Skip to main content

Masked Mode

Masked Mode allows users to review genotype and phenotype data for patients/subjects while making it reasonably difficult to violate the subject's privacy. While in masked mode, the subject's identifiable information is less specific, including displaying a subject's initials instead of their name, and birth year instead of their DOB.

  • By default, most personally identifiable information is masked from view.

  • Masked Mode can be toggled on with icon and off with icon using the eye button in the top right corner of the screen.

    Unmasked Mode

    Masked Mode

  • The ABAC privilege named Read Masked Data can be used to force a set of users into masked mode.

Masked mode is not de-identification. Instead masked mode is a "reasonable effort" at making it difficult to determine the identity of a subject and to maintain the privacy of the subject from casual observers. Masked data should still be consider Personal Health Information under HIPAA.

Masked mode specifically does the following to Patient records:

  • Human names are converted to initials.
  • All fields other than use, type, district, state, postal code, and country are removed from all addresses.
  • All identifiers are removed other than ones labeled ANON under the http://hl7.org/fhir/v2/0203 system.
  • Day of the month and times are removed from all birth dates, and month is removed from all birth dates for subjects over two years of age.
  • Text narrative, telecom, photo and contact person information are removed.
  • The following top level extensions are removed:
    • hl7.org/fhir/StructureDefinition/birthPlace
    • hl7.org/fhir/StructureDefinition/geolocation
    • hl7.org/fhir/StructureDefinition/patient-birthTime
    • hl7.org/fhir/StructureDefinition/patient-mothersMaidenName
    • http://standardhealthrecord.org/fhir/StructureDefinition/shr-entity-FathersName-extension
    • http://standardhealthrecord.org/fhir/StructureDefinition/shr-entity-SocialSecurityNumber-extension
    • http://standardhealthrecord.org/fhir/StructureDefinition/shr-entity-DriversLicenseNumber-extension
    • http://standardhealthrecord.org/fhir/StructureDefinition/shr-entity-PassportNumber-extension
    • http://standardhealthrecord.org/fhir/StructureDefinition/shr-demographics-FathersName-extension
    • http://standardhealthrecord.org/fhir/StructureDefinition/shr-demographics-SocialSecurityNumber-extension
    • http://standardhealthrecord.org/fhir/StructureDefinition/shr-demographics-DriversLicenseNumber-extension
    • http://standardhealthrecord.org/fhir/StructureDefinition/shr-demographics-PassportNumber-extension
  • All other data on Patient records and other record types are not altered.