 | IPrivacy |
Namespace: SanteDB.Core.Security.Services
Assembly: SanteDB.Core.Api (in SanteDB.Core.Api.dll) Version: 3.0.2081-alpha+b4ae72647f2cc271f89142f76fff26ad69e00f5a
SyntaxThe IPrivacyEnforcementService type exposes the following members.
Properties| Name | Description | |
|---|---|---|
 | ServiceName |
Gets the service name
(Inherited from IServiceImplementation) |
Methods| Name | Description | |
|---|---|---|
 | ApplyTData(TData, IPrincipal) | Applies the privacy policies attached to the provided data such that a disclosure to the provided principal would not compromise patient privacy. |
| ApplyTData(IQueryResultSetTData, IPrincipal) | Apply the policies on any result in data such that patient privacy of any returned record would not compromise patient privacy. |
| ValidateQueryTModel | Validate that a query can be performed by user principal and does not contain forbidden or compromising fields |
| ValidateWriteTData | Determine if the record provided contains data that the user principal shouldn't be sending. |
RemarksImplementers of this service contract are expected to provide support for the SanteDB Privacy Enforcement architecture. The responsibilities for implementers are:
- Enforce the data privacy directives attached to Entity or Act instances prior to disclosure of the record (for example: redact, mask, or hide)
- Ensure that data privacy directives are adhered to prior to updating data in the CDR
- Ensure that fields which are sensitive or forbidden are not being used in queries
This service is used by the IRepositoryService layer. ValidateWrite is used prior to executing a write operation should ensure that the data being provided/written does not violate local privacy laws (i.e. if Race is forbidden, and the request contains Race the request should be aborted or scrubbed)
Additionally, the ValidateQuery method is invoked prior to querying to ensure that the query parameters don't violate local privacy laws (i.e. don't permit query on MaritalStatus) and that patient privacy policies would not be violated by the query. For example, if the jurisdiction has a policy which protects or hides HIV_PROGRAM identifiers, and a principal which lacks that policy attempts a query such as identifier[HIV_PROGRAM].value=!null, then patient privacy could be compromised just by the nature of a a result being returned (even it if the HIV_PROGRAM identifier is scrubbed). The ValidateQuery method should protect in these cases (note: the default implementation does not protect against this, however the capability is present for third party implementers of this service to produce such behavior)
See Also