 | IPrivacyEnforcementService Interface |
Namespace: SanteDB.Core.Security
Assembly: SanteDB.Core.Api (in SanteDB.Core.Api.dll) Version: 2.2.1
SyntaxThe IPrivacyEnforcementService type exposes the following members.
Properties| Name | Description | |
|---|---|---|
 | ServiceName |
Gets the service name
(Inherited from IServiceImplementation.) |
Methods| Name | Description | |
|---|---|---|
 | ApplyTData(IEnumerableTData, IPrincipal) |
Apply the policies on any result in data such that patient privacy of any returned
record would not compromise patient privacy.
|
| ApplyTData(TData, IPrincipal) |
Applies the privacy policies attached to the provided data such that a disclosure to the provided principal would
not compromise patient privacy.
|
| ValidateQueryTModel |
Validate that a query can be performed by user principal and does not contain forbidden or compromising fields
|
| ValidateWriteTData |
Determine if the record provided contains data that the user principal
shouldn't be sending.
|
RemarksImplementers of this service contract are expected to provide support for the SanteDB Privacy Enforcement architecture. The responsibilities for implementers are:
- Enforce the data privacy directives attached to Entity or Act instances prior to disclosure of the record (for example: redact, mask, or hide)
- Ensure that data privacy directives are adhered to prior to updating data in the CDR
- Ensure that fields which are sensitive or forbidden are not being used in queries
This service is used by the IRepositoryService layer. ValidateWrite is used prior to executing a write operation should ensure that the data being provided/written does not violate local privacy laws (i.e. if Race is forbidden, and the request contains Race the request should be aborted or scrubbed)
Additionally, the ValidateQuery method is invoked prior to querying to ensure that the query parameters don't violate local privacy laws (i.e. don't permit query on MaritalStatus) and that patient privacy policies would not be violated by the query. For example, if the jurisdiction has a policy which protects or hides HIV_PROGRAM identifiers, and a principal which lacks that policy attempts a query such as identifier[HIV_PROGRAM].value=!null, then patient privacy could be compromised just by the nature of a a result being returned (even it if the HIV_PROGRAM identifier is scrubbed). The ValidateQuery method should protect in these cases (note: the default implementation does not protect against this, however the capability is present for third party implementers of this service to produce such behavior)
See Also