Data Privacy Filtering
Last updated
Last updated
The Data Privacy Filtering panel controls the configuration of the data privacy services in SanteDB. Data privacy services allow administrators to:
Control how sensitive data is handled in SanteDB iCDR
Control which resources have specific privacy sensitivity in SanteDB iCDR
Control how sensitive records are disclosed or updated
Control which properties on which resources are forbidden (and will result in a privacy violation exception when collected, or queried).
Expanding the resources input allows administrators to specify resources in the RIM which are subject to special protections. Clicking the ellipsis on the resources property will open a collection editor change the settings for resource controls:
You can set policies on identifiers (on entities and acts) by controlling the policy on AssigningAuthority.
The property policies allow implementing jurisdictions to control which properties in which resources are forbidden. Examples of this functionality are:
Restricting the collection, disclosure, or querying of Patient religion or ethnicity to all users
Restricting the disclosure, collection or querying of Patient VIP status to only users which have "Access to Taboo Information" policy.
Resources, properties and the default policy actions dictate how the privacy filtering engine will handle data whenever:
The requesting principal lacks appropriate policy permissions to view data (when flagged), or
The requesting principal is querying, updating, or being disclosed data from a forbidden property.
| Option | Description | Example |
|---|---|---|
| Option | Description | Example |
|---|---|---|
| Option | Description | Example |
|---|---|---|
| Action | Behavior |
|---|---|
Default Action
The action which should be applied to all resources which have been flagged as sensitive, where no specific policy has been assigned.
See: Policy Actions
Resources
The resources which are to be protected with specialized policy enforcement.
Action
The action to be applied on resources which have privacy policies applied to them, when the requesting user does not have a grant for the policy.
See: Policy Actions
Resource Type
The type of resource that the policy applies to.
Patient, Person, etc.
Fields
The properties which are forbidden or have specialized sub-policy enforcement instructions.
See: Property Policies
Action
The action to apply when the caller attempts to access, query, or write data to the field.
See: Policy Actions
Policy
The policy OIDs which the user must posses in order for the Action not to result in an error.
2.25.0303030
Property
The HDSI property path (root paths only) on the resource, where this policy applies.
None
No action is taken on the resource or data element.
Audit
The disclosure or update is permitted to continue, however a specialized security alert audit created indicating the property was disclosed or updated.
Redact
On Resources with data policies, the resource is stripped of all information (identifiers, addresses, telecoms, etc.) and data is replaced with XXXXXX
On AssigningAuthority resource the value of the identifier is replaced with XXXXXXX
On forbidden properties, the value of the property is replaced with XXXXXX on disclosure. Query is not permitted, recordation is not permitted.
Note: The $pep.masked tag is appended to the resource.
Nullify
Replaces the value of the property with null , if the action is applied to a resource then the status is set to Nullify and no data is disclosed.
Note: The $pep.masked tag is appended to the resource.
Hide
On Resources with data policies, the resource is removed from result sets. Direct fetching of the resource by UUID results in a NotFound and updates result in errors.
On AssigningAuthority resource, the identifier is removed from the object being disclosed. Updates or addition of the identity domain result in a privacy error.
On forbidden properties, the property is removed from the resource. Querying, recordation, and disclosure are forbidden.
Note: The $pep.masked tag is appended to the resource.
Error
Whenever a principal attempts to read, query, or update the resource, the policy enforcement service will raise an error.
Hash
On Resources with data policies, the resource has its properties replaced with the SHA256 hash of the value
On AssigningAuthority resource, the identifier is replaced with a hash of the identifier value.
On forbidden properties, this setting has no effect.
Note: The $pep.masked tag is appended to the resource.
