Data Masking Configuration Integration Point

This integration supports configuration of fields and their associated transformation functions for the Masking Operational Data Process.

This integration point only supports message-based communication.

Endpoint
http://[hostName]:[portNumber]/[api-context-root]/deidentificationmetadata/

Data Model

Each entry in the data masking configuration has:

Table 1. Data Model
Field Description

Entity Name

The name of the entity, for example, Person, Address, etc.

Object Usage Name

The usage name for a dynamic field, a dynamic record, or a fixed field on the entity.

Record Object Usage Name

The usage name of a field that is part of a dynamic record ( this is applicable when the object usage name is a dynamic record).

Transformation Category

The transformation function for the masking process.
The transformation category that you select must align with the data type of the object usage name or the record object usage name.

Supported Operations

This integration point supports:

  • Adding a new entity to the masking metadata using an HTTP POST request.

  • Updating the configuration for an entity using an HTTP PUT operation.

Add a New Entity

To add a new entry to the data transformation and masking process, send the following request and the sample request payload:

POST: http://[hostName]:[portNumber]/[api-context-root]/deidentificationmetadata/

{
    "entityName": "Person",
    "objectUsageName": "medicareCard",
    "recordObjectUsageName": "cardNumber",
    "transformationCategory": "TXTHASH"
}

The above payload creates a configuration for the cardNumber field on the medicareCard dynamic record of the Person entity using the TXTHASH transformation function.

Update Configuration for an Entity

To update the configuration, send the following request and the sample request payload:

PUT: http://[hostName]:[portNumber]/[api-context-root]/deidentificationmetadata/{id}

{
    "transformationCategory": "TXTHASH"
}

This is a sample payload, you need to create your own payload based for the fields you want to mask.

View Existing Configurations

To view the pre-existing configuration, send the following request with the generic endpoint:

POST: http://[hostName]:[portNumber]/[api-context-root]/generic/deidentificationmetadata/search

Delete an Existing Configuration

To delete an existing configuration, send the following request with the generic endpoint:

DELETE http://[hostName]:[portNumber]/[api-context-root]/deidentificationmetadata/{id}

Transformation Functions

The application provides several in-built transformation functions for the masking process based on the data type of the field:

Text Fields

Table 2. Text Fields
Transformation Function Name Description Before After

TXTHASH (Text hash with seed)

This function applies the SHA-1 hash algorithm and truncates the output to match the maximum length of the associated field.

For extra security, this function concatenates a user-configured seed value with the input text before passing the value to the hash function.

You can even use this function to replicate the transformation outside the Oracle Health Insurance application.

123456789

x8dtyqbfDPS[vub_EvtY4bdbvDsuFB3T

TXTRPL (Simple text replacement)

This function replaces the field value with the field name.

Only recommended for non-unique columns.

A dynamic record with column name as firstName and stored value as John.

Replaces the stored values with the usage name, like the firstName in the example.

TXTRNDPSF (Random replace, preserves size format)

This function replaces the field value with a random value in the same format. The function replaces letters with letters, numbers with numbers, and preserves special characters.

AA-A001B

TY-U765C

TXTRNDRPL (Text random replace)

This function replaces the field value with a random character string with a random character string of the same size

John

DSGadjgadv8eog90

Number Fields

Table 3. Number Fields
Transformation Function Name Description Before After

NUMHASHADD / NUMHASHCON (Hash with seed add/concatenate)

This function applies the SHA-1 hash algorithm and truncates the output to match the maximum length of the associated field.

For extra security, this function concatenates a user-configured seed value with the input text before passing the value to the hash function.

You can even use this function to replicate the transformation outside the Oracle Health Insurance application.

10

93275

NUMNP (Nearest Prime)

This function replaces the value with the nearest, smaller prime number.

20

17

NUMRNDPSF (Random preserve format)

This function replaces the number with a random number, preserving the format.

10.99

24.65

Date Fields

Table 4. Date Fields
Transformation Function Name Description Before After

DATEDMYS (Day, month and year shift)

Day - Sets to 1
Month - Nearest quarter
Year - Nearest decade

2022-05-26

2020-06-01

DATEDMS (Day and month shift)

Day - Sets to 1
Month - Nearest quarter
Year - No change

2022-05-26

2022-06-01

DATEMPS (Day with partial month shift)

Day - Sets to 1
Month - Adds 1 if the day is the 16th or after
Year - No change

2022-04-26

2022-05-01

DATEDS ( Day shift)

Day - Set to 1
Month - No change
Year - No change

2022-04-26

2022-04-01

DATERNDS (Random Date)

Day = 1-28 Month = 1-12
Year = Adds or subtracts up to 50 years from the current year

2022-04-26

2032-01-24
The values for Before and After columns under the Text, Number, and Date fields are sample values.

Other Functions

Table 5. Other Functions
Transformation Function Name Description

SETNULL (Set to Null)

Sets the value to Null to use with any field

SETDEFAULT (Set to Default)

Only available for Gender field, sets the value to unknown
We recommend use of the TXTHASH for string fields and NUMHASHADD or NUMHASHCON for number fields to mask data from the unique fields like code on a Person, Claims, and so on. This prevents any unique constraint errors during the masking process. It also keeps the values consistent while masking data for the same fields across multiple entities, for example,Code for Claim and CtrClaim.

Native Fields

To protect the integrity of the application, only the native fields listed below are part of the masking process.

All the dynamic fields and dynamic records are part of the masking configuration. We recommend exclude any dynamic fields for the tables to be purged as part of the Masking Operational Data Process.
Table 6. Native Fields
Entity Name Object Usage Name Data Type Mandatory/Unique

Person

dateOfBirth

Date

Mandatory

Person

code

String

Unique

Person

endDate

Date

Person

emailAddress1

String

Person

emailAddress2

String

Person

faxNumber

String

Person

firstName

String

Person

gender

String

Person

initials

String

Person

middleName

String

Person

name

String

Mandatory

Person

namePartner

String

Person

phoneNumberBusiness

String

Person

phoneNumberMobile

String

Person

phoneNumberPrivate

String

Person

suffix

String

Address

additionalPart1

String

Address

additionalPart2

String

Address

additionalPart3

String

Address

city

String

Address

numberAddition

String

Address

postalCode

String

Address

street

String

RelationIdentifier

identifier

String

Mandatory

BankAccountNumber

bankAccountNumber

String

Mandatory

BankAccountNumber

bankAccountNumberDebit

String

BankAccountNumber

specialName

String

TaskAttribute

valueChar

String

TaskAttribute

valueDate

Date

Claim

claimantAddress

String

Claim

claimantDob

String

Claim

claimantFieldName

String

Claim

claimantFieldValue

String

Claim

claimantName

String

Claim

claimantRelCode

String

Claim

claimDate

Date

Claim

code

String

Unique

Claim

dueDate

Date

Claim

endDate

Date

Claim

entryDate

Date

Mandatory

Claim

internalRemarks

String

Claim

locationAddress

String

Claim

locationFieldName

String

Claim

locationFieldValue

String

Claim

locationName

String

Claim

payBeneficiaryAddress

String

Claim

payBeneficiaryDob

String

Claim

payBeneficiaryFieldName

String

Claim

payBeneficiaryFieldValue

String

Claim

payBeneficiaryName

String

Claim

payReceiverAddress

String

Claim

payReceiverDob

String

Claim

payReceiverFieldName

String

Claim

payReceiverFieldValue

String

Claim

payReceiverName

String

Claim

referralProviderAddress

String

Claim

referralProviderFieldName

String

Claim

referralProviderFieldValue

String

Claim

referralProviderName

String

Claim

servicedEntityAddress

String

Claim

servicedEntityCode

String

Claim

servicedEntityDate

String

Claim

servicedEntityFieldName

String

Claim

servicedEntityFieldValue

String

Claim

servicedEntityName

String

Claim

servicedEntityType

String

Claim

serviceProviderAddress

String

Claim

serviceProviderFieldName

String

Claim

serviceProviderFieldValue

String

Claim

serviceProviderName

String

Claim

specReceiverAddress

String

Claim

specReceiverDob

String

Claim

specReceiverFieldName

String

Claim

specReceiverFieldValue

String

Claim

specReceiverName

String

Claim

specReceiverRelCode

String

Claim

receiptDate

Date

Claim

externalRemarks

String

Claim

payReceiverProvCode

String

Claim

payReceiverRelCode

String

Claim

payBeneficiaryRelCode

String

Claim

providerEntityReference

String

CtrClaim

claimantName

String

CtrClaim

claimantRelCode

String

CtrClaim

claimDate

Date

CtrClaim

code

String

Unique

CtrClaim

dueDate

Date

CtrClaim

endDate

Date

CtrClaim

entryDate

Date

CtrClaim

internalRemarks

String

CtrClaim

payBeneficiaryName

String

CtrClaim

specReceiverRelCode

String

CtrClaim

specReceiverName

String

CtrClaim

servicedEntityName

String

CtrClaim

servicedEntityType

String

CtrClaim

servicedEntityCode

String

CtrClaim

servicedEntityDate

String

CtrClaim

payReceiverName

String

CtrClaim

receiptDate

Date

CtrClaim

externalRemarks

String

CtrClaim

payReceiverProvCode

String

CtrClaim

providerEntityReference

String

CtrClaim

payBeneficiaryRelCode

String

CtrClaim

payReceiverRelCode

String

ClaimLine

benefitsProviderFieldName

String

ClaimLine

benefitsProviderFieldValue

String

ClaimLine

benefitsProviderName

String

ClaimLine

code

String

Unique within a claim

ClaimLine

payReceiverAddress

String

ClaimLine

payReceiverDob

String

ClaimLine

payReceiverFieldName

String

ClaimLine

payReceiverFieldValue

String

ClaimLine

payReceiverName

String

ClaimLine

priceIndProviderName

String

ClaimLine

referralProviderFieldName

String

ClaimLine

referralProviderFieldValue

String

ClaimLine

referralProviderName

String

ClaimLine

servicedEntityAddress

String

ClaimLine

servicedEntityDate

String

ClaimLine

servicedEntityFieldName

String

ClaimLine

servicedEntityFieldValue

String

ClaimLine

servicedEntityName

String

ClaimLine

serviceProviderAddress

String

ClaimLine

serviceProviderFieldName

String

ClaimLine

serviceProviderFieldValue

String

ClaimLine

serviceProviderName

String

ClaimLine

startDate

Date

Mandatory

ClaimLine

endDate

Date

ClaimLine

servicedEntityCode

String

ClaimLine

payReceiverProvCode

String

ClaimLine

payReceiverRelCode

String

ClaimLine

providerEntityReference

String

CtrClaimLine

servicedEntityDate

String

CtrClaimLine

payReceiverName

String

CtrClaimLine

code

String

Unique within a claim

CtrClaimLine

servicedEntityName

String

CtrClaimLine

startDate

Date

CtrClaimLine

endDate

Date

CtrClaimLine

servicedEntityCode

String

CtrClaimLine

providerEntityReference

String

CtrClaimLine

payReceiverRelCode

String

CtrClaimLine

payReceiverProvCode

String

CtrClaimList

claimCode

String

ClaimLineEventHistory

claimLineCode

String

CtrPendReasonHistory

claimLineCode

String

ClaimPendReasonHistory

claimLineCode

String

InterfacedMessage

correlationId

String

Response Messages

The application creates the response messages in response to the request messages it receives from external interfaces. Please refer to the "Response Messages" section in the HTTP API/IP Concepts as part of the Developer Guide for more details.

Error Messages

The following error messages are specific to the masking metadata integration point.

Table 7. Error Messages
Code Severity Message Text

DID-IP-CNFG-001

Fatal

Invalid entity name {entityName}

DID-IP-CNFG-002

Fatal

For the {entityName} entity name, invalid object usage name {objectUsageName} defined or the object usage name {objectUsageName} cannot be part of the de-identification process

DID-IP-CNFG-003

Fatal

Invalid record object usage name {recordObjectUsageName} for the {objectUsageName} object usage name

DID-IP-CNFG-004

Fatal

{recordObjectUsageName} cannot be added as a record object usage name for {objectUsageName} object usage name as {objectUsageName} is not a dynamic record

DID-IP-CNFG-005

Fatal

Record object usage name is required for {objectUsageName} object usage name, record object usage name must be defined for a dynamic record

DID-IP-CNFG-006

Fatal

{objectUsageName}/{recordObjectUsageName} cannot be added, flex codes, start dates and end dates not allowed

DID-IP-CNFG-007

Fatal

Transformation category does not match the attribute definition

Authorization

A user authorization configuration protects access to this integration point. The relevant access restriction is deidentificationmetadata IP.