feat: support anonymization/pseudonymization for conditional references#51
feat: support anonymization/pseudonymization for conditional references#51
Conversation
|
Any comments on this? |
|
Now supports identifier search parameters in |
| // Regex for conditional references (https://www.hl7.org/fhir/http.html#trules) or search parameters with identifier | ||
| new Regex(@"^(?<prefix>((" | ||
| + string.Join("|", ModelInfo.SupportedResources) | ||
| + @")\?)?identifier=((http|https)://([A-Za-z0-9\\\/\.\:\%\$\-])*\|)?)(?<id>[A-Za-z0-9\-\.]{1,64})$") |
There was a problem hiding this comment.
[A-Za-z0-9-.]{1,64}
while Resource.id is limited by this regex, an Identifier.value is not and can consist of arbitrary characters and also be of arbitrary length.
There was a problem hiding this comment.
Yes, that was just stupid copy&paste on my part. 😬
| // Regex for conditional references (https://www.hl7.org/fhir/http.html#trules) or search parameters with identifier | ||
| new Regex(@"^(?<prefix>((" | ||
| + string.Join("|", ModelInfo.SupportedResources) | ||
| + @")\?)?identifier=((http|https)://([A-Za-z0-9\\\/\.\:\%\$\-])*\|)?)(?<id>[A-Za-z0-9\-\.]{1,64})$") |
There was a problem hiding this comment.
conditional references could also be more complicated by chaining multiple search parameters like so: ResearchSubject?patient.identifier=http://example.com/patient|123&study.identifier=http://example.com/study|456 which currently doesn't seem to be handled.
There was a problem hiding this comment.
I didn't think of that, actually. This should be fixed along with the arbitrary Identifier.value length.
| // Regex for conditional references (https://www.hl7.org/fhir/http.html#trules) or search parameters with identifier | ||
| new Regex(@"^(?<prefix>((" | ||
| + string.Join("|", ModelInfo.SupportedResources) | ||
| + @")\?)?identifier=((http|https)://([A-Za-z0-9\\\/\.\:\%\$\-])*\|)?)(?<id>[A-Za-z0-9\-\.]{1,64})$") |
There was a problem hiding this comment.
identifier.system could also be an oid or uuid reference.
|
Thanks for the PR! There's only a conflict in the Dockerfile which you can address by rebasing on master. Do you think there will be any breaking changes, ie. things that previously weren't pseudonymized now are or things that were pseudonymized now no longer are? (We should probably add some sort of snapshot testing to better protect against such regressions eventually). If no breaking changes are expected I'd be OK with merging despite my comments and simply iterating on the feature later on since the raised concerns may not actually affect the users (you) at this point. Putting this feature behind a feature flag to avoid any unintended changes might also be an option for peace of mind. Off-topic, but I think it might be better to eventually get rid of the copy-pasted |
I don't think this will be a breaking change. However, you made a valid point that this feature isn't quite ready as a general solution. We use a separate fork of this project and have this feature in production for 5 months now. Along with other changes which are probably even more specific to our needs.
That sounds promising. I will have a look at it when time permits. 😉 |
chgl
force-pushed
the
50-conditional-references
branch
from
92ac9e3 to
f3a08d7
Compare
🦙 MegaLinter status: ✅ SUCCESS
See detailed report in MegaLinter reports MegaLinter is graciously provided by |
chgl
force-pushed
the
50-conditional-references
branch
from
f3a08d7 to
0a61eaa
Compare
chgl
force-pushed
the
50-conditional-references
branch
from
0a61eaa to
bb5e061
Compare
Minimum allowed line rate is iter8 reportExperiment summary:
*******************
Experiment completed: true
No task failures: true
Total number of tasks: 7
Number of completed tasks: 7
Whether or not service level objectives (SLOs) are satisfied:
*************************************************************
SLO Conditions | Satisfied
-------------- | ---------
http/error-count <= 0 | true
http/latency-mean (msec) <= 25 | true
http/latency-p99 (msec) <= 50 | true
Latest observed values for metrics:
***********************************
Metric | value
------- | -----
http/error-count | 0.00
http/error-rate | 0.00
http/latency-max (msec) | 2014.22
http/latency-mean (msec) | 13.81
http/latency-min (msec) | 3.04
http/latency-p50 (msec) | 11.61
http/latency-p75 (msec) | 16.68
http/latency-p90 (msec) | 22.86
http/latency-p95 (msec) | 27.55
http/latency-p99 (msec) | 41.21
http/latency-p99.9 (msec) | 69.50
http/latency-stddev (msec) | 26.72
http/request-count | 25000.00
|
|
@jabberwoc I've rebased and put the conditional reference pseudonymization behind a feature flag (arguably excessive given that the change shouldn't really cause anything backwards-incompatible...). You can enable it by setting But this way you don't have to maintain your own fork and can benefit from the latest upstream features (e.g. https://github.com/miracum/fhir-pseudonymizer#usesystemtextjsonfhirserializer). Let me know if the changes look OK to you and I can go ahead and merge it. |
|
@chgl Yes, go ahead. Thanks! |
|
🎉 This PR is included in version 2.16.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
3 participants
See Issue Conditional references #50.