Merge pull request #285016 from KendalBond007/DICOMcleanup

AnnaMHuff · web-flow · commit 690c0648ca6e · 2024-08-21T13:45:42.000-06:00
Markdown cleanup of new content
diff --git a/articles/healthcare-apis/deidentification/manage-access-rbac.md b/articles/healthcare-apis/deidentification/manage-access-rbac.md
@@ -41,7 +41,7 @@ Keep in mind the following points about Azure role assignments with the de-ident
 - When the de-identification service is locked with an [Azure Resource Manager read-only lock](/azure/azure-resource-manager/management/lock-resources), the lock prevents the assignment of Azure roles that are scoped to the de-identification service.
 - When Azure deny assignments have been applied, your access might be blocked even if you have a role assignment. For more information, see [Understand Azure deny assignments](/azure/role-based-access-control/deny-assignments).
 
-You can use different tools to assign built-in roles.
+You can use different tools to assign built-in roles. Select the tab that applies for details.
 
 # [Azure portal](#tab/azure-portal)
 
@@ -53,7 +53,7 @@ To assign an Azure role to a security principal with PowerShell, call the [New-A
 
 The format of the command can differ based on the scope of the assignment, but `ObjectId` and `RoleDefinitionName` are required parameters. While the `Scope` parameter is optional, you should set it to retain the principle of least privilege. By limiting roles and scopes, you limit the resources that are at risk if the security principal is ever compromised.
 
-The scope for a de-identification service (preview) is in the form `/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<Deidentification Service Name>`
+The scope for a de-identification service (preview) is in the form `/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>`
 
 The example assigns the **DeID Data Owner** built-in role to a user, scoped to a specific de-identification service. Make sure to replace the placeholder values 
 in angle brackets `<>` with your own values:
@@ -62,24 +62,22 @@ in angle brackets `<>` with your own values:
 New-AzRoleAssignment 
 	-SignInName <Email> `
 	-RoleDefinitionName "DeID Data Owner" `
-	-Scope "/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<Deidentification Service Name>"
+	-Scope "/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>"
 ```
 
 A successful response should look like:
 
 ```
-
 console
-RoleAssignmentId   : /subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<Deidentification Service Name>/providers/Microsoft.Authorization/roleAssignments/<Role Assignment ID>
-Scope              : /subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<Deidentification Service Name>
+RoleAssignmentId   : /subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>/providers/Microsoft.Authorization/roleAssignments/<Role Assignment ID>
+Scope              : /subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>
 DisplayName        : Mark Patrick
 SignInName         : markpdaniels@contoso.com
 RoleDefinitionName : DeID Data Owner
 RoleDefinitionId   : <Role Definition ID>
 ObjectId           : <Object ID>
 ObjectType         : User
 CanDelegate        : False
-
 ```
 
 For more information, see [Assign Azure roles using Azure PowerShell](/azure/role-based-access-control/role-assignments-powershell).
@@ -90,15 +88,15 @@ To assign an Azure role to a security principal with Azure CLI, use the [az role
 
 The format of the command can differ based on the type of security principal, but `role` and `scope` are required parameters.
 
-The scope for a de-identification service (preview) is in the form `/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<Deidentification Service Name>`
+The scope for a de-identification service (preview) is in the form `/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>`
 
 The following example assigns the **DeID Data Owner** built-in role to a user, scoped to a specific de-identification service. Make sure to replace the placeholder values in angle brackets `<>` with your own values:
 
 ```azurecli
 az role assignment create \
 	--assignee <Email> \
 	--role "DeID Data Owner" \
-	--scope "/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<Deidentification Service Name>"
+	--scope "/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>"
 ```
 
 For more information, see [Assign Azure roles using Azure PowerShell](/azure/role-based-access-control/role-assignments-cli).
diff --git a/articles/healthcare-apis/deidentification/managed-identities.md b/articles/healthcare-apis/deidentification/managed-identities.md
@@ -11,13 +11,13 @@ ms.date: 07/17/2024
 
 # Use managed identities with the de-identification service (preview)
 
-Managed identities provide Azure services with a secure, automatically managed identity in Microsoft Entra ID. Using managed identities eliminates the need for developers having to manage credentials by providing an identity. There are two types of managed identities: system-assigned and user-assigned. The de-identification service supports both.
+Managed identities provide Azure services with a secure, automatically managed identity in Microsoft Entra ID. Using managed identities eliminates the need for developers to manage credentials by providing an identity. There are two types of managed identities: system-assigned and user-assigned. The de-identification service supports both.
 
 Managed identities can be used to grant the de-identification service (preview) access to your storage account for batch processing. In this article, you learn how to assign a managed identity to your de-identification service.
 
 ## Prerequisites
 
-- Understand the differences between **system-assigned** and **user-assigned** described in [What are managed identities for Azure resources?](/entra/identity/managed-identities-azure-resources/overview)
+- Understand the differences between **system-assigned** and **user-assigned** managed identities, described in [What are managed identities for Azure resources?](/entra/identity/managed-identities-azure-resources/overview)
 - A de-identification service (preview) in your Azure subscription. If you don't have a de-identification service, follow the steps in [Quickstart: Deploy the de-identification service](quickstart.md).
 
 ## Create an instance of the de-identification service (preview) in Azure Health Data Services with a system-assigned managed identity
@@ -69,14 +69,12 @@ the resource definition, replacing **resource-id** with the Azure Resource Manag
 
 ## Supported scenarios using managed identities
 
-Managed identities assigned to the de-identification service (preview) can be used to allow access to Azure Blob Storage for batch de-identification jobs. The service acquires a token as
-the managed identity to access Blob Storage and de-identify blobs that match a specified pattern. For more information, including how to grant access to your managed identity,
-see [Quickstart: Azure Health De-identification client library for .NET](quickstart-sdk-net.md).
+Managed identities assigned to the de-identification service (preview) can be used to allow access to Azure Blob Storage for batch de-identification jobs. The service acquires a token as the managed identity to access Blob Storage, and de-identify blobs that match a specified pattern. For more information, including how to grant access to your managed identity, see [Quickstart: Azure Health De-identification client library for .NET](quickstart-sdk-net.md).
 
 ## Clean-up steps
 
 When you remove a system-assigned identity, you delete it from Microsoft Entra ID. System-assigned identities are also automatically removed from Microsoft Entra ID
-when you delete the de-identification service (preview).
+when you delete the de-identification service (preview), described as follows.
 
 # [Azure portal](#tab/portal)
 
diff --git a/articles/healthcare-apis/deidentification/overview.md b/articles/healthcare-apis/deidentification/overview.md
@@ -1,6 +1,6 @@
 ---
-title:  Overview of the de-identification service (preview) in Azure Health Data Services
-description: Learn how the de-identification service (preview) in Azure Health Data Services anonymizes clinical data, ensuring HIPAA compliance while retaining data relevance for research and analytics.
+title:  Overview of the De-identification service (preview) in Azure Health Data Services
+description: Learn how the De-identification service (preview) in Azure Health Data Services anonymizes clinical data, ensuring HIPAA compliance while retaining data relevance for research and analytics.
 author: kimiamavon
 ms.service: azure-health-data-services
 ms.subservice: deidentification-service
@@ -11,7 +11,7 @@ ms.author: kimiamavon
 
 # What is the de-identification service (preview)?
 
-The de-identification service (preview) in Azure Health Data Services enables healthcare organizations to anonymize clinical data so that the resulting data retains its clinical relevance and distribution while also adhering to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. The service uses state-of-the-art machine learning models to automatically extract, redact, or surrogate 28 entities, including the HIPAA 18 Protected Health Information (PHI) identifiers – from unstructured text such as clinical notes, transcripts, messages, or clinical trial studies.
+The de-identification service (preview) in Azure Health Data Services enables healthcare organizations to anonymize clinical data so that the resulting data retains its clinical relevance and distribution while also adhering to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. The service uses state-of-the-art machine learning models to automatically extract, redact, or surrogate 28 entities - including the HIPAA 18 Protected Health Information (PHI) identifiers – from unstructured text such as clinical notes, transcripts, messages, or clinical trial studies.
 
 ## Use de-identified data in research, analytics, and machine learning
 
diff --git a/articles/healthcare-apis/deidentification/quickstart-sdk-net.md b/articles/healthcare-apis/deidentification/quickstart-sdk-net.md
@@ -1,5 +1,5 @@
 ---
-title: "Quickstart: Azure Health De-identification client library for .NET"
+title: "Quickstart: Azure Health de-identification client library for .NET"
 description: A quickstart guide to de-identify health data with the .NET client library
 author: GrahamMThomas
 ms.author: gthomas
@@ -37,7 +37,7 @@ A de-identification service (preview) provides you with an endpoint URL. This en
     az resource create -g $RESOURCE_GROUP_NAME -n $DEID_SERVICE_NAME --resource-type microsoft.healthdataaiservices/deidservices --is-full-object -p "{\"identity\":{\"type\":\"SystemAssigned\"},\"properties\":{},\"location\":\"$REGION\"}"
     ```
     
-### Create an Azure Storage Account
+### Create an Azure Storage account
 
 1. Install [Azure CLI](/cli/azure/install-azure-cli)
 1. Create an Azure Storage Account
@@ -47,7 +47,7 @@ A de-identification service (preview) provides you with an endpoint URL. This en
     az storage account create --name $STORAGE_ACCOUNT_NAME --resource-group $RESOURCE_GROUP_NAME --location $REGION
     ```
 
-### Authorize de-identification service (preview) on storage account
+### Authorize de-identification service (preview) on the Azure Storage account
 
 -  Give the de-identification service (preview) access to your storage account
    
@@ -82,15 +82,15 @@ The client library is available through NuGet, as the `Azure.Health.Deidentifica
 
 
 ## Code examples
-- [Create a Deidentification Client](#create-a-deidentification-client)
+- [Create a de-identification Client](#create-a-de-identification-client)
 - [De-identify a string](#de-identify-a-string)
 - [Tag a string](#tag-a-string)
-- [Create a Deidentification Job](#create-a-deidentification-job)
-- [Get the status of a Deidentification Job](#get-the-status-of-a-deidentification-job)
+- [Create a de-identification Job](#create-a-de-identification-job)
+- [Get the status of a de-identification Job](#get-the-status-of-a-de-identification-job)
 
-### Create a Deidentification Client
+### Create a de-identification client
 
-Before you can create the client, you need to find your **deidentification service (preview) endpoint URL**.
+Before you can create the client, you need to find your **de-identification service (preview) endpoint URL**.
 
 You can find the endpoint URL with the Azure CLI:
 
@@ -131,7 +131,7 @@ content.Operation = OperationType.Tag;
 DeidentificationResult result = await client.DeidentifyAsync(content);
 ```
 
-### Create a Deidentification Job
+### Create a de-identification job
 
 This function allows you to de-identify all files, filtered via prefix, within an Azure Blob Storage Account.
 
@@ -156,7 +156,7 @@ DeidentificationJob job = new(
 job = client.CreateJob(WaitUntil.Started, "my-job-1", job).Value;
 ```
 
-### Get the status of a Deidentification Job
+### Get the status of a de-identification job
 
 Once a job is created, you can view the status and other details of the job.
 
@@ -175,19 +175,19 @@ dotnet run
 
 ## Clean up resources
 
-### Delete Deidentification Service
+### Delete de-identification service
 
 ```bash
 az resource delete -n $DEID_SERVICE_NAME -g $RESOURCE_GROUP_NAME  --resource-type microsoft.healthdataaiservices/deidservices
 ```
 
-### Delete Azure Storage Account
+### Delete Azure Storage account
 
 ```bash
 az resource show -n $STORAGE_ACCOUNT_NAME -g $RESOURCE_GROUP_NAME  --resource-type Microsoft.Storage/storageAccounts
 ```
 
-### Delete Role Assignment
+### Delete role assignment
 
 ```bash
 az role assignment delete --assignee $DEID_SERVICE_PRINCIPAL_ID --role "Storage Blob Data Contributor" --scope $STORAGE_ACCOUNT_ID
@@ -198,9 +198,9 @@ az role assignment delete --assignee $DEID_SERVICE_PRINCIPAL_ID --role "Storage
 
 ### Unable to access source or target storage
 
-Ensure the permissions are given and the Managed Identity for the de-identification service (preview) is set up properly.
+Ensure the permissions are given, and the Managed Identity for the de-identification service (preview) is set up properly.
 
-See [Authorize Deidentification Service on Storage Account](#authorize-de-identification-service-preview-on-storage-account)
+See [Authorize de-identification service (preview) on the Azure Storage account](#authorize-de-identification-service-preview-on-the-azure-storage-account)
 
 ### Job failed with status PartialFailed
 
@@ -213,7 +213,7 @@ See [Sample](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/healthdata
 
 In this quickstart, you learned:
 - How to create a de-identification service (preview) and assign a role on a storage account.
-- How to create a Deidentification Client
+- How to create a de-identification client
 - How to de-identify strings and create jobs on documents within a storage account.
 
 > [!div class="nextstepaction"]
diff --git a/articles/healthcare-apis/deidentification/quickstart.md b/articles/healthcare-apis/deidentification/quickstart.md
@@ -54,7 +54,7 @@ For more information, see [Use tags to organize your Azure resources](/azure/azu
 In the **Managed Identity** tab, you can assign a managed identity to your de-identification service (preview). For more information, see [managed identities](managed-identities.md).
 
 1. To create a system-assigned managed identity, select **On** under **Status**.
-1. To add a user-assigned managed identity, select **Add** to use the selection pane to choose an existing identity to assign.
+1. To add a user-assigned managed identity, select **Add** to use the selection pane to assign an existing identity.
 
 ## Review and create
 
