options (message)
DeidentifyConfig.DicomTagConfig.Options.CleanDescriptorsOption (message)
DeidentifyConfig.DicomTagConfig.Options.PrimaryIdsOption (enum)
DeidentifyConfig.DicomTagConfig.ProfileType (enum)
DeidentifyConfig.DicomTagConfig.RecurseTag (message)
DeidentifyConfig.DicomTagConfig.RegenUidTag (message)
DeidentifyConfig.DicomTagConfig.RemoveTag (message)
DeidentifyConfig.DicomTagConfig.ResetTag (message)
DeidentifyConfig.FhirConfig (message)
DeidentifyConfig.FhirConfig.FieldMetadata (message)
DeidentifyConfig.FhirConfig.FieldMetadata.Action (enum)
DeidentifyConfig.FhirFieldConfig (message)
DeidentifyConfig.FhirFieldConfig.CharacterMaskField (message)
DeidentifyConfig.FhirFieldConfig.CleanTextField (message)
DeidentifyConfig.FhirFieldConfig.CryptoHashField (message)
DeidentifyConfig.FhirFieldConfig.DateShiftField (message)
DeidentifyConfig.FhirFieldConfig.FieldMetadata (message)
DeidentifyConfig.FhirFieldConfig.KeepField (message)
DeidentifyConfig.FhirFieldConfig.Options (message)
DeidentifyConfig.FhirFieldConfig.Options.ContextualDeidConfig (message)
DeidentifyConfig.FhirFieldConfig.Options.KeepExtensionsConfig (message)
DeidentifyConfig.FhirFieldConfig.ProfileType (enum)
DeidentifyConfig.FhirFieldConfig.RemoveField (message)
DeidentifyConfig.ImageConfig (message)
DeidentifyConfig.ImageConfig.TextRedactionMode (enum)
DeidentifyConfig.TextConfig (message)
DeidentifyConfig.TextConfig.ProfileType (enum)
DeidentifyDicomStoreRequest (message)
DeidentifyDicomStoreSummary (message)
DeidentifyFhirStoreRequest (message)
DeidentifyFhirStoreRequest.FhirFilter (message)
DeidentifyFhirStoreRequest.FhirFilter.Resources (message)
DeidentifyFhirStoreSummary (message)
DeidentifySummary (message)
InfoTypeTransformation (message)
KmsWrappedCryptoKey (message)
RedactConfig (message)
ReplaceWithInfoTypeConfig (message)

DeidentifyService

A service for de-identifying healthcare data.

DeidentifyDicomStore

DeidentifyDicomStore
`rpc DeidentifyDicomStore(DeidentifyDicomStoreRequest) returns (Operation)` De-identifies data from the source store and writes it to the destination store. The `metadata` field type is `OperationMetadata`. If the request is successful, the `response` field type is `DeidentifyDicomStoreSummary`. The LRO result may still be successful if de-identification fails for some DICOM instances. The output DICOM store will not contain these failed resources. The number of resources processed are tracked in `Operation.metadata`. Error details are logged to Cloud Logging. For more information, see Viewing error logs in Cloud Logging. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DeidentifyDicomStore(DeidentifyDicomStoreRequest) returns (Operation)

De-identifies data from the source store and writes it to the destination store. The metadata field type is OperationMetadata. If the request is successful, the response field type is DeidentifyDicomStoreSummary. The LRO result may still be successful if de-identification fails for some DICOM instances. The output DICOM store will not contain these failed resources. The number of resources processed are tracked in Operation.metadata. Error details are logged to Cloud Logging. For more information, see Viewing error logs in Cloud Logging.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeidentifyFhirStore

DeidentifyFhirStore
`rpc DeidentifyFhirStore(DeidentifyFhirStoreRequest) returns (Operation)` De-identifies data from the source store and writes it to the destination store. The `metadata` field type is `OperationMetadata`. If the request is successful, the `response` field type is `DeidentifyFhirStoreSummary`. The number of resources processed are tracked in `Operation.metadata`. Error details are logged to Cloud Logging. For more information, see Viewing error logs in Cloud Logging. Authorization scopes Requires one of the following OAuth scopes: `https://www.googleapis.com/auth/cloud-healthcare` `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DeidentifyFhirStore(DeidentifyFhirStoreRequest) returns (Operation)

De-identifies data from the source store and writes it to the destination store. The metadata field type is OperationMetadata. If the request is successful, the response field type is DeidentifyFhirStoreSummary. The number of resources processed are tracked in Operation.metadata. Error details are logged to Cloud Logging. For more information, see Viewing error logs in Cloud Logging.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-healthcare
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CharacterMaskConfig

Mask a string by replacing its characters with a fixed character.

Fields

Fields
`masking_character`	`string` Character to mask the sensitive values. If not supplied, defaults to "*".

masking_character

string

Character to mask the sensitive values. If not supplied, defaults to "*".

CryptoHashConfig

Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. Outputs a base64-encoded representation of the hashed output. For example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=.

Fields

Fields
`crypto_key`	`bytes` An AES 128/192/256 bit key. Causes the hash to be computed based on this key. A default key is generated for each Deidentify operation and is used when neither `crypto_key` nor `kms_wrapped` is specified. Must not be set if `kms_wrapped` is set.
`kms_wrapped`	`KmsWrappedCryptoKey` KMS wrapped key. Must not be set if `crypto_key` is set.

crypto_key

bytes

An AES 128/192/256 bit key. Causes the hash to be computed based on this key. A default key is generated for each Deidentify operation and is used when neither crypto_key nor kms_wrapped is specified. Must not be set if kms_wrapped is set.

kms_wrapped

KmsWrappedCryptoKey

KMS wrapped key. Must not be set if crypto_key is set.

DateShiftConfig

Shift a date forward or backward in time by a random amount which is consistent for a given patient and crypto key combination.

Fields

Fields
`crypto_key`	`bytes` An AES 128/192/256 bit key. The date shift is computed based on this key and the patient ID. If the patient ID is empty for a DICOM resource, the date shift is computed based on this key and the study instance UID. If `crypto_key` is not set, then `kms_wrapped` is used to calculate the date shift. If neither is set, a default key is generated for each de-identify operation. Must not be set if `kms_wrapped` is set.
`kms_wrapped`	`KmsWrappedCryptoKey` KMS wrapped key. If `kms_wrapped` is not set, then `crypto_key` is used to calculate the date shift. If neither is set, a default key is generated for each de-identify operation. Must not be set if `crypto_key` is set.

crypto_key

bytes

An AES 128/192/256 bit key. The date shift is computed based on this key and the patient ID. If the patient ID is empty for a DICOM resource, the date shift is computed based on this key and the study instance UID. If crypto_key is not set, then kms_wrapped is used to calculate the date shift. If neither is set, a default key is generated for each de-identify operation. Must not be set if kms_wrapped is set.

kms_wrapped

KmsWrappedCryptoKey

KMS wrapped key. If kms_wrapped is not set, then crypto_key is used to calculate the date shift. If neither is set, a default key is generated for each de-identify operation. Must not be set if crypto_key is set.

DeidentifyConfig

Configures de-id options specific to different types of content. Each submessage customizes the handling of an https://tools.ietf.org/html/rfc6838 media type or subtype. Configs are applied in a nested manner at runtime.

Fields
`dicom (deprecated)`	`DicomConfig` This item is deprecated! Configures de-id of application/DICOM content. Deprecated. Use `dicom_tag_config` instead.
`dicom_tag_config`	`DicomTagConfig` Configures de-id of application/DICOM content.
`fhir (deprecated)`	`FhirConfig` This item is deprecated! Configures de-id of application/FHIR content. Deprecated. Use `fhir_field_config` instead.
`fhir_field_config`	`FhirFieldConfig` Configures de-id of application/FHIR content.
`image (deprecated)`	`ImageConfig` This item is deprecated! Configures the de-identification of image pixels in the source_dataset. Deprecated. Use `dicom_tag_config.options.clean_image` instead.
`annotation`	`AnnotationConfig` Configures how annotations, meaning that the location and infoType of sensitive information findings, are created during de-identification. If unspecified, no annotations are created.
`text`	`TextConfig` Configures de-identification of text wherever it is found in the source_dataset.
`operation_metadata`	`DeidentifyOperationMetadata` Details about the work the de-identify operation performed.
`use_regional_data_processing`	`bool` Ensures in-flight data remains in the region of origin during de-identification. Using this option results in a significant reduction of throughput, and is not compatible with `LOCATION` or `ORGANIZATION_NAME` infoTypes. If the deprecated `DicomConfig` or `FhirConfig` are used, then `LOCATION` must be excluded within `TextConfig`, and must also be excluded within `ImageConfig` if image redaction is required.

AnnotationConfig

Specifies how to store annotations during de-identification operation.

Fields

Fields
`annotation_store_name`	`string` The name of the annotation store, in the form `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/annotationStores/{annotation_store_id}`). The destination annotation store must be in the same project as the source data. De-identifying data across multiple projects is not supported. The destination annotation store must exist when using `DeidentifyDicomStore` or `DeidentifyFhirStore`. `DeidentifyDataset` automatically creates the destination annotation store.
`store_quote`	`bool` If set to true, the sensitive texts are included in `SensitiveTextAnnotation` of `Annotation`.

annotation_store_name

string

The name of the annotation store, in the form projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/annotationStores/{annotation_store_id}).

The destination annotation store must be in the same project as the source data. De-identifying data across multiple projects is not supported.
The destination annotation store must exist when using DeidentifyDicomStore or DeidentifyFhirStore. DeidentifyDataset automatically creates the destination annotation store.

store_quote

bool

If set to true, the sensitive texts are included in SensitiveTextAnnotation of Annotation.

DeidentifyOperationMetadata

Details about the work the de-identify operation performed.

Fields

fhir_output

FhirOutput

Details about the FHIR store to write the output to.

FhirOutput

Details about the FHIR store to write the output to.

Fields

fhir_store

string

Name of the output FHIR store, which must already exist. You must grant the healthcare.fhirResources.update permission on the destination store to your project's Cloud Healthcare Service Agent service account. The destination store must set enableUpdateCreate to true. The destination store must use FHIR version R4. Writing these resources will consume FHIR operations quota from the project containing the source data. De-identify operation metadata is only generated for DICOM de-identification operations.

DicomConfig

Specifies the parameters needed for de-identification of DICOM stores.

Fields
`skip_id_redaction`	`bool` If true, skip replacing StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched. The Cloud Healthcare API regenerates these UIDs by default based on the DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly to an individual out of context, given access to the original images, or to a database of the original images containing the UIDs, it would be possible to recover the individual's identity." http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html
Union field `tag_filter`. Determines tag filtering method (meaning which tags to keep/remove). `tag_filter` can be only one of the following:
`keep_list`	`TagFilterList` List of tags to keep. Remove all other tags.
`remove_list`	`TagFilterList` List of tags to remove. Keep all other tags.
`filter_profile`	`TagFilterProfile` Tag filtering profile that determines which tags to keep/remove.

TagFilterList

List of tags to be filtered.

Fields

Fields
`tags[]`	`string` Tags to be filtered. Tags must be DICOM Data Elements, File Meta Elements, or Directory Structuring Elements, as defined at: http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,. They may be provided by "Keyword" or "Tag". For example, "PatientID", "00100010".

tags[]

string

Tags to be filtered. Tags must be DICOM Data Elements, File Meta Elements, or Directory Structuring Elements, as defined at: http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,. They may be provided by "Keyword" or "Tag". For example, "PatientID", "00100010".

TagFilterProfile

Profile that determines which tags to keep/remove.

Enums
`TAG_FILTER_PROFILE_UNSPECIFIED`	No tag filtration profile provided. Same as KEEP_ALL_PROFILE.
`MINIMAL_KEEP_LIST_PROFILE`	Keep only the tags required to produce valid DICOM objects.
`ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE`	Remove tags based on DICOM Standard's Attribute Confidentiality Basic Profile (DICOM Standard Edition 2018e) http://dicom.nema.org/medical/dicom/2018e/output/chtml/part15/chapter_E.html.
`KEEP_ALL_PROFILE`	Keep all tags.
`DEIDENTIFY_TAG_CONTENTS`	Inspect within tag contents and replace sensitive text. The process can be configured using the TextConfig. Applies to all tags with the following Value Representation names: AE, LO, LT, PN, SH, ST, UC, UT, DA, DT, AS

DicomTagConfig

Specifies the parameters needed for the de-identification of DICOM stores.

Fields
`options`	`Options` Specifies additional options to apply, overriding the base `profile`.
`actions[]`	`Action` Specifies custom tag selections and `Actions` to apply to them. Overrides `options` and `profile`. Conflicting `Actions` are applied in the order given.
Union field `profile`. Base profile that specifies how to handle tags. This behavior can be customized using `Options` or custom `Actions`. `profile` can be only one of the following:
`profile_type`	`ProfileType` Base profile type for handling DICOM tags.

Action

Specifies a selection of tags and an Action to apply to each one.

Fields
`queries[]`	`string` Select all tags with the listed tag IDs, names, or Value Representations (VRs). Examples: ID: "00100010" Keyword: "PatientName" VR: "PN"
Union field `type`. Type of action to apply to all selected tags. `type` can be only one of the following:
`keep_tag`	`KeepTag` Keep tag unchanged.
`remove_tag`	`RemoveTag` Replace with empty tag.
`delete_tag`	`DeleteTag` Delete tag.
`reset_tag`	`ResetTag` Reset tag to a placeholder value.
`clean_text_tag`	`CleanTextTag` Inspect text and transform sensitive text. Configurable via `TextConfig`. Supported Value Representations: AE, LO, LT, PN, SH, ST, UC, UT, DA, DT, AS
`clean_image_tag`	`ImageConfig` Inspect image and transform sensitive burnt-in text. Doesn't apply to elements nested in a sequence, which revert to `Keep`. Supported tags: PixelData
`regen_uid_tag`	`RegenUidTag` Replace UID with a new generated UID. Supported Value Representation: UI
`recurse_tag`	`RecurseTag` Recursively apply DICOM de-id to tags nested in a sequence. Supported Value Representation: SQ

CleanTextTag

This type has no fields.

Inspect text and transform sensitive text. Configurable using TextConfig. Supported Value Representations: AE, LO, LT, PN, SH, ST, UC, UT, DA, DT, AS

DeleteTag

This type has no fields.

Delete tag.

KeepTag

This type has no fields.

Keep tag unchanged.

Options

Specifies additional options to apply to the base profile.

Fields

Fields
`clean_image`	`ImageConfig` Apply `Action.clean_image` to `PixelData` as configured.
`primary_ids`	`PrimaryIdsOption` Set `Action` for `StudyInstanceUID`, `SeriesInstanceUID`, `SOPInstanceUID`, and `MediaStorageSOPInstanceUID`.
`clean_descriptors`	`CleanDescriptorsOption` Set Clean Descriptors Option.

clean_image

ImageConfig

Apply Action.clean_image to PixelData as configured.

primary_ids

PrimaryIdsOption

Set Action for StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID.

clean_descriptors

CleanDescriptorsOption

Set Clean Descriptors Option.

CleanDescriptorsOption

This type has no fields.

This option is based on the DICOM Standard's Clean Descriptors Option, and the CleanText Action is applied to all the specified fields. When cleaning text, the process attempts to transform phrases matching any of the tags marked for removal (action codes D, Z, X, and U) in the Basic Profile. These contextual phrases are replaced with the token "[CTX]". This option uses an additional infoType during inspection.

PrimaryIdsOption

Set Action for StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID.

Enums
`PRIMARY_IDS_OPTION_UNSPECIFIED`	No value provided. Default to the behavior specified by the base profile.
`KEEP`	Keep primary IDs.
`REGEN`	Regenerate primary IDs.

ProfileType

Base profile that specifies how to handle tags.

Enums
`PROFILE_TYPE_UNSPECIFIED`	No profile provided. Same as `ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE`.
`MINIMAL_KEEP_LIST_PROFILE`	Keep only the tags required to produce valid DICOM objects.
`ATTRIBUTE_CONFIDENTIALITY_BASIC_PROFILE`	Remove tags based on DICOM Standard's Attribute Confidentiality Basic Profile (DICOM Standard Edition 2018e).
`KEEP_ALL_PROFILE`	Keep all tags.
`DEIDENTIFY_TAG_CONTENTS`	Inspect tag contents and replace sensitive text. The process can be configured using the `TextConfig`. Applies to all tags with the following Value Representations: AE, LO, LT, PN, SH, ST, UC, UT, DA, DT, AS

RecurseTag

This type has no fields.

Recursively apply DICOM de-id to tags nested in a sequence. Supported Value Representation: SQ

RegenUidTag

This type has no fields.

Replace UID with a new generated UID. Supported Value Representation: UI

RemoveTag

This type has no fields.

Replace with empty tag.

ResetTag

This type has no fields.

Reset tag to a placeholder value.

FhirConfig

Specifies how to handle de-identification of a FHIR store.

Fields

Fields
`field_metadata_list[]`	`FieldMetadata` Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to `default_keep_extensions`. If a field can be matched by more than one FieldMetadata, the first FieldMetadata.Action is applied.
`default_keep_extensions`	`bool` The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.

field_metadata_list[]

FieldMetadata

Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to default_keep_extensions. If a field can be matched by more than one FieldMetadata, the first FieldMetadata.Action is applied.

default_keep_extensions

bool

The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.

FieldMetadata

Specifies FHIR paths to match, and how to handle de-identification of matching fields.

Fields

paths[]

string

List of paths to FHIR fields to redact. Each path is a period-separated list where each component is either a field name or FHIR type name. All types begin with an upper case letter. For example, the resource field "Patient.Address.city", which uses a string type, can be matched by "Patient.Address.String". Path also supports partial matching. For example, "Patient.Address.city" can be matched by "Address.city" (Patient omitted). Partial matching and type matching can be combined. For example, "Patient.Address.city" can be matched by "Address.String". For "choice" types (those defined in the FHIR spec with the form: field[x]), use two separate components. For example, "deceasedAge.unit" is matched by "Deceased.Age.unit". Supported types are: AdministrativeGenderCode, Base64Binary, Boolean, Code, Date, DateTime, Decimal, HumanName, Id, Instant, Integer, LanguageCode, Markdown, Oid, PositiveInt, String, UnsignedInt, Uri, Uuid, Xhtml. The sub-type for HumanName(for example HumanName.given, HumanName.family) can be omitted.

action

Action

Deidentify action for one field.

Action

Whether or not to redact this field, or whether to inspect it for PHI.

Enums
`ACTION_UNSPECIFIED`	No action specified.
`TRANSFORM`	Transform the entire field based on transformations specified in TextConfig. When the specified transformation cannot be applied to a field, RedactConfig is used. For example, a Crypto Hash transformation can't be applied to a FHIR Date field.
`INSPECT_AND_TRANSFORM`	Inspect and transform any found PHI. When `AnnotationConfig` is provided, annotations of PHI will be generated, except for `Date` and `Datetime`.
`DO_NOT_TRANSFORM`	Do not transform.

FhirFieldConfig

Specifies how to handle the de-identification of a FHIR store.

Fields
`options`	`Options` Specifies additional options, overriding the base `ProfileType`.
`field_metadata_list[]`	`FieldMetadata` Specifies FHIR paths to match and how to transform them. Any field that is not matched by a `FieldMetadata` `action` is passed through to the output dataset unmodified. All extensions will be processed according to `keep_extensions`. If a field can be matched by more than one `FieldMetadata` `action`, the first `action` option is applied. Overrides `options` and the union field `profile` in `FhirFieldConfig`.
Union field `profile`. Base profile that specifies how to handle fields. This behavior can be customized using `Options` or `FieldMetadata`. `profile` can be only one of the following:
`profile_type`	`ProfileType` Base profile type for handling FHIR fields.

CharacterMaskField

This type has no fields.

Replace field value with masking character. Supported types: Code, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.

CleanTextField

This type has no fields.

Inspect text and transform sensitive text. Configure using TextConfig. Supported types: Code, Date, DateTime, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.

CryptoHashField

This type has no fields.

Replace field value with a hash of that value. Supported types: Code, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.

DateShiftField

This type has no fields.

Shift the date by a randomized number of days. See date shifting for more information. Supported types: Date, DateTime.

FieldMetadata

Specifies the FHIR paths to match and how to handle the de-identification of matching fields.

Fields
`paths[]`	`string` List of paths to FHIR fields to redact. Each path is a period-separated list where each component is either a field name or FHIR type name. All types begin with an upper case letter. For example, the resource field `Patient.Address.city`, which uses a string type, can be matched by `Patient.Address.String`. Partial matching is supported. For example, `Patient.Address.city` can be matched by `Address.city` (with `Patient` omitted). Partial matching and type matching can be combined, for example `Patient.Address.city` can be matched by `Address.String`. For "choice" types (those defined in the FHIR spec with the format `field[x]`), use two separate components. For example, `deceasedAge.unit` is matched by `Deceased.Age.unit`. The following types are supported: AdministrativeGenderCode, Base64Binary, Boolean, Code, Date, DateTime, Decimal, HumanName, Id, Instant, Integer, LanguageCode, Markdown, Oid, PositiveInt, String, UnsignedInt, Uri, Uuid, Xhtml. The sub-type for HumanName (for example `HumanName.given`, `HumanName.family`) can be omitted.
Union field `action`. Specifies the action to apply to the applicable fields. `action` can be only one of the following:
`keep_field`	`KeepField` Keep the field unchanged.
`remove_field`	`RemoveField` Remove the field.
`clean_text_field`	`CleanTextField` Inspect the field's text and transform sensitive text. Configure using `TextConfig`. Supported types: Code, Date, DateTime, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.
`character_mask_field`	`CharacterMaskField` Replace the field's value with a masking character. Supported types: Code, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.
`date_shift_field`	`DateShiftField` Shift the date by a randomized number of days. See date shifting for more information. Supported types: Date, DateTime.
`crypto_hash_field`	`CryptoHashField` Replace field value with a hash of that value. Supported types: Code, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.

KeepField

This type has no fields.

Keep field unchanged.

Options

Specifies additional options to apply to the base ProfileType.

Fields
`character_mask_config`	`CharacterMaskConfig` Character mask config for `CharacterMaskField`.
`date_shift_config`	`DateShiftConfig` Date shifting config for `CharacterMaskField`.
`crypto_hash_config`	`CryptoHashConfig` Crypto hash config for `CharacterMaskField`.
`contextual_deid`	`ContextualDeidConfig` Configure contextual de-id.
`keep_extensions`	`KeepExtensionsConfig` Configure keeping extensions by default.

ContextualDeidConfig

This type has no fields.

Fields that don't match a KeepField or CleanTextField action in the BASIC profile are collected into a contextual phrase list. For fields that match a CleanTextField action in FieldMetadata or ProfileType, the process attempts to transform phrases matching these contextual entries. These contextual phrases are replaced with the token "[CTX]". This feature uses an additional InfoType during inspection.

KeepExtensionsConfig

This type has no fields.

The behavior for handling FHIR extensions that aren't otherwise specified for de-identification. If provided, all extensions are preserved during de-identification by default. If unspecified, all extensions are removed during de-identification by default.

ProfileType

Base profile that specifies how to handle fields.

Enums
`PROFILE_TYPE_UNSPECIFIED`	No profile provided. Same as `BASIC`.
`KEEP_ALL`	Keep all fields.
`BASIC`	Transforms known HIPAA 18 fields and cleans known unstructured text fields.
`CLEAN_ALL`	Cleans all supported tags. Applies to types: Code, Date, DateTime, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.

RemoveField

This type has no fields.

Remove field.

ImageConfig

Specifies how to handle de-identification of image pixels.

Fields

Fields
`text_redaction_mode`	`TextRedactionMode` Determines how to redact text from image.
`additional_info_types[]`	`string` Additional InfoTypes to redact in the images in addition to those used by `text_redaction_mode`. Can only be used when `text_redaction_mode` is set to `REDACT_SENSITIVE_TEXT`, `REDACT_SENSITIVE_TEXT_CLEAN_DESCRIPTORS` or `TEXT_REDACTION_MODE_UNSPECIFIED`.
`exclude_info_types[]`	`string` InfoTypes to skip redacting, overriding those used by `text_redaction_mode`. Can only be used when `text_redaction_mode` is set to `REDACT_SENSITIVE_TEXT` or `REDACT_SENSITIVE_TEXT_CLEAN_DESCRIPTORS`.

text_redaction_mode

TextRedactionMode

Determines how to redact text from image.

additional_info_types[]

string

Additional InfoTypes to redact in the images in addition to those used by text_redaction_mode. Can only be used when text_redaction_mode is set to REDACT_SENSITIVE_TEXT, REDACT_SENSITIVE_TEXT_CLEAN_DESCRIPTORS or TEXT_REDACTION_MODE_UNSPECIFIED.

exclude_info_types[]

string

InfoTypes to skip redacting, overriding those used by text_redaction_mode. Can only be used when text_redaction_mode is set to REDACT_SENSITIVE_TEXT or REDACT_SENSITIVE_TEXT_CLEAN_DESCRIPTORS.

TextRedactionMode

How to redact text found in images (if at all).

Enums
`TEXT_REDACTION_MODE_UNSPECIFIED`	No text redaction specified. Same as REDACT_NO_TEXT.
`REDACT_ALL_TEXT`	Redact all text.
`REDACT_SENSITIVE_TEXT`	Redact sensitive text. Uses the set of Default DICOM InfoTypes.
`REDACT_NO_TEXT`	Do not redact text.
`REDACT_SENSITIVE_TEXT_CLEAN_DESCRIPTORS`	This mode is like `REDACT_SENSITIVE_TEXT` with the addition of the Clean Descriptors Option enabled: When cleaning text, the process attempts to transform phrases matching any of the tags marked for removal (action codes D, Z, X, and U) in the Basic Profile. These contextual phrases are replaced with the token "[CTX]". This mode uses an additional InfoType during inspection.

TextConfig

Configures how to transform sensitive text InfoTypes.

Fields
`transformations[] (deprecated)`	`InfoTypeTransformation` This item is deprecated! The transformations to apply to the detected data. Deprecated. Use `additional_transformations` instead.
`additional_transformations[]`	`InfoTypeTransformation` Additional transformations to apply to the detected data, overriding `profile`.
`exclude_info_types[]`	`string` InfoTypes to skip transforming, overriding `profile`.
Union field `profile`. `profile` can be only one of the following:
`profile_type`	`ProfileType` Base profile type for text transformation.

ProfileType

Base profile that specifies how to transform InfoTypes.

Enums
`PROFILE_TYPE_UNSPECIFIED`	No profile provided. Same as `BASIC`.
`EMPTY`	Empty profile which does not perform any transformations.
`BASIC`	Automatically converts "DATE" infoTypes using a `DateShiftConfig`, and all other infoTypes using a `ReplaceWithInfoTypeConfig`.

DeidentifyDicomStoreRequest

Creates a new DICOM store with sensitive information de-identified.

Fields
`source_store`	`string` Required. Source DICOM store resource name. For example, `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/dicomStores/{dicom_store_id}`.
`destination_store`	`string` Required. The name of the DICOM store to create and write the redacted data to. For example, `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/dicomStores/{dicom_store_id}`. The destination dataset must exist. The source dataset and destination dataset must both reside in the same location. De-identifying data across multiple locations is not supported. The destination DICOM store must not exist. The caller must have the necessary permissions to create the destination DICOM store.
`config`	`DeidentifyConfig` Deidentify configuration. Only one of `config` and `gcs_config_uri` can be specified.
`gcs_config_uri`	`string` Cloud Storage location to read the JSON `cloud.healthcare.deidentify.DeidentifyConfig` from, overriding the default config. Must be of the form `gs://{bucket_id}/path/to/object`. The Cloud Storage location must grant the Cloud IAM role `roles/storage.objectViewer` to the project's Cloud Healthcare Service Agent service account. Only one of `config` and `gcs_config_uri` can be specified.
`filter_config`	`DicomFilterConfig` Filter configuration.

DeidentifyDicomStoreSummary

This type has no fields.

Contains a summary of the DeidentifyDicomStore operation.

DeidentifyFhirStoreRequest

Creates a new FHIR store with sensitive information de-identified.

Fields
`source_store`	`string` Required. Source FHIR store resource name. For example, `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`.
`destination_store`	`string` Required. The name of the FHIR store to create and write the redacted data to. For example, `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. The destination dataset must exist. The source dataset and destination dataset must both reside in the same location. De-identifying data across multiple locations is not supported. The destination FHIR store must exist. The caller must have the healthcare.fhirResources.update permission to write to the destination FHIR store.
`config`	`DeidentifyConfig` Deidentify configuration. Only one of `config` and `gcs_config_uri` can be specified.
`gcs_config_uri`	`string` Cloud Storage location to read the JSON `cloud.healthcare.deidentify.DeidentifyConfig` from, overriding the default config. Must be of the form `gs://{bucket_id}/path/to/object`. The Cloud Storage location must grant the Cloud IAM role `roles/storage.objectViewer` to the project's Cloud Healthcare Service Agent service account. Only one of `config` and `gcs_config_uri` can be specified.
`resource_filter`	`FhirFilter` A filter specifying the resources to include in the output. If not specified, all resources are included in the output.
`skip_modified_resources`	`bool` If true, skips resources that are created or modified after the de-identify operation is created.

FhirFilter

Filter configuration.

Fields

Fields
Union field `filter`. `filter` can be only one of the following:
`resources`	`Resources` List of resources to include in the output. If this list is empty or not specified, all resources are included in the output.

Union field filter.

filter can be only one of the following:

resources

Resources

List of resources to include in the output. If this list is empty or not specified, all resources are included in the output.

Resources

A list of FHIR resources.

Fields

Fields
`resources[]`	`string` List of resources IDs. For example, "Patient/1234".

resources[]

string

List of resources IDs. For example, "Patient/1234".

DeidentifyFhirStoreSummary

This type has no fields.

Contains a summary of the DeidentifyFhirStore operation.

DeidentifySummary

This type has no fields.

Contains a detailed summary of the Deidentify operation.

InfoTypeTransformation

A transformation to apply to text that is identified as a specific info_type.

Fields
`info_types[]`	`string` `InfoTypes` to apply this transformation to. If this is not specified, this transformation becomes the default transformation, and is used for any `info_type` that is not specified in another transformation.
Union field `config`. `config` can be only one of the following:
`redact_config`	`RedactConfig` Config for text redaction.
`character_mask_config`	`CharacterMaskConfig` Config for character mask.
`date_shift_config`	`DateShiftConfig` Config for date shift.
`crypto_hash_config`	`CryptoHashConfig` Config for crypto hash.
`replace_with_info_type_config`	`ReplaceWithInfoTypeConfig` Config for replace with InfoType.

KmsWrappedCryptoKey

Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. The key must grant the Cloud IAM permission cloudkms.cryptoKeyVersions.useToDecrypt to the project's Cloud Healthcare Service Agent service account.

For more information, see Creating a wrapped key.

Fields

Fields
`wrapped_key`	`bytes` Required. The wrapped data crypto key.
`crypto_key`	`string` Required. The resource name of the KMS CryptoKey to use for unwrapping. For example, `projects/{project_id}/locations/{location_id}/keyRings/{keyring}/cryptoKeys/{key}`.

wrapped_key

bytes

Required. The wrapped data crypto key.

crypto_key

string

Required. The resource name of the KMS CryptoKey to use for unwrapping. For example, projects/{project_id}/locations/{location_id}/keyRings/{keyring}/cryptoKeys/{key}.

RedactConfig

This type has no fields.

Define how to redact sensitive values. Default behaviour is erase. For example, "My name is Jane." becomes "My name is ."

ReplaceWithInfoTypeConfig

This type has no fields.

When using the INSPECT_AND_TRANSFORM action, each match is replaced with the name of the info_type. For example, "My name is Jane" becomes "My name is [PERSON_NAME]." The TRANSFORM action is equivalent to redacting.