Package-level declarations

Specifies a selection of tags and an Action to apply to each one.

Specifies how to store annotations during de-identification operation.

AnnotationSource holds the source information of the annotation.

An attribute value for a Consent or User data mapping. Each Attribute must have a corresponding AttributeDefinition in the consent store that defines the default and allowed values.

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": "user:jose@example.com" }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": "user:aliya@example.com" } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": "user:jose@example.com" }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

Associates members, or principals, with a role.

A bounding polygon for the detected image annotation.

Mask a string by replacing its characters with a fixed character.

Replace field value with masking character. Supported types: Code, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml

This option is based on the DICOM Standard's Clean Descriptors Option, and the CleanText Action is applied to all the specified fields. When cleaning text, the process attempts to transform phrases matching any of the tags marked for removal (action codes D, Z, X, and U) in the Basic Profile. These contextual phrases are replaced with the token "CTX". This option uses an additional InfoType during inspection.

Inspect text and transform sensitive text. Configure using TextConfig. Supported types: Code, Date, DateTime, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml

Inspect text and transform sensitive text. Configurable using TextConfig. Supported Value Representations (http://dicom.nema.org/medical/dicom/2018e/output/chtml/part05/sect_6.2.html#table_6.2-1): AE, LO, LT, PN, SH, ST, UC, UT, DA, DT, AS

Cloud Healthcare API resource.

The fields that aren't marked Keep or CleanText in the BASIC profile are collected into a contextual phrase list. For fields marked CleanText, the process attempts to transform phrases matching these contextual entries. These contextual phrases are replaced with the token "CTX". This feature uses an additional InfoType during inspection.

Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. Outputs a base64-encoded representation of the hashed output. For example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=.

Replace field value with a hash of that value. Supported types: Code, Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml

Shift a date forward or backward in time by a random amount which is consistent for a given patient and crypto key combination.

Shift the date by a randomized number of days. See date shifting for more information. Supported types: Date, DateTime

Contains configuration for streaming de-identified FHIR export.

Configures de-id options specific to different types of content. Each submessage customizes the handling of an https://tools.ietf.org/html/rfc6838 media type or subtype. Configs are applied in a nested manner at runtime.

Details about the work the de-identify operation performed.

Delete tag.

Specifies the parameters needed for de-identification of DICOM stores.

Specifies the parameters needed for the de-identification of DICOM stores.

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

Specifies how to handle de-identification of a FHIR store.

Specifies how to handle the de-identification of a FHIR store.

Contains the configuration for FHIR notifications.

Details about the FHIR store to write the output to.

Specifies FHIR paths to match, and how to handle de-identification of matching fields.

A (sub) field of a type.

Represents a user's consent in terms of the resources that can be accessed and under what conditions.

Specifies the FHIR paths to match and how to handle the de-identification of matching fields.

Specifies additional options to apply to the base profile.

The BigQuery table where the server writes output.

StreamConfig specifies configuration for a streaming DICOM export.

The configuration for exporting to BigQuery.

Root config message for HL7v2 schema. This contains a schema structure of groups and segments, and filters that determine which messages to apply the schema structure to.

Root config for HL7v2 datatype definitions for a specific HL7v2 version.

Specifies where and whether to send notifications upon changes to a data store.

Image annotation.

Specifies how to handle de-identification of image pixels.

Raw bytes representing consent artifact content.

A transformation to apply to text that is identified as a specific info_type.

The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If provided, all extensions are preserved during de-identification by default. If unspecified, all extensions are removed during de-identification by default.

Keep field unchanged.

Keep tag unchanged.

Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. The key must grant the Cloud IAM permission cloudkms.cryptoKeyVersions.useToDecrypt to the project's Cloud Healthcare Service Agent service account. For more information, see Creating a wrapped key (https://cloud.google.com/dlp/docs/create-wrapped-key).

Specifies where to send notifications upon changes to a data store.

Specifies additional options to apply to the base profile.

The content of an HL7v2 message in a structured format.

The configuration for the parser. It determines how the server parses the messages.

A patient identifier and associated type.

Recursively apply DICOM de-id to tags nested in a sequence. Supported Value Representation (http://dicom.nema.org/medical/dicom/2018e/output/chtml/part05/sect_6.2.html#table_6.2-1): SQ

Define how to redact sensitive values. Default behaviour is erase. For example, "My name is Jane." becomes "My name is ."

Replace UID with a new generated UID. Supported Value Representation (http://dicom.nema.org/medical/dicom/2018e/output/chtml/part05/sect_6.2.html#table_6.2-1): UI

Remove field.

Replace with empty tag.

When using the INSPECT_AND_TRANSFORM action, each match is replaced with the name of the info_type. For example, "My name is Jane" becomes "My name is PERSON_NAME." The TRANSFORM action is equivalent to redacting.

Reset tag to a placeholder value.

Resource level annotation.

Configuration for the FHIR BigQuery schema. Determines how the server generates the schema.

A schema package contains a set of schemas and type definitions.

The content of an HL7v2 message in a structured format as specified by a schema.

Contains the configuration for FHIR search.

Contains the versioned name and the URL for one SearchParameter.

A segment in a structured format.

A TextAnnotation specifies a text range that includes sensitive information.

User signature.

Contains configuration for streaming FHIR export.

List of tags to be filtered.

Configures how to transform sensitive text InfoTypes.

Configuration for FHIR BigQuery time-partitioned tables.

A type definition for some HL7v2 type (incl. Segments and Datatypes).

Contains the configuration for FHIR profiles and validation.

Describes a selector for extracting and matching an MSH field to a value.

A 2D coordinate in an image. The origin is the top-left.