Skip to content
Explore more InterSystems sites:
Australia New Zealand
Australia & New Zealand
Benelux
Benelux:
Benelux:
Brazil
Brazil
Chile
Chile
China
China
Czech Republic
Czech Republic
Finland
Finland
France
France
Germany
Germany
Hungary
Hungary
indonesian flag
Indonesia
Italy
Italy
Japan
Japan
Middle East Region
Middle East
South Africa
South Africa
Middle East Region
Southeast Asia
Spain
Spain
Sweden
Sweden
United Kingdom Ireland
United Kingdom & Ireland
United States
United States
Explore more InterSystems sites:
Australia New Zealand
Australia & New Zealand
Benelux
Benelux:
Benelux:
Brazil
Brazil
Chile
Chile
China
China
Czech Republic
Czech Republic
Finland
Finland
France
France
Germany
Germany
Hungary
Hungary
indonesian flag
Indonesia
Italy
Italy
Japan
Japan
Middle East Region
Middle East
South Africa
South Africa
Middle East Region
Southeast Asia
Spain
Spain
Sweden
Sweden
United Kingdom Ireland
United Kingdom & Ireland
United States
United States
Search to learn about InterSystems products and solutions, career opportunities, and more.
Home
Product Alerts & Advisories
Advisory: Consent May Be Overridden at the System-Level for Clinical Information Type Consent Regardless of the "Allow Override Consent" Setting

Advisory: Consent May Be Overridden at the System-Level for Clinical Information Type Consent Regardless of the "Allow Override Consent" Setting

Dec 03, 2020

December 3, 2020

InterSystems has identified a defect affecting the ability to block the overriding of Clinical Information Type consent at the system level.

This problem exists for:

  • HealthShare Information Exchange 2018.1.x
  • HealthShare Unified Care Record 2019.1.x, 2019.2.x, 2020.1.x, and 2020.2.x

Consent in HealthShare may be applied in two contexts, MPI and Clinical Information Type (CIT), and at three levels, patient-, facility-, and system-level. It is possible to configure HealthShare to permit emergency access by allowing a user to override consent to access a patient record or clinical information. This override is also known as "break the glass". If overriding consent is permitted, users will see options to enable this in the Patient Search screen.

When configuring MPI consent at the system-level, there is a checkbox to "Allow Override Consent Policy". By default, this checkbox is unchecked, meaning that users will not be able to override consent in any situation. If the checkbox is checked, users will be permitted to override consent. The same "Allow Override Consent Policy" checkbox exists when configuring CIT consent at the system-level. However, this checkbox has no effect regardless of whether it is checked or unchecked. The system will apply the same setting from the MPI system-level consent. Therefore, it is possible to have "Allow Override Consent Policy" permitted at the MPI level and appear to not be permitted at the CIT level; however, if a user overrides consent in the Patient Search screen that override will apply to both MPI and CIT consent.

As a result of this issue, there is no way to block the overriding of CIT consent at the system level. It may be blocked at the patient level by checking "Prevent Override Consent Policy".

A fix is not yet available for this issue. While the fix is under development, InterSystems recommends the following actions:

Step 1: Review your system-level MPI and CIT consent policies:

ScenarioMPI Consent (System Level)CIT Consent (System Level)Outcome

"Allow Override Consent Policy" Setting

1CheckedChecked or UncheckedOverriding consent will apply to both types of consent
2UncheckedUncheckedOverriding consent will not be permitted
3UncheckedCheckedOverriding consent will not be permitted as MPI override must be permitted for CIT override to function

Step 2: In Scenario 1, if customers need to block overriding CIT consent, use the "Prevent Override Consent Policy" setting at the patient-level of CIT consent.

The correction for this defect is identified as HSIEC-3893 and once completed an update to this Advisory will be posted.

If you have any questions regarding this advisory, please contact the Worldwide Response Center (WRC).
RELATED TOPICS
HealthShare

Latest Alerts & Advisories

Oct 21, 2025
Advisory: Risk of Silent Wrong Results When Using New OFFSET Keyword in SQL Queries
Advisory ID DP-445340
More
Oct 11, 2025
Product Alerts & Advisories
Correction Notice: Updated Alert for DP-442892
This alert supersedes the version issued on October 7, 2025. The original alert listed incorrect affected and fixed versions.
More
Oct 07, 2025
Product Alerts & Advisories
Alert: Risk of Silent Wrong Results When Unused Common Table Expressions Appear in SQL Queries
Risk Category & Score Explicit Requirements DP-443396 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2024.1.0 – 2024.1.4, 2024.2.0, 2024.3.0, and 2025.1.0, and 2025.1.1 HealthShare® Unified Care Record versions 2024.2 and 2025.1 Wrong Results: Low Risk Using Common Table Expressions in Dynamic SQL
More
Oct 07, 2025
Product Alerts & Advisories
Advisory: SDA3 -> FHIR Transformation Failure
Risk Category & Score Explicit Requirements HSHC-5268 HealthShare® Health Connect and InterSystems IRIS® for Health versions 2025.1.1 Functional: Medium Risk Occurs when performing SDA3 -> FHIR transformations involving the Encounter resource.
More
Oct 07, 2025
Product Alerts & Advisories
Alert: Risk of Silent Wrong Results When Using Specific OUTER JOIN Patterns in SQL Queries
This alert has been corrected - please see: October 10 - Correction Notice: Updated Alert for DP-442892
More
Sep 30, 2025
Product Alerts & Advisories
Advisory: Missing Globals with Mirror Database Download
In InterSystems IRIS, InterSystems IRIS for Health, and HealthShare Health Connect, versions 2025.1.1 and 2025.2.0, the new “ Mirror Database Download” functionality does not include certain globals.
More
Sep 24, 2025
Product Alerts & Advisories
Alert: Transaction Rollbacks Fail When LogRollback is Enabled
Risk Category & Score Explicit Requirements DP-444551 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2025.1.0, 2025.1.1, and 2025.2
More
Sep 03, 2025
Product Alerts & Advisories
Alert: Upgrade Failure in IRIS 2025.1.1.308.0 due to Reserved Web Application Names
Risk Category & Score Explicit Requirements DP-442440 InterSystems IRIS ® data platform 2025.1.1.308.0 InterSystems IRIS for Health HealthShare® Health Connect Operational:
More
Jul 24, 2025
Product Alerts & Advisories
Advisory for IRISSECURITY in InterSystems IRIS 2025.2
InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. In a future version, IRISSECURITY will be mirrorable.
More
Jul 24, 2025
Product Alerts & Advisories
InterSystems Announces General Availability of InterSystems IRIS 2025.2
InterSystems is pleased to announce the General Availability (GA) of the 2025.2 release of InterSystems IRIS® data platform. This is a Continuous Delivery (CD) release. Please note that the GA versions of InterSystems IRIS for Health™ and HealthShare® Health Connect™ 2025.2 are currently withheld due to mirroring limitations introduced by security updates (details below).
More
View All Alerts & Advisories