Diagnosis Restriction

See the "User Access" chapter of the Security Guide for details of this type of access restriction. Diagnoses are Sensitive Medical Information. This does not mean that access to the diagnosis itself is restricted. Access to a diagnosis is only restricted in a transactional context. To clarify, it is not sensitive to know that a diagnosis for abortion exists, but it is sensitive to know that Person X went for abortion. The User Access Guide describes when the diagnoses restriction applies.

Restrict Top-level Resource

No restriction. As mentioned above, all diagnoses are accessible, even diagnoses with an access restriction.

Restrict Sub Resource

A diagnoses acting as a linked resource is concealed if an access restriction is applied to the diagnosis and the current user has no grants for the access restriction. This applies to both native fields and dynamic fields of type diagnosis.

When a diagnosis is restricted, its diagnosis settings are restricted as well, see the User Access Guide. Restricting diagnosis settings as linked resources is not implemented in HTTP API, as there is no resource directly linking to a diagnosis setting.

Inference Prevention

When a diagnosis attribute is used as query condition, the Query API will automatically add an additional filter to implement inference prevention.

For example, a user is searching for claim line diagnoses with a certain diagnosis D:

POST http://[hostName]:[portNumber]/[api-context-root]/generic/claimlinediagnoses/search
{
  "resource": {
    "q": "diagnosis.code.likeic('%abort%')"
  }
}

The Query API will apply this filter:

where claimLineDiagnosis.diagnosis.code likeic '%abort%'
and (
  claimLineDiagnoses.diagnosis.accessRestriction == null or
  claimLineDiagnoses.diagnosis.accessRestriction in (accessrestrictions of user with Retrieve = Y)
)

The filter is applied regardless of the query condition, even when diagnosis is not part of the query criteria:

POST http://[hostName]:[portNumber]/[api-context-root]/generic/claimlines/search
{
  "resource": {
    "q": "claim.diagnosisInterSectionList.<some attribute>.eq(<some value>)"
  }
}

The Query API automatically adds the filter in this case.