Skip to content
Busque para obtener información sobre los productos y soluciones de InterSystems, las oportunidades de carrera y más.

Advisory: Inadvertent Exposure of PHI Possible when Exporting Classes from HealthShare

This problem affects the following products:

  • All HealthShare® products, version 2024.1 and above

Requirements:

  • Any customer that exports a persistent class

InterSystems IRIS® versions 2023.1 and later improve SQL performance by storing certain metadata with class definitions.The metadata may include a histogram of property values present in each column.In most cases, this may not be a problem as access to this data is limited to those with administrative access to the database.

However, authorized users may export persistent classes in order to examine properties. The default export of persistent classes includes the histogram of values, potentially revealing those values to anyone who looks at the exported class. These values could include Personal Health Information (PHI), like Patient ID, medications, or other information.

To guard against unintended exposure of PHI, all exports of persistent classes from systems containing PHI must use the following export flag to prevent the metadata from being exported to the file:
/exportselectivity=0

RELATED TOPICS

Latest Alerts & Advisories

jul 23, 2025
InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. In a future version, IRISSECURITY will be mirrorable.
jul 23, 2025
InterSystems is pleased to announce the General Availability (GA) of the 2025.2 release of InterSystems IRIS® data platform. This is a Continuous Delivery (CD) release. Please note that the GA versions of InterSystems IRIS for Health™ and HealthShare® Health Connect™ 2025.2 are currently withheld due to mirroring limitations introduced by security updates (details below).
jun 10, 2025
Advisory ID Product & Versions Affected Risk Category & Score Explicit Requirements DP-439649 Products:
may 20, 2025
This problem affects the following products: