This problem affects all versions of the following products:
- InterSystems IRIS® for Health
- InterSystems Health Connect™
- HealthShare Unified Care Record®
- HealthShare® Information Exchange
Requirements:
- InterSystems FHIR Server with web gateway
Default web gateway containers use a logging format that may expose PHI to administrators reviewing access logs. The FHIR standard allows query parameters (including PHI) to be added directly to query URLs.
Customers are encouraged to assess and modify their web gateway logging configuration to avoid query strings and sensitive fields. Where possible, customers are also encouraged to use FHIR POST queries with sensitive parameters in the request body rather than the URL. See the FHIR search specification for more information.