Stream: united states
Topic: US Social Security Numbers
Bruce Tietjen (Apr 12 2016 at 14:53):
For legal and/or customer preference, we have a need to be able to represent just the last 4 digits of social security numbers. Is there a defined way to do this?
Hussain Chinoy (Apr 12 2016 at 14:57):
I would think that masking/redaction would be like security, orthogonal to the FHIR API specification (handled by the implementation, such as server implementation api proxy, etc.) and not necessarily a new/different element. What were you thinking would be a way to do this, Bruce?
Bruce Tietjen (Apr 12 2016 at 15:06):
Specifically, there is a defined coding for a Social Security "Identifier" (<system value="http://hl7.org/fhir/sid/us-ssn"/), but it seems to be referring to the complete number. Is there a standard way (coding or ??) to represent just the last 4 digits?
Bruce Tietjen (Apr 12 2016 at 15:07):
(Referring to the FHIR <identifier> resource)
Lloyd McKenzie (Apr 12 2016 at 15:37):
In that case, you're not really doing an identifier, you're conveying something to help convey identity. I'd recommend raising the issue on the implementers list because it's not a realm-specific question. Same approach would hold for credit card ids, phone numbers and other "partial" identifiers that aren't necessarily realm-specific. We may as well decide on the approach generically.
Michelle (Moseman) Miller (Apr 13 2016 at 18:57):
When I raised a similar question about how to mask identifiers (like SSN) via http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=8665, it was resolved through the use of an extension: http://hl7-fhir.github.io/extension-rendered-value.html
Will define an extension called "renderedValue" for use with:
Identifier.value, date, dateTime, time, instant, integer, decimal
with the definition: "Provides a rendered version of the value intended for human display. For example, a sensitive identifier (e.g. social security number) partially obscured by asterisks; a drivers licence number with dashes inserted; a date formatted as MMM dd, yyyy; etc."
requirements: "Allows determination of appropriate display to be performed by a server where formatting rules may not be known by or may be too complex to be performed by a client."
usage: "In some cases, this extension may be present and the value won't be present. For example if the recipient only has permission to see a partially masked view of a value. The rendering may be realm-specific. (E.g. the use of ',' vs. '.' when rendering numbers.)"
In the definition for Identifier.value will change "The portion of the identifier typically displayed to the user and which is unique within the context of the system" to "The portion of the identifier typically relevant to the user and which is unique within the context of the system"
Add a usage note: The value's primary purpose is computational mapping. As a result, it may be normalized for comparison purposes (e.g. removing non-significant whitespace, dashes, etc.) A value formatted for human display can be conveyed as an extension e.g. [[renderedValue]]"
Last updated: Apr 12 2022 at 19:14 UTC
