Challenge 5: Export and Anonymize FHIR EHR Data

< Previous Challenge - Home - Next Challenge>

Introduction

In this challenge, you will leverage the API requests in FHIR service in Azure Health Data Services within the Azure Data Factory (ADF) pipeline to export and de-identify FHIR data according to a set of data redaction/transformation rules specified in a configuration file. The goal of the of this challege is to apply the HIPAA Safe Harbor Method de-id requirements against FHIR data to create a research datasets.

FHIR Tool for Anonymization provides various tooling to anonymize healthcare FHIR data, on-premises or cloud, for secondary usage such as research, public health, etc. as follows:

• Command line tool,
• Azure Data Factory (ADF) pipeline
• De-ID $export FHIR service operation

Below depicts the Azure Data Factory pipeline method for FHIR anonymization leveraged in this challenge:

Description

You will deploy a FHIR Anonymization ADF pipeline to de-identify FHIR data. You will run a PowerShell script to create an ADF pipeline that reads data from a source container in Azure Blob storage and writes the outputted anonymized data to a destination containter in Azure Blob storage.

To test the FHIR Anonymization pipeline, call the $export endpoint in FHIR service to export FHIR data into a blob storage container inside the storage account for the Anonymization pipeline. Alternatively, you can directly upload the test Synthea generated FHIR Bundles to the container.

• Setup ADF pipeline configuration for anonymization
  • Download or Clone the Tools-for-Health-Data-Anonymization GitHub repo
  • Configure the Anonymization pipeline deployment script execution for your environment.
  • Define command line environment variables needed during the script execution to create and configure the Anonymization pipeline.
• Deploy ADF pipeline for FHIR data anonymization
  • Execute script to created the Anonymization pipeline.
• Upload test FHIR patient data for anonymization
  • Configure and perform the bulk FHIR export using the $export operation in FHIR service via Postman.
  • Alternatively, upload Synthea generated FHIR patient data to the source container configured in the linked service of ADF pipeline.
• Trigger and monitor pipeline run to anonymize the uploaded test FHIR patient data
  • Trigger pipeline run to de-ID test FHIR patient data.
• Validate FHIR data export and anonymization
  • Compare pre de-identified data in the ‘source’ container and post de-identified data in the ‘destination’ container in the Storage Account(s).

Success Criteria

• You have successfully configured and deployed the FHIR anonymization tool.
• You have successfully configured FHIR Bulk Export and called the $export operation to upload the test FHIR data for anonymization
• You have successfully triggered and monitored the Anonymization pipeline in ADF
• You have compared pre de-ided and post de-ided FHIR data in the resource and destination containers respectively.

Learning Resources

• FHIR Tools for Anonymization
• Configure Bulk export FHIR service operation
• How to export FHIR data with $export opertation in FHIR service
• HIPPA Safe Harbor Method