Exporting de-identified data for Azure API for FHIR


Azure API for FHIR will be retired on September 30, 2026. Follow the migration strategies to transition to Azure Health Data Services FHIR service by that date. Due to the retirement of Azure API for FHIR, new deployments won't be allowed beginning April 1, 2025. Azure Health Data Services FHIR service is the evolved version of Azure API for FHIR that enables customers to manage FHIR, DICOM, and MedTech services with integrations into other Azure services.


Results when using the de-identified export will vary based on factors such as data inputted, and functions selected by the customer. Microsoft is unable to evaluate the de-identified export outputs or determine the acceptability for customer's use cases and compliance needs. The de-identified export is not guaranteed to meet any specific legal, regulatory, or compliance requirements.

The $export command can also be used to export de-identified data from the FHIR server. It uses the anonymization engine from Tools for Health Data Anonymization, and takes anonymization config details in query parameters. You can create your own anonymization config file or use the sample config file for HIPAA Safe Harbor method as a starting point.

https://<<FHIR service base URL>>/$export?_container=<<container_name>>&_anonymizationConfig=<<config file name>>&_anonymizationConfigEtag=<<ETag on storage>>


Currently, Azure API for FHIR only supports de-identified export at the system level ($export).

Query parameter Example Optionality Description
_anonymizationConfig DemoConfig.json Required for de-identified export Name of the configuration file. See the configuration file format here. This file should be kept inside a container named anonymization within the same Azure storage account that is configured as the export location.
_anonymizationConfigEtag "0x8D8494A069489EC" Optional for de-identified export This is the Etag of the configuration file. You can get the Etag using Azure storage explorer from the blob property


Both raw export as well as de-identified export writes to the same Azure storage account specified as part of export configuration. It is recommended that you use different containers corresponding to different de-identified config and manage user access at the container level.

Next steps

In this article, you've learned how to set up and use de-identified export. Next, to learn how to export FHIR data using $export for Azure API for FHIR, see

FHIR® is a registered trademark of HL7 and is used with the permission of HL7.