This problem affects the following products:
- All HealthShare® products, version 2024.1 and above
Requirements:
- Any customer that exports a persistent class
InterSystems IRIS® versions 2023.1 and later improve SQL performance by storing certain metadata with class definitions.The metadata may include a histogram of property values present in each column.In most cases, this may not be a problem as access to this data is limited to those with administrative access to the database.
However, authorized users may export persistent classes in order to examine properties. The default export of persistent classes includes the histogram of values, potentially revealing those values to anyone who looks at the exported class. These values could include Personal Health Information (PHI), like Patient ID, medications, or other information.
To guard against unintended exposure of PHI, all exports of persistent classes from systems containing PHI must use the following export flag to prevent the metadata from being exported to the file:/exportselectivity=0