6.4. Data dictionary (DD)¶
The data dictionary is a TSV file with a single header row, and columns as defined below. (The DD columns can be in any order as long as the header row matches the data, and the column heading names are exactly as follows.)
Once you have edited your anonymiser config file to point to your source database, you can generate a draft data dictionary like this:
crate_anonymise --draftdd > mydd.tsv
Now edit the data dictionary as required. Then make your config file point to the data dictionary you want to use.
This column specifies the source database, using a name that matches one from
source_databases list in the config file.
This column specifies the table name in the source database.
This column specifies the field (column) name in the source database.
This column gives the source column’s SQL data type (e.g. INT, VARCHAR(50)).
This field can be blank or can contain a string made up of one or more characters. The characters have the following meanings:
This field is the primary key (PK) for the table it’s in.
ADD SOURCE HASH.
Add source hash of the record, for incremental updates?
Record contents are constant (will not change) for a given PK.
Marks an addition-only table. It is assumed that records can only be added to this table, not deleted.
Primary patient ID field. If set,
DEFINES PRIMARY PIDS.
This field defines primary PIDs. If set, this row will be used to search for all patient IDs, and will define them for this database. Only those patients will be processed (for all tables containing patient info). Typically, this flag is applied to a SINGLE field in a SINGLE table, usually the principal patient registration/demographics table.
Master ID (e.g. NHS number).
The field will be hashed with the master PID hasher.
This field is used to mark that the patient wishes to opt out entirely. It must be in a table that also has a primary patient ID field (because that’s the ID that will be omitted). If the opt-out field contains a value that’s defined in the
If this field is a
One of the following values, or blank:
||Contains patient-identifiable information that must be
||Contains identifiable information about a carer,
family member, or other third party, which must be
||This field is a patient identifier for ANOTHER patient (such as a relative). The scrubber should recursively include THAT patient’s identifying information as third-party information for THIS patient.|
Applicable to scrub_src fields, this column determines the manner in which this field should be treated for scrubbing. It must be one of the following values (or blank):
||Treat as a set of textual words. This is the default for all textual fields (e.g. CHAR, VARCHAR, TEXT). Typically used for names. Also OK for e-mail addresses.|
||Treat as a textual phrase (a sequence of words to be replaced only when they occur in sequence). Typically used for address components.|
||Treat as a number. This is the default for all numeric fields (e.g. INTEGER, FLOAT). If you have a phone number in a text field, use this method; it will be scrubbed regardless of spacing/punctuation.|
||Teat as an alphanumeric code. Suited to postcodes. Very like the numeric method, but permits non-digits.|
||Treat as a date. This is the default for all DATE/DATETIME fields.|
One of the following two values:
||Omit the field from the output entirely.|
This is case sensitive, for safety.
Either blank, or an expression that evaluates to a Python iterable (e.g. list or tuple) with Python’s ast.literal_eval() function (see https://docs.python.org/3.4/library/ast.html).
- If this is not blank/None, then it serves as a ROW INCLUSION LIST – the source row will only be processed if the field’s value is one of the inclusion values.
- It applies to the raw value from the database (before any transformation via
- This is not applied to
scrub_srcfields (which contribute to the scrubber regardless).
- Note that
[None]is a list with one member, None, whereas
Noneis equivalent to leaving the field blank.
[True, 1, 'yes', 'true', 'Yes', 'True']
inclusion_values, but the row is excluded if the field’s value is in
the exclusion_values list.
Manner in which to alter the data. Blank, or a comma-separated list of one or more of:
||Scrub in. Applies to text fields only. The field will have its contents anonymised (using information from other fields). Use this for any text field that end users might store free-text comments in.|
||Truncate this date to the first of the month. Applicable to text or date-as-text fields.|
||Convert a binary field (e.g. `VARBINARY`,
`BLOB`) to text (e.g. `LONGTEXT`). The binary
data is taken to be the representation of a
document. The field EXTFIELDNAME, which must
be in the same source table, must contain the
file extension (e.g.
A more powerful way of specifying a filename that can be created using data from this table. The FMT parameter is an unquoted Python str.format() string; see https://docs.python.org/3.4/library/stdtypes.html#str.format. The dictionary passed to format() is created from all fields in the row.
Using an example from RiO: if your
ClientDocuments table contains a ClientID
You probably want to apply this
||As for the binary-to-text option, but the field contains a filename (the contents of which is converted to text), rather than containing binary data directly.|
||If one of the text extraction methods is specified, and this flag is also specified, then the data row will be skipped if text extrcation fails (rather than inserted with a NULL value for the text). This is helpful, for example, if your text-processing pipeline breaks; the option prevents rows being created erroneously with NULL text values, so that a subsequent incremental update will fix the problems once you’ve fixed your text extraction tools.|
||HTML encoding is removed, e.g. convert
||HTML tags are removed, e.g. from
||Hash this field,|
You can specify multiple options separated by commas.
Not all are compatible (e.g. scrubbing is for text; date truncation is for dates).
If there’s more than one, text extraction from BLOBs/files is performed first. After that, they are executed in sequence. (The position of the skip-if-text-extraction-fails flag is immaterial.)
A typical combination might be:
Table name in the destination database.
Field (column) name in the destination database.
SQL data type in the destination database.
If omitted, the source SQL data type is translated appropriately.
||Create a normal index on the destination field.|
||Create a unique index on the destination field.|
||Create a FULLTEXT index, for rapid searching within long text fields. Only applicable to one field per table.|
Integer. Can be blank. If not, sets the prefix length of the index. This is mandatory in MySQL if you apply a normal (+/- unique) index to a TEXT or BLOB field. It is not required for FULLTEXT indexes.
6.4.18. Minimal data dictionary example¶
This illustrates a data dictionary for a fictional database.
Some more specialist columns (
not shown for clarity. Comments are added (lines beginning with #) that
wouldn’t be permitted in the real TSV file.
src_db src_table src_field src_datatype src_flags scrub_src scrub_method decision alter_method dest_table dest_field dest_datatype index indexlen comment ------- ---------- ------------ ------------- ---------- ---------- ------------- --------- ---------------- ----------- ----------- -------------- ------ --------- ---------------------------------------------------- # The source table "patients" defines our patients. # This is also a primary source of information that is used to build our scrubbers. # Most information shouldn't come through to the destination database, but some (e.g. DOB) is helpful in a truncated form. # This table also includes our master opt-out switch. mydb patients patientnum INTEGER(11) K*H patient number OMIT Local patient ID (PID); will be replaced by RID+TRID mydb patients nhsnum INTEGER(11) M patient number OMIT NHS number (MPID); will be replaced by MRID mydb patients dob DATE patient date include truncate_date patients dob DATE Date of birth (truncated to first of month) mydb patients dod DATE include patients dod DATE Date of death, or NULL if alive mydb patients forename VARCHAR(255) patient words OMIT mydb patients surname VARCHAR(255) patient words OMIT mydb patients telephone VARCHAR(255) patient number OMIT A phone number. mydb patients opt_out_anon BIT ! # The "addresses" table gives (potentially several) addresses per patient. mydb addresses pk INTEGER(11) KH include addresses pk INTEGER(11) U Arbitrary address PK. mydb addresses patientnum INTEGER(11) P OMIT mydb addresses from_date DATE include addresses from_date I mydb addresses to_date DATE include addresses to_date I mydb addresses line1 VARCHAR(255) patient phrase OMIT mydb addresses line2 VARCHAR(255) patient phrase OMIT mydb addresses line3 VARCHAR(255) patient phrase OMIT mydb addresses line4 VARCHAR(255) patient phrase OMIT mydb addresses line5 VARCHAR(255) patient phrase OMIT mydb addresses postcode VARCHAR(10) patient code OMIT UK postcode. mydb addresses lsoa VARCHAR(10) include addresses lsoa Lower Super Output Area, added by CRATE preprocessor (calculated from postcode). mydb addresses imd INTEGER include addresses imd UK Index of Multiple Deprivation, added by CRATE preprocessor. # The "relatives" table gives us some third-party information to add to our scrubbers. mydb relatives pk INTEGER(11) KH OMIT mydb relatives patientnum INTEGER(11) P OMIT mydb relatives relationship VARCHAR(255) OMIT mydb relatives forename VARCHAR(255) thirdparty words OMIT mydb relatives surname VARCHAR(255) thirdparty words OMIT # The "notes" table contains simple text that needs scrubbing. mydb notes pk INTEGER(11) KH include notes pk INTEGER(11) U mydb notes patientnum INTEGER(11) P OMIT Patient ID will be replaced by RID+TRID mydb notes when DATETIME include notes when DATETIME I mydb notes note VARCHAR(MAX) include scrub notes note LONGTEXT Gives the scrubbed note. # The "documents" table uses filenames to refer to binary documents on disk, which need scrubbing. # (If binary documents won't change once added, you might want to set the "C" flag on "doc_id", instead of "H", for efficiency.) mydb documents doc_id INTEGER(11) KH include documents doc_id INTEGER(11) U Document PK mydb documents patientnum INTEGER(11) P OMIT Patient ID will be replaced by RID+TRID mydb documents when_added DATETIME include documents when_added DATETIME I mydb documents filename VARCHAR(255) include filename_to_text documents contents LONGTEXT F Becomes scrubbed document contents with FULLTEXT index.
Check minimal data dictionary example works.