Skip to content
Etsi tietoja InterSystemsin tuotteista ja ratkaisuista, uramahdollisuuksista ja muusta.

Alert: HS2022-01: Multiple InterSystems IRIS for Health & HealthShare Alerts

March 1, 2022

There are 22 alerts in the HealthShare HS2022-01 Alert communication. The Alert Summary is in the table below, and the detail is contained in the attached document: HS2022-01-Communication

AlertProduct & Versions AffectedRisk Category
HS2022-01-01: Vaccination Dates Misrepresented in Some CircumstancesAll versions of:
Information Exchange
Unified Care Record
Personal Community
HealthShare Health Connect
InterSystems IRIS for Health

3-Medium Risk
(Operations)

2-Low Risk
(Clinical Safety)

HS2022-01-02: Invalid Handling of Multiple Reference Ranges in CDA and C-CDA DocumentsAll versions of:
Information Exchange
Unified Care Record (through 2021.1)
3-Medium Risk
(Clinical Safety)
HS2022-01-03: Security Check for Emergency Access to Patient Records Fails to Occur in Some SituationsAll versions of:
Information Exchange
Unified Care Record (through 2020.2)
3-Medium Risk
(Privacy)
HS2022-01-04: Security Vulnerability in Unified Care Record 2020.2.0Unified Care Record:
2020.2.0 (Build 8620)
4-High Risk
(Security)
HS2022-01-05: Customers on Unified Care Record 2020.2 and 2021.1 Must Install a Patch Before Upgrading to a Later Version

Version 2020.2, 2021.1 of:
Unified Care Record
Clinical Viewer
Health Insight
Patient Index
Personal Community
Care Community

Version 2020.2, 2021.1, 2021.2, 2021.3 of:
Provider Directory

4-High Risk
(Operations)
HS2022-01-06: Configuring the Classic Clinical Viewer Requires Outdated Third-Party SoftwareAll versions of:
Unified Care Record (Classic Clinical Viewer only)
4-High Risk
(Security)
HS2022-01-07: Users may not be able to Log Out of Clinical ViewerAll versions of:
Information Exchange
Unified Care Record (through 2020.2)
4-High Risk
(Privacy)
HS2022-01-08: Access Gateway Aggregation Cache Grows over TimeUnified Care Record:
2020.1, 2020.2, 2021.1, 2021.2
2-Low Risk
(Operations)
HS2022-01-09: Incompatibility in HL7toSDA3 Customizations when Upgrading from HealthShare 15.03 or earlierInformation Exchange:
15.03 or earlier (when upgrading to Unified Care Record)
Not Rated
HS2022-01-10: IHE Endpoints should use Appropriate CredentialsAll versions of:
Information Exchange
Unified Care Record
3-Medium Risk
(Security)
HS2022-01-11: ODS Namespace Reactivation Can Result in Prolonged DowntimeUnified Care Record:
2019.1, 2019.2

4-High Risk
(Operations)

1-Very Low Risk
(Clinical Safety)

HS2022-01-12: Upgrade of ODS may Require Manual Intervention to CompleteUnified Care Record:
2020.1 (when upgrading to version 2020.2)
5-Very High Risk
(Operations)
HS2022-01-13: ODS Audit Data Inaccessible after Upgrade to Version 2020.1Unified Care Record:
2019.1 or 2019.2 (when upgrading to 2020.1)
3-Medium Risk
(Privacy)
HS2022-01-14: System-wide and Facility-level Clinical Consent Policies Ignore Event DatesAll versions of:
Information Exchange
Unified Care Record (through 2021.1)
2-Low Risk
(Privacy)
HS2022-01-15: FHIR Requests Not Being Evaluated Properly for ConsentUnified Care Record:
2020.1
4-High Risk
(Privacy)
HS2022-01-16: FHIR “$everything” Operation Can Return Unconsented DemographicsAll versions of:
Information Exchange
Unified Care Record (through 2021.1)
3-Medium Risk
(Privacy)
HS2022-01-17: FHIR Index Performance Issue Can Cause ODS Instability

Information Exchange:
2018.1

Unified Care Record:
2019.1, 2019.2

5-Very High Risk
(Operations)
HS2022-01-18: Security Vulnerability in FHIR Gateway/FHIR Server

Unified Care Record:
2021.1

InterSystems IRIS for Health:
2021.1

3-Medium Risk
(Security)
HS2022-01-19: FHIR Server Does Not Verify Token Revocation

Unified Care Record:
2020.1, 2020.2, 2021.1

InterSystems IRIS for Health:
2020.4, 2021.1

HealthShare Health Connect:
2020.4, 2021.1

3-Medium Risk
(Security)
HS2022-01-20: OAuth Token Scope Not Applied in FHIR Batch Transaction BundlesInterSystems IRIS for Health:
2021.1

3-Medium Risk
(Privacy)

2-Low Risk
(Security)

3-Medium Risk
(Operations)

HS2022-01-21: FHIR Server Interoperability REST Client does not Properly Clean Up Data

InterSystems IRIS for Health:
2020.2, 2020.3

HealthShare Health Connect:
2020.2, 2020.3

4-High Risk
(Operations)
HS2022-01-22: Security Issue in Patient IndexAll versions of:
Patient Index (through 2021.2)
4-High Risk
(Security)

This post is part of the HealthShare HS2022-01 Alert communications process. The same information is also distributed:

If you have any questions regarding this alert, please contact the Worldwide Response Center (WRC).