Versions Compared

Old Version 1

changes.mady.by.user Alx Dark

Saved on

compared with

New Version Current

changes.mady.by.user Alx Dark

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Background

Bridge users save health data about themselves and then interact with that data through Bridge, to learn more about their medication conditions, and to contribute that data to researchers doing compelling research on their community. The data they save must be anonymous (you should not be able to derive whose data it is if you were able to break into the database), while all the records from an individual need to be related so that researchers can look at a set of records and know they describe one individual. 

Toward this end, we propose assigning a "health data code" to each participant, probably scoped to an individual study. (Note: for reasons, we're not supposed to refer to entities in Bridge participants as related to "patients", so we talk about health data codes here, not patient codes or some variant of that language.).) The code will be used when creating records, not any other identifier for that user.

This API is to generate a code to record anonymous health data records as part of Bridge. These codes must have the following properties:

...

Since Bridge uses Synapse for user authentication, it has no information about users in its data stores, and putting the health data code API in Synapse would keep it that way (it is a very small API). It can also leverage some of the password hashing code that already exists in Synapse.

API

URL
HTTP type
Description
/auth/healthdata/codePOST

{"base": "baseValue", "provisionalSeed": "seedValue"}

Given a base String and a specific user, always return the same health data code (a hash of some kind). The seed property is optional; if submitted, the patient code returned will use that seed value without persisting it (see the other method call). If not, the private seed for a user will be used. A first seed will be generated on demand within Synapse, and persisted (much like the current password hashing seed), if necessary.

/auth/healthdata/seedPOST

{"seed": "seedValue"}

Submit a new seed value that will be persisted for this user, and used when sending back new patient codes.

...