Data Privacy Enforcement Provider
Last updated
Was this helpful?
Last updated
Was this helpful?
IPrivacyEnforcementService
in assembly SanteDB.Core.Api version 3.0.1980.0
Contract for services which enforce privacy directives
Implementers of this service contract are expected to provide support for the architecture. The responsibilities for implementers are:
Enforce the data privacy directives attached to or instances prior to disclosure of the record (for example: redact, mask, or hide)
Ensure that data privacy directives are adhered to prior to updating data in the CDR
Ensure that fields which are sensitive or forbidden are not being used in queries
This service is used by the layer. ValidateWrite is used prior to executing a write operation should ensure that the data being provided/written does not violate local privacy laws (i.e. if Race is forbidden, and the request contains Race the request should be aborted or scrubbed)
Additionally, the ValidateQuery method is invoked prior to querying to ensure that the query parameters don't violate local privacy laws (i.e. don't permit query on MaritalStatus) and that patient privacy policies would not be violated by the query. For example, if the jurisdiction has a policy which protects or hides HIV_PROGRAM
identifiers, and a principal which lacks that policy attempts a query such as identifier[HIV_PROGRAM].value=!null
, then patient privacy could be compromised just by the nature of a a result being returned (even it if the HIV_PROGRAM identifier is scrubbed). The ValidateQuery method should protect in these cases (note: the default implementation does not protect against this, however the capability is present for third party implementers of this service to produce such behavior)
Apply
TData
TData data IPrincipal principal
Applies the privacy policies attached to the provided data such that a disclosure to the provided principal would not compromise patient privacy.
Apply
IQueryResultSet<TData>
IQueryResultSet<TData> data IPrincipal principal
Applies the privacy policies attached to the provided data such that a disclosure to the provided principal would not compromise patient privacy.
ValidateWrite
Boolean
TData data IPrincipal principal
Determine if the record provided contains data that the user shouldn't be sending.
ValidateQuery
Boolean
Expression<Func<TModel,Boolean>> query IPrincipal principal
Validate that a query can be performed by user and does not contain forbidden or compromising fields
This privacy enforcement service provides a baseline implementation of a privacy filter in SanteDB. The service supports:
Removing any forbidden / restricted fields from disclosure based on policy (or global removal)
Ensuring that inbound messages do not contain masked or partial data
Validating that queries are not performed against forbidden fields
Ensuring that inbound data does not contain forbidden field data
A data privacy filter service which supports exemption based on configuration
Privacy enforcement service that uses the local and takes default behaviors (as described in the
Hiding, Masking, Hashing, Redacting data which is about to be disclosed according to the
This class is an extension of the which adds support for exempting certain types of principals from the enforcement action. This is useful for scenarios where, for example, a may be a node that is synchronizing data.