Skip to content

PHI enhancements #869

New issue
New issue
Closed
Closed
PHI enhancements#869
Labels
Enhancement
@nagem

Description

@nagem
nagem
opened on Jul 20, 2017

Requested PHI enhancements:

  • add new permission type:ro-no-phi aka Read Only (No PHI)* which will always filter out PHI fields on all endpoints, both get and get_all. Otherwise, it will have the same permissions as the existing ro user.
  • add new query param to get_all endpoints called phi=true*, defaults to false when not present. Using this flag will prevent the filtering of PHI and will log access to each item in the list. Logging an action for viewing the session and the subject seems most appropriate while subjects are subdocuments of sessions.
  • Investigate using an aggregation pipeline with a $project on finds via Mongo to replace PHI fields with a default value to indicate the PHI value has been withheld. This would allow the user to know this field is populated, but they do not have access to it.**

* These names can be changed in actual implementation
** Still up for discussion, sometimes even having a PHI field present is a breech of PHI depending on the field.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions