Exporting de-identified data for Azure API for FHIR

Important

Azure API for FHIR will be retired on September 30, 2026. Follow the migration strategies to transition to Azure Health Data Services FHIR® service by that date. Due to the retirement of Azure API for FHIR, new deployments won't be allowed beginning April 1, 2025. Azure Health Data Services FHIR service is the evolved version of Azure API for FHIR that enables customers to manage FHIR, DICOM, and MedTech services with integrations into other Azure services.

Note

Results when using the de-identified export will vary based on factors such as data inputted, and functions selected by the customer. Microsoft is unable to evaluate the de-identified export outputs or determine the acceptability for customer's use cases and compliance needs. The de-identified export is not guaranteed to meet any specific legal, regulatory, or compliance requirements.

The $export command can be used to export de-identified data from the FHIR® server. It uses the anonymization engine from Tools for Health Data Anonymization, and takes anonymization config details in query parameters. You can create your own anonymization config file, or use the sample config file for HIPAA Safe Harbor method as a starting point.

https://<<FHIR service base URL>>/$export?_container=<<container_name>>&_anonymizationConfig=<<config file name>>&_anonymizationConfigEtag=<<ETag on storage>>

Note

Currently, Azure API for FHIR only supports de-identified export at the system level ($export).

The following table provides query parameter details for de-identified export.

Query parameter Example Optionality Description
_anonymizationConfig DemoConfig.json Required for de-identified export Name of the configuration file. See the configuration file format here. This file should be kept inside a container named anonymization within the same Azure storage account that is configured as the export location.
_anonymizationConfigEtag "0x8D8494A069489EC" Optional for de-identified export This is the Etag of the configuration file. You can get the Etag using Azure storage explorer from the blob property

Important

Both raw export and de-identified export write to the same Azure storage account specified as part of export configuration. It is recommended that you use different containers corresponding to different de-identified configurations, and manage user access at the container level.

Next steps

In this article, you learned how to set up and use de-identified export. Next learn how to export FHIR data using $export for Azure API for FHIR. Refer to

Note

FHIR® is a registered trademark of HL7 and is used with the permission of HL7.