Package-level declarations
Types
An attribute value for a Consent or User data mapping. Each Attribute must have a corresponding AttributeDefinition in the consent store that defines the default and allowed values.
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices
and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": "user:jose@example.com" }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": "user:aliya@example.com" } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com
from DATA_READ logging, and aliya@example.com
from DATA_WRITE logging.
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": "user:jose@example.com" }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
Associates members
, or principals, with a role
.
Mask a string by replacing its characters with a fixed character.
Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. Outputs a base64-encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=
).
Shift a date forward or backward in time by a random amount which is consistent for a given patient and crypto key combination.
Contains configuration for streaming de-identified FHIR export.
Configures de-id options specific to different types of content. Each submessage customizes the handling of an https://tools.ietf.org/html/rfc6838 media type or subtype. Configs are applied in a nested manner at runtime.
Specifies the parameters needed for de-identification of DICOM stores.
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
Specifies how to handle de-identification of a FHIR store.
Contains the configuration for FHIR notifications.
Specifies FHIR paths to match, and how to handle de-identification of matching fields.
Represents a user's consent in terms of the resources that can be accessed and under what conditions.
The configuration for exporting to BigQuery.
Root config message for HL7v2 schema. This contains a schema structure of groups and segments, and filters that determine which messages to apply the schema structure to.
Root config for HL7v2 datatype definitions for a specific HL7v2 version.
Specifies where and whether to send notifications upon changes to a data store.
Specifies how to handle de-identification of image pixels.
Raw bytes representing consent artifact content.
A transformation to apply to text that is identified as a specific info_type.
Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. The key must grant the Cloud IAM permission cloudkms.cryptoKeyVersions.useToDecrypt
to the project's Cloud Healthcare Service Agent service account. For more information, see Creating a wrapped key (https://cloud.google.com/dlp/docs/create-wrapped-key).
Specifies where to send notifications upon changes to a data store.
The content of a HL7v2 message in a structured format.
The configuration for the parser. It determines how the server parses the messages.
A patient identifier and associated type.
Define how to redact sensitive values. Default behaviour is erase. For example, "My name is Jane." becomes "My name is ."
When using the INSPECT_AND_TRANSFORM action, each match is replaced with the name of the info_type. For example, "My name is Jane" becomes "My name is PERSON_NAME." The TRANSFORM action is equivalent to redacting.
Configuration for the FHIR BigQuery schema. Determines how the server generates the schema.
A schema package contains a set of schemas and type definitions.
The content of an HL7v2 message in a structured format as specified by a schema.
User signature.
Contains configuration for streaming FHIR export.
List of tags to be filtered.
Configuration for FHIR BigQuery time-partitioned tables.
A type definition for some HL7v2 type (incl. Segments and Datatypes).
Contains the configuration for FHIR profiles and validation.
Describes a selector for extracting and matching an MSH field to a value.