Skip to end of metadata
Go to start of metadata

Protecting the patient PII data:

  • Possible solution 1: Create an anonymized patient that is linked to the research subject and the patient.  The patient resource has patient.link (0...*) which could link to the anonymized patient.  This anonymized patient could have an identifier for the research subject
  • Possible solution 2: Ensure the patient.identifier associated with the results is meaningless (nothing embedded in the identifier that could disclose PII / identity)
  • Possible solution 3:  Extend observation.subject to include a link to research subject.  This was discussed in R4 and was rejected by O+O.  We could try again.  (smile)
  • Possible solution 4:  Observation.subject would point to the source system's internal patient identifier (which should be MEANINGLESS - no embedded metadata).  the data provider would prevent the sponsor from getting access to the patient attributes (anything other than the identifier).

Note on patient.identifier:  this should have a 'type'.

Idea for creating an Anonymized Patient:

Patient → Patient.link → links to another Patient to represent the Anonymized Patient → Anonymized Patient.identifier = subject ID/ patient.identifier.use = secondary / patient.identifier.type = sponsor-defined / patient.identifier.assigner (Organization) = sponsor's organization ID

OR

Patient → Patient.link → anonymized patient ← link to this FROM research subject ID


NOTE: We need to check other resources to see if they could expose any PII / identity information.  For example, Observation has a link to the practitioner.  Would knowing the practitioner identify the patient?

Example linkage between research subject → patient → observation


Example of data linkage


Example of creating an anonymized patient as intermediate


Example data




  • No labels