Stream: implementers
Topic: Hard delete vs Soft delete
Shane O'Neill (Sep 09 2019 at 17:01):
Hi implementers
For Deleting resources at the REST API level, do you fully nuke the corresponding database record (after versioning and whatnot)? Or use a "soft deleted" flag on the record? What are the pros and cons for either?
Thanks!
John Silva (Sep 09 2019 at 17:25):
There are probably business rules (nd country privacy guidelines) that come into play for making this decision. If the country privacy guidelines require that you remove all remnants of the data when requested by the patient, then soft delete might not be sufficient. Also, what if you had data analytics that need this deleted data for its algorithms?
Jose Costa Teixeira (Sep 09 2019 at 17:27):
privacy-wise it may be that you don't have to delete, you may only de-identify. your mileage may vary...
Jose Costa Teixeira (Sep 09 2019 at 17:30):
on a functional level, my take is that that a request to delete would be put into a decision machine which then decides, based on policies, what will happen. Perhaps this should be at a higher level than the FHIR API, or perhaps this variable behaviour should be considered on the FHIR API. Not sure if we can establish guidance there
John Moehrke (Sep 09 2019 at 17:31):
There is no single solution to a general question about delete... One must consider the regulated requirements. One must consider the workflow requirements. One must consider the intended-use requirements. If the server is suporting Treatment, then the delete is likely nothing more than setting the .status element to inactive. However if the server is supporting a Provider Directory, then the delete could be a complete delete with just an audit trail.
John Moehrke (Sep 09 2019 at 17:31):
so the answer is... it depends
David Pyke (Sep 09 2019 at 17:51):
All of which is the long way of saying "It's a policy decision"
James Agnew (Sep 09 2019 at 19:10):
FWIW- As far as HAPI is concerned, DELETE is always a soft delete out of the box. Hard delete is provided by a separate operation called $expunge. I have heard of people using interceptors to trigger an expunge after a delete though, so you can do either depending on what you need.
Grahame Grieve (Sep 09 2019 at 20:09):
the API allows for either since this is (as said) a policy decision. But I personally strongly recommend never actually deleting anything (and have worked on an insert only database in the past)
Alexander Kiel (Sep 11 2019 at 19:10):
I also use an append-only database for FHIR in my Blaze Store, but it has something called Excision. I would recommend to read the motivation part there.
Last updated: Apr 12 2022 at 19:14 UTC
