Skip to content
Search to learn about InterSystems products and solutions, career opportunities, and more.

Advisory: Issue with Consent Processing in the Operational Data Store

September 1, 2020 – Advisory: Issue with Consent Processing in the Operational Data Store

InterSystems has corrected an issue that occurs with consent processing in the Operational Data Store (ODS).

This problem exists for Customers who use the Operational Data Store (ODS) in one of the following versions:

  • HealthShare Information Exchange 2018.1.x
  • HealthShare Unified Care Record 2019.1.x
  • HealthShare Unified Care Record 2019.2.x
  • HealthShare Unified Care Record 2020.1.x

When the Operational Data Store receives a request for a patient's data from an Access Gateway, it asynchronously fetches and processes the data. Consent is evaluated asynchronously for each SourceMRN, which is a combination of Facility, Assigning Authority, and MRN.

Previously, the consent evaluation for the first SourceMRN was applied to each of the subsequently evaluated SourceMRNs. This could cause consent to be applied incorrectly. This issue has been identified as a patient privacy concern as it could result in inappropriate access to patient data by an authorized HealthShare user. This issue does not cause an increased risk of disclosure outside of HealthShare.

InterSystems recommends that customers who use the ODS apply the fix for this defect. The fix ensures that the consent evaluation for each SourceMRN is processed independently.

The correction for this defect is identified as HSIEC-3224 and will be included in all future product releases. It is also available via Ad hoc change file (patch) or full kit distribution from the Worldwide Response Center (WRC).

If you have any questions regarding this advisory, please contact the WRC.

RELATED TOPICS

Latest Alerts & Advisories

Jul 24, 2025
InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. In a future version, IRISSECURITY will be mirrorable.
Jul 24, 2025
InterSystems is pleased to announce the General Availability (GA) of the 2025.2 release of InterSystems IRIS® data platform. This is a Continuous Delivery (CD) release. Please note that the GA versions of InterSystems IRIS for Health™ and HealthShare® Health Connect™ 2025.2 are currently withheld due to mirroring limitations introduced by security updates (details below).
Jun 11, 2025
Advisory ID Product & Versions Affected Risk Category & Score Explicit Requirements DP-439649 Products:
May 21, 2025
This issue affects all versions of HealthShare®:
May 21, 2025
This problem affects the following products: