September 1, 2020 – Multiple HealthShare Advisories

This message contains two recent HealthShare Advisories, which are available below.

• Advisory: Consent API allows for the creation of consent policies for non-existing MPI IDs
• Advisory: Issue with Consent Processing in the Operational Data Store

These advisories are also on the InterSystems Product Alerts and Advisories page

September 1, 2020 – Advisory: Consent API allows for the creation of consent policies for non-existing MPI IDs

InterSystems has corrected a defect when using the Consent API, where it is possible to associate a consent policy with an MPI ID that does not yet exist. If that MPI ID is later created and assigned to a patient, the previously associated consent policy will be applied to that patient.

This problem exists for:

• All HealthShare Unified Care Record/Information Exchange versions

Two Consent API methods are affected by this issue:

• AddEditMPIConsentPolicy
• AddEditPatientPolicy

The input parameters for these methods identify a patient via an MPI ID and optionally an MRN and MRN Assigning Authority. Prior to this fix, it is possible to associate a consent policy with an MPI ID that does not yet exist. If that MPI ID is later assigned to a patient, the consent policy will be applied to that patient. This is identified as a patient privacy concern as an erroneous consent policy may result in inappropriate access to the patient demographic information or clinical data. This issue does not cause an increased risk of disclosure outside of HealthShare.

A fix is available for this issue. The fix validates whether the MPI ID exists before associating a consent policy with it. If the MPI ID does not exist, the API transaction will not succeed, and the consent policy will not be associated with that MPI ID.

This fix now validates the MPI ID exists, but it cannot validate that an existing MPI ID passed in is the correct ID for the intended target patient. MRN and MRN Assigning Authority were validated prior to this fix and continue to be validated. However, there is no validation that the MRN and MRN Assigning Authority are valid for the specified MPI ID. Applications and users of the Consent API should continue to exercise caution when inputting patient identifiers as arguments to the API methods.

Additionally, the Consent API methods do not validate the following. A fix is not yet available to validate these input parameters. Customers are strongly encouraged to test their usage of the consent API to ensure that input parameters are specified appropriately.

• Decision: this is a required field, but it is possible to omit it. The methods will return an error if the input value is invalid.
• ClinicialInformationType: this is a required field for the AddEditPatientPolicy method. The method will return an error if the input value is omitted but will not return an error if an invalid value is entered.
• EffectiveDate, EventEffective, EventExpiration, ExpirationDate: these are optional fields. The methods require these dates to be in $h format and do not return an error for any invalid date formats.
• GroupList: this is an optional field. The methods will not return an error if an invalid group is entered.
• RelationshipList: this is an optional field. The methods will not return an error if an invalid relationship is entered. Additionally, the methods will silently ignore this parameter if AppliesTo is not set to "R".

The correction for this defect is identified as dev key HSIEC-3190 and will be included in all future product releases. It is also available via Adhoc change file (patch) or full kit distribution from the Worldwide Response Center (WRC).

If you have any questions regarding this advisory, please contact the Worldwide Response Center (WRC) at support@InterSystems.com or  +1.617.621.0700.

September 1, 2020 – Advisory: Issue with Consent Processing in the Operational Data Store

InterSystems has corrected an issue that occurs with consent processing in the Operational Data Store (ODS).

This problem exists for Customers who use the Operational Data Store (ODS) in one of the following versions:

• HealthShare Information Exchange 2018.1.x
• HealthShare Unified Care Record 2019.1.x
• HealthShare Unified Care Record 2019.2.x
• HealthShare Unified Care Record 2020.1.x

When the Operational Data Store receives a request for a patient's data from an Access Gateway, it asynchronously fetches and processes the data. Consent is evaluated asynchronously for each SourceMRN, which is a combination of Facility, Assigning Authority, and MRN.

Previously, the consent evaluation for the first SourceMRN was applied to each of the subsequently evaluated SourceMRNs. This could cause consent to be applied incorrectly. This issue has been identified as a patient privacy concern as it could result in inappropriate access to patient data by an authorized HealthShare user. This issue does not cause an increased risk of disclosure outside of HealthShare.

InterSystems recommends that customers who use the ODS apply the fix for this defect. The fix ensures that the consent evaluation for each SourceMRN is processed independently.

The correction for this defect is identified as HSIEC-3224 and will be included in all future product releases. It is also available via Ad hoc change file (patch) or full kit distribution from the Worldwide Response Center (WRC).

If you have any questions regarding this advisory, please contact the Worldwide Response Center (WRC) at support@InterSystems.com or  +1.617.621.0700.