FHIR Chat · FHIR output & user permissions · implementers

Stream: implementers

Topic: FHIR output & user permissions

view this post on Zulip Lital Inghel (Apr 03 2022 at 19:13):

in case the user permissions are restricted and he is not allowed to see part of the data (for example due to confidentiality), do we somehow need to let the user know he did not get all information? is there such requirement in the IG?

view this post on Zulip Josh Mandel (Apr 03 2022 at 19:45):

https://stackoverflow.com/a/50252958/318206 -- this answer from Lloyd still applies

view this post on Zulip Michele Mottini (Apr 04 2022 at 03:01):

You should not let the user know. You would be leaking information you are supposed to protect.

view this post on Zulip Michele Mottini (Apr 04 2022 at 03:04):

'Mhh, the system is telling me I am not allowed to see some information about my 16 years old kid, interesting '

view this post on Zulip Lital Inghel (Apr 04 2022 at 10:12):

so user will not know he only received partial info and that's ok? I'm asking because we filter the data user is not allowed to see and we are not outputting it at all from the database. and i want to make sure that from a regulatory perspective this is acceptable.

view this post on Zulip René Spronk (Apr 04 2022 at 10:53):

Some countries have regulatory rules around data access, data blocking etc. You'll have to consult a lawyer, which you are unlikely to find on this forum.

view this post on Zulip René Spronk (Apr 04 2022 at 10:55):

By definition someone who asks for information will only receive some subset of the data that's available. The 'subset of relevant data', but relevance is in the eye of the beholder.

view this post on Zulip Lloyd McKenzie (Apr 04 2022 at 13:08):

"You should not let the user know" - that depends on the situation. In some cases, the user needs to know because there are steps they can take to gain access to the suppressed data and those steps can only be invoked when it's known that data has been suppressed. In other cases, agree that that there should be no differentiation between suppressed and non-existing data.

view this post on Zulip Cooper Thompson (Apr 04 2022 at 14:02):

We (Epic) will always return an informational warning that says something like "you are seeing all the data you have access to, there may be more data you don't have access to". We return this even if the user is seeing everything in the chart (so we don't leak info).

view this post on Zulip Daniel Venton (Apr 04 2022 at 14:14):

Interesting, does that mean that if a hacker gained access to the system and downloaded a bunch of information, by you telling them that they did have access to the data as part of the responses does that mean you can't charge them with illegal access to data?

view this post on Zulip Cooper Thompson (Apr 04 2022 at 14:26):

Umm.. no? Returning an OperationOutcome with some text doesn't magically make it legal to hack a system and gain unauthorized access to data. Disclaimer: I am not a lawyer.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -