FHIR Chat · Coverage SubscriberId · implementers

Stream: implementers

Topic: Coverage SubscriberId


view this post on Zulip Debra Mangum (Nov 17 2021 at 18:48):

Our clients send encrypted subscriber id. However, there is no way to know that it's been encrypted. Has anyone dealt with this by adding extensions? Should the base FHIR element be changed to indicate this?

view this post on Zulip John Moehrke (Nov 17 2021 at 19:00):

that is a very "interoperability hostile" act by them. Best solution is to "stop doing that"... it does not stop coorelation, as n encrypted id is still unique.

view this post on Zulip Lloyd McKenzie (Nov 18 2021 at 16:18):

Saying the member id is A721s8721L instead of 12356789 essentially means they're lying. If you send a value in Identifier.value, that must actually be the identifier. If you want to send something else (a truncated value, a partial value, an encrypted value, a mnemonic for the value, whatever), then that should be done as an extension.

view this post on Zulip John Silva (Nov 18 2021 at 17:12):

Not sure if this is compliant or 'in the spirit' but I've seen obfuscated (masked) data like *'ed SSNs in Patient.identifiers, e.g. ***-**-1234, seems to make sense from a patient privacy (PHI) perspective to some degree but then what can you do with that other than partial SSN matching?

view this post on Zulip John Moehrke (Nov 18 2021 at 17:54):

@John Silva that is different. In that case the resource (Patient) .meta.security can indicate that the data has been redacted, and even that element could be indicated as having been redacted (if you use the DS4P IG extension for element tagging).

view this post on Zulip Cooper Thompson (Nov 18 2021 at 19:27):

For SSN, there is a rendered-value extension for masking. You shouldn't be sending the masked SSN in the actual value property.

view this post on Zulip John Silva (Nov 18 2021 at 19:44):

@Cooper Thompson - yes, that's exactly where I saw it, in Epic's Patient resource:

{ "use": "usual", "system": "urn:oid:2.16.840.1.113883.4.1", "_value": { "extension": [ { "valueString": "xxx-xx-9999", "url": "http://hl7.org/fhir/StructureDefinition/rendered-value" } ] }

view this post on Zulip Vassil Peytchev (Nov 18 2021 at 20:18):

@John Silva this further corroborates Lloyd's point that

If you send a value in Identifier.value, that must actually be the identifier


Last updated: Apr 12 2022 at 19:14 UTC