March 1, 2022
There are 22 alerts in the HealthShare HS2022-01 Alert communication. The Alert Summary is in the table below, and the detail is contained in the attached document: HS2022-01-Communication
| Alert | Product & Versions Affected | Risk Category |
| HS2022-01-01: Vaccination Dates Misrepresented in Some Circumstances | All versions of: Information Exchange Unified Care Record Personal Community HealthShare Health Connect InterSystems IRIS for Health | 3-Medium Risk 2-Low Risk |
| HS2022-01-02: Invalid Handling of Multiple Reference Ranges in CDA and C-CDA Documents | All versions of: Information Exchange Unified Care Record (through 2021.1) | 3-Medium Risk (Clinical Safety) |
| HS2022-01-03: Security Check for Emergency Access to Patient Records Fails to Occur in Some Situations | All versions of: Information Exchange Unified Care Record (through 2020.2) | 3-Medium Risk (Privacy) |
| HS2022-01-04: Security Vulnerability in Unified Care Record 2020.2.0 | Unified Care Record: 2020.2.0 (Build 8620) | 4-High Risk (Security) |
| HS2022-01-05: Customers on Unified Care Record 2020.2 and 2021.1 Must Install a Patch Before Upgrading to a Later Version | Version 2020.2, 2021.1 of: Version 2020.2, 2021.1, 2021.2, 2021.3 of: | 4-High Risk (Operations) |
| HS2022-01-06: Configuring the Classic Clinical Viewer Requires Outdated Third-Party Software | All versions of: Unified Care Record (Classic Clinical Viewer only) | 4-High Risk (Security) |
| HS2022-01-07: Users may not be able to Log Out of Clinical Viewer | All versions of: Information Exchange Unified Care Record (through 2020.2) | 4-High Risk (Privacy) |
| HS2022-01-08: Access Gateway Aggregation Cache Grows over Time | Unified Care Record: 2020.1, 2020.2, 2021.1, 2021.2 | 2-Low Risk (Operations) |
| HS2022-01-09: Incompatibility in HL7toSDA3 Customizations when Upgrading from HealthShare 15.03 or earlier | Information Exchange: 15.03 or earlier (when upgrading to Unified Care Record) | Not Rated |
| HS2022-01-10: IHE Endpoints should use Appropriate Credentials | All versions of: Information Exchange Unified Care Record | 3-Medium Risk (Security) |
| HS2022-01-11: ODS Namespace Reactivation Can Result in Prolonged Downtime | Unified Care Record: 2019.1, 2019.2 | 4-High Risk 1-Very Low Risk |
| HS2022-01-12: Upgrade of ODS may Require Manual Intervention to Complete | Unified Care Record: 2020.1 (when upgrading to version 2020.2) | 5-Very High Risk (Operations) |
| HS2022-01-13: ODS Audit Data Inaccessible after Upgrade to Version 2020.1 | Unified Care Record: 2019.1 or 2019.2 (when upgrading to 2020.1) | 3-Medium Risk (Privacy) |
| HS2022-01-14: System-wide and Facility-level Clinical Consent Policies Ignore Event Dates | All versions of: Information Exchange Unified Care Record (through 2021.1) | 2-Low Risk (Privacy) |
| HS2022-01-15: FHIR Requests Not Being Evaluated Properly for Consent | Unified Care Record: 2020.1 | 4-High Risk (Privacy) |
| HS2022-01-16: FHIR “$everything” Operation Can Return Unconsented Demographics | All versions of: Information Exchange Unified Care Record (through 2021.1) | 3-Medium Risk (Privacy) |
| HS2022-01-17: FHIR Index Performance Issue Can Cause ODS Instability | Information Exchange: Unified Care Record: | 5-Very High Risk (Operations) |
| HS2022-01-18: Security Vulnerability in FHIR Gateway/FHIR Server | Unified Care Record: InterSystems IRIS for Health: | 3-Medium Risk (Security) |
| HS2022-01-19: FHIR Server Does Not Verify Token Revocation | Unified Care Record: InterSystems IRIS for Health: HealthShare Health Connect: | 3-Medium Risk (Security) |
| HS2022-01-20: OAuth Token Scope Not Applied in FHIR Batch Transaction Bundles | InterSystems IRIS for Health: 2021.1 | 3-Medium Risk 2-Low Risk 3-Medium Risk |
| HS2022-01-21: FHIR Server Interoperability REST Client does not Properly Clean Up Data | InterSystems IRIS for Health: HealthShare Health Connect: | 4-High Risk (Operations) |
| HS2022-01-22: Security Issue in Patient Index | All versions of: Patient Index (through 2021.2) | 4-High Risk (Security) |
This post is part of the HealthShare HS2022-01 Alert communications process. The same information is also distributed:
- By Email
- On the Developer Community
- On the WRC Distribution Page InterSystems Documents
If you have any questions regarding this alert, please contact the Worldwide Response Center (WRC).