This problem affects the following products:
- HealthShare Unified Care Record® versions 2020.1 through 2022.2:
- 2020.1
- 2020.2
- 2021.1
- 2021.2
- 2022.1
- 2022.2
Requirements:
- ODS and FHIR Gateway
When using the FHIR Gateway on the Unified Care Record Operational Data Store (ODS), it is possible for a user FHIR request to not properly follow consent policies.
When initiating a new session for a user, the ODS FHIR Gateway caches the IDs of all FHIR resources that user is permitted to access based on the system and patient consent policies. This list is preserved for the duration of the user's session, after which the list is purged along with the user's session.
In a circumstance with a very specific timing of events, it is possible for a user request to come in just after their session has been purged but before the system code determines that a new session must be built. This results in an empty resource ID list and allows all data for the patient to be returned.
Note the following:
- this behavior cannot be exploited by unauthenticated users
- all such access events are audited
The correction for this defect is identified as HSDD-2316, which is included in version 2023.1 and all future product releases. It is also available for older versions as an ad hoc change file (patch) or full kit distribution by contacting the Worldwide Response Center (WRC).