Exporting de-identified data for Azure API for FHIR
Important
Azure API for FHIR will be retired on September 30, 2026. Follow the migration strategies to transition to Azure Health Data Services FHIR service by that date. Due to the retirement of Azure API for FHIR, new deployments won't be allowed beginning April 1, 2025. Azure Health Data Services FHIR service is the evolved version of Azure API for FHIR that enables customers to manage FHIR, DICOM, and MedTech services with integrations into other Azure services.
Note
Results when using the de-identified export will vary based on factors such as data inputted, and functions selected by the customer. Microsoft is unable to evaluate the de-identified export outputs or determine the acceptability for customer's use cases and compliance needs. The de-identified export is not guaranteed to meet any specific legal, regulatory, or compliance requirements.
The $export command can also be used to export de-identified data from the FHIR server. It uses the anonymization engine from Tools for Health Data Anonymization, and takes anonymization config details in query parameters. You can create your own anonymization config file or use the sample config file for HIPAA Safe Harbor method as a starting point.
https://<<FHIR service base URL>>/$export?_container=<<container_name>>&_anonymizationConfig=<<config file name>>&_anonymizationConfigEtag=<<ETag on storage>>
Note
Currently, Azure API for FHIR only supports de-identified export at the system level ($export).
| Query parameter | Example | Optionality | Description |
|---|---|---|---|
| _anonymizationConfig | DemoConfig.json | Required for de-identified export | Name of the configuration file. See the configuration file format here. This file should be kept inside a container named anonymization within the same Azure storage account that is configured as the export location. |
| _anonymizationConfigEtag | "0x8D8494A069489EC" | Optional for de-identified export | This is the Etag of the configuration file. You can get the Etag using Azure storage explorer from the blob property |
Important
Both raw export as well as de-identified export writes to the same Azure storage account specified as part of export configuration. It is recommended that you use different containers corresponding to different de-identified config and manage user access at the container level.
Next steps
In this article, you've learned how to set up and use de-identified export. Next, to learn how to export FHIR data using $export for Azure API for FHIR, see
FHIR® is a registered trademark of HL7 and is used with the permission of HL7.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for