Stream: implementers
Topic: Coverage SubscriberId
Debra Mangum (Nov 17 2021 at 18:48):
Our clients send encrypted subscriber id. However, there is no way to know that it's been encrypted. Has anyone dealt with this by adding extensions? Should the base FHIR element be changed to indicate this?
John Moehrke (Nov 17 2021 at 19:00):
that is a very "interoperability hostile" act by them. Best solution is to "stop doing that"... it does not stop coorelation, as n encrypted id is still unique.
Lloyd McKenzie (Nov 18 2021 at 16:18):
Saying the member id is A721s8721L instead of 12356789 essentially means they're lying. If you send a value in Identifier.value, that must actually be the identifier. If you want to send something else (a truncated value, a partial value, an encrypted value, a mnemonic for the value, whatever), then that should be done as an extension.
John Silva (Nov 18 2021 at 17:12):
Not sure if this is compliant or 'in the spirit' but I've seen obfuscated (masked) data like *'ed SSNs in Patient.identifiers, e.g. ***-**-1234
, seems to make sense from a patient privacy (PHI) perspective to some degree but then what can you do with that other than partial SSN matching?
John Moehrke (Nov 18 2021 at 17:54):
@John Silva that is different. In that case the resource (Patient) .meta.security can indicate that the data has been redacted, and even that element could be indicated as having been redacted (if you use the DS4P IG extension for element tagging).
Cooper Thompson (Nov 18 2021 at 19:27):
For SSN, there is a rendered-value extension for masking. You shouldn't be sending the masked SSN in the actual value property.
John Silva (Nov 18 2021 at 19:44):
@Cooper Thompson - yes, that's exactly where I saw it, in Epic's Patient resource:
{
"use": "usual",
"system": "urn:oid:2.16.840.1.113883.4.1",
"_value": {
"extension": [
{
"valueString": "xxx-xx-9999",
"url": "http://hl7.org/fhir/StructureDefinition/rendered-value"
}
]
}
Vassil Peytchev (Nov 18 2021 at 20:18):
@John Silva this further corroborates Lloyd's point that
If you send a value in Identifier.value, that must actually be the identifier
Last updated: Apr 12 2022 at 19:14 UTC