Data Masking Configuration Integration Point

This integration supports configuration of fields and their associated transformation functions for the Data Masking Process.

This integration point only supports message-based communication.

Data Model

Each entry in the data masking configuration has:

Table 1. Data Model
Field	Description
Entity Name	The name of the entity, for example, Person, Address, etc.
Object Usage Name	The usage name for a dynamic field, a dynamic record, or a fixed field on the entity.
Record Object Usage Name	The usage name of a field that is part of a dynamic record (this is applicable when the object usage name is a dynamic record).
Transformation Category	The transformation function for the masking process.

The transformation category that you select must align with the data type of the object usage name or the record object usage name.

Operations

POST

/datamaskingdefinitions/ adds a new entry to the data transformation and masking proces

PUT

/datamaskingdefinitions/{id} updates the configuration for an entity

POST

The POST operation on /datamaskingdefinitions/ adds a new entry to the data transformation and masking process.

Example Payload to Add a New Data Masking Definition

{
    "entityName": "Person",
    "objectUsageName": "medicareCard",
    "recordObjectUsageName": "cardNumber",
    "transformationCategory": "TXTHASH"
}

The above payload creates a configuration for the cardNumber field on the medicareCard dynamic record of the Person entity using the TXTHASH transformation function.

PUT

The PUT operation on /datamaskingdefinitions/{id} updates the configuration.

Example Payload to Update a Data Masking Definition

{
    "transformationCategory": "TXTHASH"
}

This is a sample payload, you need to create your own payload based for the fields you want to mask.

View Existing Configurations

To view the pre-existing configuration, send a POST request to the generic endpoint :

/generic/datamaskingdefinitions/search

Delete an Existing Configuration

To delete an existing configuration, send a DELETE request to the generic endpoint:

/datamaskingdefinitions/{id}

Transformation Functions

The application provides several in-built transformation functions for the masking process based on the following data type of the field:

Text Fields

Table 2. Text Fields
Transformation Function Name	Description	Before	After
TXTHASH (Text hash with seed)	This function applies: SHA-1 hash algorithm to the input value. Removes any special characters/spaces from the output. Truncates the output to match the maximum length of the associated field. Capitalizes the output. For extra security, this function concatenates a user-configured seed value with the input text before passing the value to the hash function. See Data Masking Process for more information. You can even use this function to replicate the transformation outside the Oracle Health Insurance application.	123456789	x8dtyqbfDPS[vub_EvtY4bdbvDsuFB3T
TXTRPL (Simple text replacement)	This function replaces the field value with the field name. Recommended only for non-unique columns.	A dynamic record with column name as `firstName` and stored value as `John`.	Replaces the stored values with the usage name, like the firstName in the example.
TXTRNDPSF (Random replace, preserves size format)	This function replaces the field value with a random value in the same format. The function replaces letters with letters, numbers with numbers, and preserves special characters.	AA-A001B	TY-U765C
TXTRNDRPL (Text random replace)	This function replaces the field value with a random character string.	John	DSGadjgadv8eog90
TXTHASHPS (Text hash with seed, preserve size)	This function applies: SHA-1 hash algorithm to the input value. Removes any special characters/spaces from the output. Truncates the output to match the length of the input. Capitalizes the output. For extra security, this function concatenates a user-configured seed value with the input text before passing the value to the hash function. You can even use this function to replicate the transformation outside the Oracle Health Insurance application.	POL12345	682AF344 (trimmed from 682af344ebc9f789174dd5d86a2d339a71f36a77)

Number Fields

Table 3. Number Fields
Transformation Function Name	Description	Before	After
NUMHASHADD / NUMHASHCON (Hash with seed add/concatenate)	This function applies: SHA-1 hash algorithm to the input value. Removes any special characters/spaces from the output. Truncates the output to match the maximum length of the associated field. Capitalizes the output. For extra security, this function concatenates a user-configured seed value with the input text before passing the value to the hash function. You can even use this function to replicate the transformation outside the Oracle Health Insurance application.	10	93275
NUMNP (Nearest Prime)	This function replaces the value with the nearest, smaller prime number.	20	17
NUMRNDPSF (Random preserve format)	This function replaces the number with a random number, preserving the format.	10.99	24.65
NUMHASHADDPS / NUMHASHCONPS (Hash with seed add/concatenate, preserve size)	This function applies: SHA-1 hash algorithm and returns a number value. Truncates the output to match the length of the input. For extra security, this function concatenates a user-configured seed value with the input text before passing the value to the hash function. You can even use this function to replicate the transformation outside the Oracle Health Insurance application.	93275	78545

Date Fields

Table 4. Date Fields
Transformation Function Name	Description	Before	After
DATEDMYS (Day, month and year shift)	Day - Sets to 1 Month - Nearest quarter Year - Nearest decade	2022-05-26	2020-06-01
DATEDMS (Day and month shift)	Day - Sets to 1 Month - Nearest quarter Year - No change	2022-05-26	2022-06-01
DATEMPS (Day with partial month shift)	Day - Sets to 1 Month - Adds 1 if the day is the 16th or after Year - No change	2022-04-26	2022-05-01
DATEDS (Day shift)	Day - Set to 1 Month - No change Year - No change	2022-04-26	2022-04-01
DATERNDS (Random Date)	Day = 1-28 Month = 1-12 Year = Adds or subtracts up to 50 years from the current year	2022-04-26	2032-01-24

The values for Before and After columns under the Text, Number, and Date fields are sample values.

We recommend the use of the TXTHASH or TXTHASHPS for string fields and NUMHASHADD or NUMHASHCON or 'NUMHASHADDPS' or NUMHASHCONPS for number fields to mask data from unique fields like code on a Person, Policies, and so on. This prevents any unique constraint errors during the masking process. It also keeps the values consistent while masking data for the same fields across multiple entities, for example, policyCode for Policy, PolicyEnrollmentEvent, and EnrollmentFilePolicy. It is recommended to use TXTHASHPS (Text hash, preserve size) for the fields with size greater than 10 characters.

Other Functions

Table 5. Other Functions
Transformation Function Name	Description
SETNULL (Set to Null)	Sets the value to `Null` to use with any field
SETDEFAULT (Set to Default)	Only available for Gender field, sets the value to unknown

We recommend use of the TXTHASH for string fields and NUMHASHADD or NUMHASHCON for number fields to mask data from unique fields like code on a Person, Policies, and so on. This prevents any unique constraint errors during the masking process. It also keeps the values consistent while masking data for the same fields across multiple entities, for example, policyCode for Policy, PolicyEnrollmentEvent, and EnrollmentFilePolicy.

Native Fields

To protect the integrity of the application, only the native fields listed below are part of the masking process.

All the dynamic fields and dynamic records are part of the masking configuration. We recommend exclude any dynamic fields for the tables to be purged as part of the Data Masking Process.

Table 6. Native Fields
Entity Name	Object Usage Name	Data Type	Mandatory/Unique
Person	dateOfBirth	Date	Mandatory
Person	endDate	Date
Person	code	String	Unique
Person	emailAddress1	String
Person	emailAddress2	String
Person	faxNumber	String
Person	firstName	String
Person	gender	String
Person	initials	String
Person	middleName	String
Person	name	String	Mandatory
Person	namePartner	String
Person	phoneNumberBusiness	String
Person	phoneNumberMobile	String
Person	phoneNumberPrivate	String
Person	policyGid	String
Person	suffix	String
Address	additionalPart1	String
Address	additionalPart2	String
Address	additionalPart3	String
Address	city	String
Address	numberAddition	String
Address	postalCode	String
Address	street	String
Address	stateAndCountyCode	Integer
BankAccountNumber	bankAccountNumber	String	Mandatory
BankAccountNumber	bankAccountNumberDebit	String
BankAccountNumber	specialName	String
EnrollmentFilePolicy	policyCode	String	Mandatory
GroupClientEvent	policyCode	String
InterfacedMessage	correlationId	String
Policy	code	String	Mandatory
PolicyEnrollmentProduct	startDate	Date	Mandatory
PolicyEnrollmentProduct	endDate	Date
PolicyIdentifier	identifier	String	Unique
PolicyAccount	accountNumber	String	Mandatory
PolicyAccountTransaction	code	String	Unique
PolicyMedicareTransactionReplyReport	memberContractId	String
PolicyMedicareTransactionReplyReport	memberPBPNumber	String
PolicyEnrollmentMedicarePeriod	periodValue	String
PolicyEnrollmentProductMedicareOtherInsuranceDetail	memberId	String	Mandatory
PolicyEnrollmentProductMedicareOtherInsuranceDetail	rxBin	String
PolicyEnrollmentProductMedicareOtherInsuranceDetail	rxPcn	String
PolicyEnrollmentProductMedicarePartD4RxData	rxMemberId	String	Mandatory
PolicyEnrollmentProductMedicarePartD4RxData	rxPcn	String
PolicyEnrollmentProductMedicarePartD4RxData	rxBin	String
PolicyEnrollmentProductMedicareDetail	enrollmentConfirmationNumber	String
PolicyEnrollmentProductMedicareDetail	scopeOfAppointmentNumber	String
PolicyEnrollmentProductMedicareDetail	priorPBPNumber	String
PolicyEnrollmentProductMedicareDetail	applicantInstitutionName	String
PolicyEnrollmentProductMedicareDetail	applicantInstitutionAddress	String
PolicyEnrollmentProductMedicareDetail	applicantInstitutionPhone	String
PolicyEnrollmentProductMedicareDetail	priorPBPNumberTroop	String
PolicyEnrollmentProductMedicareDetail	priorActiveCaraContractNumber	String
PolicyEnrollmentProductMedicareDetail	priorCMSContractNumber	String
PolicyEnrollmentProductMedicareDetail	disenrollmentSourceContractNumber	String
PolicyEnrollmentProductMedicareDetail	priorCMSContractTroop	String
PolicyEnrollmentEvent	policyCode	String
PolicyFeeHistory	cause	String	Mandatory
RelationIdentifier	identifier	String	Mandatory
TaskAttribute	valueDate	Date
User	alternateUserIdentifier	String
User	displayName	String	Mandatory

Response Messages

The application creates the response messages in response to the request messages it receives from external interfaces. Please refer to the "Response Messages" section in the HTTP API/IP Concepts as part of the Developer Guide for more details.

Error Messages

The following error messages are specific to the data masking definition integration point.

Table 7. Error Messages
Code	Severity	Message Text
DID-IP-DIDM-001	Fatal	Entity name {entityName} is unknown
DID-IP-DIDM-002	Fatal	Object usage name {objectUsageName} is unknown
DID-IP-DIDM-003	Fatal	For the dynamic record {objectUsageName}, field {recordObjectUsageName} is unknown
DID-IP-DIDM-004	Fatal	Record object usage name can only be configured for dynamic records
DID-IP-DIDM-005	Fatal	Record object usage is mandatory for {objectUsageName} dynamic record
DID-IP-DIDM-006	Fatal	Flex codes, start date and end date columns cannot be part of the data masking process
DID-IP-DIDM-007	Fatal	Transformation function {transformationCategory} does not match the data type of the field
DID-IP-DIDM-008	Fatal	Fixed field {objectUsageName} cannot be part of the data masking process

Authorization

This API requires a grant for access restriction datamaskingdefinition IP.