Data Privacy Filtering
Last updated
Last updated
The Data Privacy Filtering panel controls the configuration of the data privacy services in SanteDB. Data privacy services allow administrators to:
Control how sensitive data is handled in SanteDB iCDR
Control which resources have specific privacy sensitivity in SanteDB iCDR
Control how sensitive records are disclosed or updated
Control which properties on which resources are forbidden (and will result in a privacy violation exception when collected, or queried).
| Option | Description | Example |
|---|---|---|
Default Action | The action which should be applied to all resources which have been flagged as sensitive, where no specific policy has been assigned. | See: Policy Actions |
Resources | The resources which are to be protected with specialized policy enforcement. |
Expanding the resources input allows administrators to specify resources in the RIM which are subject to special protections. Clicking the ellipsis on the resources property will open a collection editor change the settings for resource controls:
| Option | Description | Example |
|---|---|---|
Action | The action to be applied on resources which have privacy policies applied to them, when the requesting user does not have a grant for the policy. | See: Policy Actions |
Resource Type | The type of resource that the policy applies to. | Patient, Person, etc. |
Fields | The properties which are forbidden or have specialized sub-policy enforcement instructions. | See: Property Policies |
You can set policies on identifiers (on entities and acts) by controlling the policy on AssigningAuthority.
The property policies allow implementing jurisdictions to control which properties in which resources are forbidden. Examples of this functionality are:
Restricting the collection, disclosure, or querying of Patient religion or ethnicity to all users
Restricting the disclosure, collection or querying of Patient VIP status to only users which have "Access to Taboo Information" policy.
| Option | Description | Example |
|---|---|---|
Action | The action to apply when the caller attempts to access, query, or write data to the field. | See: Policy Actions |
Policy | The policy OIDs which the user must posses in order for the Action not to result in an error. | 2.25.0303030 |
Property | The HDSI property path (root paths only) on the resource, where this policy applies. |
Resources, properties and the default policy actions dictate how the privacy filtering engine will handle data whenever:
The requesting principal lacks appropriate policy permissions to view data (when flagged), or
The requesting principal is querying, updating, or being disclosed data from a forbidden property.
| Action | Behavior |
|---|---|
None | No action is taken on the resource or data element. |
Audit | The disclosure or update is permitted to continue, however a specialized security alert audit created indicating the property was disclosed or updated. |
Redact |
Note: The |
Nullify | Replaces the value of the property with |
Hide |
Note: The |
Error | Whenever a principal attempts to read, query, or update the resource, the policy enforcement service will raise an error. |
Hash |
Note: The |
