Skip to content
Effectuer une recherche pour en savoir plus sur les produits et solutions InterSystems, les offres d'emploi, etc.

Advisory: Consent May Be Overridden at the System-Level for Clinical Information Type Consent Regardless of the "Allow Override Consent" Setting

December 3, 2020

InterSystems has identified a defect affecting the ability to block the overriding of Clinical Information Type consent at the system level.

This problem exists for:

  • HealthShare Information Exchange 2018.1.x
  • HealthShare Unified Care Record 2019.1.x, 2019.2.x, 2020.1.x, and 2020.2.x

Consent in HealthShare may be applied in two contexts, MPI and Clinical Information Type (CIT), and at three levels, patient-, facility-, and system-level. It is possible to configure HealthShare to permit emergency access by allowing a user to override consent to access a patient record or clinical information. This override is also known as "break the glass". If overriding consent is permitted, users will see options to enable this in the Patient Search screen.

When configuring MPI consent at the system-level, there is a checkbox to "Allow Override Consent Policy". By default, this checkbox is unchecked, meaning that users will not be able to override consent in any situation. If the checkbox is checked, users will be permitted to override consent. The same "Allow Override Consent Policy" checkbox exists when configuring CIT consent at the system-level. However, this checkbox has no effect regardless of whether it is checked or unchecked. The system will apply the same setting from the MPI system-level consent. Therefore, it is possible to have "Allow Override Consent Policy" permitted at the MPI level and appear to not be permitted at the CIT level; however, if a user overrides consent in the Patient Search screen that override will apply to both MPI and CIT consent.

As a result of this issue, there is no way to block the overriding of CIT consent at the system level. It may be blocked at the patient level by checking "Prevent Override Consent Policy".

A fix is not yet available for this issue. While the fix is under development, InterSystems recommends the following actions:

Step 1: Review your system-level MPI and CIT consent policies:

ScenarioMPI Consent (System Level)CIT Consent (System Level)Outcome

"Allow Override Consent Policy" Setting

1CheckedChecked or UncheckedOverriding consent will apply to both types of consent
2UncheckedUncheckedOverriding consent will not be permitted
3UncheckedCheckedOverriding consent will not be permitted as MPI override must be permitted for CIT override to function

Step 2: In Scenario 1, if customers need to block overriding CIT consent, use the "Prevent Override Consent Policy" setting at the patient-level of CIT consent.

The correction for this defect is identified as HSIEC-3893 and once completed an update to this Advisory will be posted.

If you have any questions regarding this advisory, please contact the Worldwide Response Center (WRC).

RELATED TOPICS

Latest Alerts & Advisories

15 Aug 2024
InterSystems has corrected a defect that can cause database corruption or errors with multi-volume databases under extremely rare circumstances. Only databases that have been truncated are at risk.
24 Jul 2024
There are four alerts in the HS2024-03 Alert Communication. A summary of each alert is shown below. Details for each alert are contained in the linked document.
24 Jun 2024
Broadcom recently announced a problem that can cause data consistency errors in database applications. The Broadcom article is available here:
30 May 2024
Beginning with the release of InterSystems IRIS® data platform 2022.3, InterSystems corrected the license enforcement mechanism to include REST and SOAP requests. Due to this change, environments with non-core-based licenses that use REST or SOAP may experience greater license utilization after upgrading. To determine if this advisory applies to your InterSystems license, follow the instructions in the FAQ linked below.
01 May 2024
InterSystems has corrected an issue that can cause a small number of SQL queries to return incorrect results. See below for the specifics on impacted queries.
08 Apr 2024
InterSystems has encountered a defect that causes some upgrades of HealthShare® Health Connect to fail. This only affects instances that are not licensed for the use of FHIR® and that have interoperability-enabled namespaces. Under these conditions, the upgrade fails with an error.
19 Mar 2024
In evaluating an IBM Support notification, InterSystems has determined a potential impact for our customers. The notification in question is:
27 Feb 2024
There is 1 alert in the HealthShare HS2024-limited Alert communication. An alert summary for the issue is shown is in the table below. Details for the alert are contained in the attached document: HS2024 Limited Communication.
01 Feb 2024
There are 2 alerts in the HealthShare HS2024-02 Alert communication. An alert summary for each issue is shown is in the table below. Details for each alert are contained in the attached document: HS2024-02-Communication.