Skip to content
搜索以了解InterSystems产品和解决方案,职业机会等。

Advisory: Consent May Be Overridden at the System-Level for Clinical Information Type Consent Regardless of the "Allow Override Consent" Setting

December 3, 2020

InterSystems has identified a defect affecting the ability to block the overriding of Clinical Information Type consent at the system level.

This problem exists for:

  • HealthShare Information Exchange 2018.1.x
  • HealthShare Unified Care Record 2019.1.x, 2019.2.x, 2020.1.x, and 2020.2.x

Consent in HealthShare may be applied in two contexts, MPI and Clinical Information Type (CIT), and at three levels, patient-, facility-, and system-level. It is possible to configure HealthShare to permit emergency access by allowing a user to override consent to access a patient record or clinical information. This override is also known as "break the glass". If overriding consent is permitted, users will see options to enable this in the Patient Search screen.

When configuring MPI consent at the system-level, there is a checkbox to "Allow Override Consent Policy". By default, this checkbox is unchecked, meaning that users will not be able to override consent in any situation. If the checkbox is checked, users will be permitted to override consent. The same "Allow Override Consent Policy" checkbox exists when configuring CIT consent at the system-level. However, this checkbox has no effect regardless of whether it is checked or unchecked. The system will apply the same setting from the MPI system-level consent. Therefore, it is possible to have "Allow Override Consent Policy" permitted at the MPI level and appear to not be permitted at the CIT level; however, if a user overrides consent in the Patient Search screen that override will apply to both MPI and CIT consent.

As a result of this issue, there is no way to block the overriding of CIT consent at the system level. It may be blocked at the patient level by checking "Prevent Override Consent Policy".

A fix is not yet available for this issue. While the fix is under development, InterSystems recommends the following actions:

Step 1: Review your system-level MPI and CIT consent policies:

ScenarioMPI Consent (System Level)CIT Consent (System Level)Outcome

"Allow Override Consent Policy" Setting

1CheckedChecked or UncheckedOverriding consent will apply to both types of consent
2UncheckedUncheckedOverriding consent will not be permitted
3UncheckedCheckedOverriding consent will not be permitted as MPI override must be permitted for CIT override to function

Step 2: In Scenario 1, if customers need to block overriding CIT consent, use the "Prevent Override Consent Policy" setting at the patient-level of CIT consent.

The correction for this defect is identified as HSIEC-3893 and once completed an update to this Advisory will be posted.

If you have any questions regarding this advisory, please contact the Worldwide Response Center (WRC).

RELATED TOPICS

最新警报和通知

Aug 21, 2024
InterSystems 已修复了一个缺陷,在极少数情况下,该缺陷可能导致多卷数据库出现数据库损坏或 错误。只有被截断的数据库才存在风险。
Jun 03, 2024
从发布InterSystems IRIS®数据平台2022.3开始,InterSystems修改了许可证强制执行机制,以包括REST和SOAP请求。由于这种变化,在升级后,使用REST或SOAP的非处理器核数的许可证环境下,用户可能会遇到更高的许可证消耗。要确定此警报是否适用于您的InterSystems许可证,请按照下面链接的FAQ中的说明进行操作。
May 01, 2024
InterSystems has corrected an issue that can cause a small number of SQL queries to return incorrect results. See below for the specifics on impacted queries.
Nov 14, 2023
There are 10 alerts in the HealthShare HS2023-02 Alert communication. An alert summary for each issue is shown is in the table below. Details for each alert are contained in the attached document: HS2023-02-Communication.
Jun 17, 2023
InterSystems 已纠正导致进程内存使用量增加的缺陷。
May 11, 2023
InterSystems已经解决了影响Caché、Ensemble、HealthShare、InterSystems IRIS、InterSystems IRIS for Health、HealthShare HealthConnect和TrakCare的安全漏洞。 这些漏洞影响到InterSystems所有版本的产品。
Apr 28, 2023
InterSystems 已修复了一个缺陷,该缺陷可能会导致使用 IBM POWER8 或更高版本的 POWER 处理器的 AIX 系统上的数据库和Journal日志文件损坏。只有在使用数据库或Journal日志加密时才会触发此缺陷。
Apr 11, 2023
InterSystems已修复一个缺陷,该缺陷在罕见情况下会导致ECP客户端不稳定。
Apr 06, 2023
InterSystems 已修复一个导致SQL查询返回不正确结果的缺陷。该缺陷存在于以下产品和基于这些产品的任何InterSystems产品中。