Sensitive Medical Information Restriction
This feature allows concealing of certain diagnoses and procedures that are considered to be 'sensitive'.Diagnoses and procedure definition records have 'claim display' access restrictions that restrict display of the diagnoses and procedures within the context of claims and authorizations to users with a role that includes the restriction. Note that both claims and authorizations are accessible, only the reference to diagnosis and/or procedure is concealed.
Diagnoses and procedure records in other contexts are not restricted by these restrictions.
| Diagnoses and procedures that are configured as dynamic fields are restricted in all contexts in the UI and generic API. |
- Example
-
User Bob is granted access restriction SENSITIVE_MED. No access restrictions have been granted to user Pete. The following table shows which diagnoses they can access.
| Diagnosis | Display Access Restriction | Diagnosis in Claim Context Accessible by Bob? | Diagnosis outside claim context accessible by Bob? | Diagnosis in claim context accessible by Pete? | Diagnosis outside claim context accessible by Pete? |
|---|---|---|---|---|---|
D1 |
SENSITIVE_MED |
yes |
yes |
no |
yes |
D2 |
empty |
yes |
yes |
yes |
yes |
D3 |
TOP_SENSITIVE_MED |
no |
yes |
no |
yes |
| For procedure the same example applies. |
| This restriction applies when a diagnosis is referenced from the entities authorization diagnosis, claim diagnosis, claim line diagnosis and bill diagnosis, either as a fixed or dynamic attribute. |
| This restriction applies when a procedure is referenced from the entities authorization line, authorization basket (through basket detail), claim line, claim sub line, fee schedule line and provider limit counter, either as a fixed or dynamic attribute. |
- Inference Prevention
-
If procedure P is restricted for a user, searching for claims of procedure P will not return any rows for that user.The same applies to diagnoses.
| When searching with Generic API, Sub-Resource and Concealing of Linked Resource access restriction are applied. For details refer to HTTP API Data Access Restriction Concepts |