Release Notes for Oracle Health Insurance Enterprise Policy Administration Patch 4.25.1.0.9

This document contains the release notes for Oracle Health Insurance Enterprise Policy Administration Patch 4.25.1.0.9.

Version compatibility: Oracle Health Insurance Enterprise Policy Administration Release 4.25.1.x is only compatible with other Oracle Health Insurance applications release version 4.25.1.x unless explicitly stated otherwise.

In accordance with the OHI error correction policy (Document 1494031.1 on My Oracle Support), error correction support will be provided for this release and the previous two releases.

Enhancements

ID	Summary	Patch
CPN-3641	Enhanced PHI logs access using base views In SaaS deployments, PHI access logs are stored in the database for 60 days in the PHI_LOG_EVENTS table. Logs older than 60 days are moved to OCI Object Storage by a daily database scheduler job. Prior to this release, customers could query recent logs (≤ 60 days) using the logphievents generic API, but accessing older logs required raising an SR with the AMS team to retrieve files from OCI Object Storage. This enhancement improves the customer experience by enabling PHI access logs to be extracted directly through base view generation. The PHI_LOG_EVENTS table is now included in base view generation, allowing customers to schedule a daily extract of the PHI_LOG_EVENTS_BV base view and load the extracted data into their own data warehouse for analysis and reporting. An access restriction is created for PHI_LOG_EVENTS_BV, but it is not automatically granted to the ALL_VIEW_ACCESS_ROLE. Documentation Links: Administration Guide - Accessing PHI Logs in Oracle Health Insurance Cloud Services (OHI CS) Developer Guide - Base Views Access Restrictions
CPN-3799	Operational Reports and Data Transfer The following changes are made in Operational Reports and Data Transfer: In the previous release, the CSV files generated by the Data Transfer IP did not include a header row. In this release, CSV files include the header. In the previous release, when a query returned no records, the Data Transfer IP responded with HTTP 200 with an empty response body. This behavior is changed to return HTTP 204 (No Content). Two new error messages are introduced in the Operational Reporting IP. The IP returns an HTTP 422 response with one of the following error messages: OHI-IP-ORV-008: View {0} does not exist OHI-IP-ORV-009: Access restriction grant is missing to query the view {0} The following issues specific to On-Prem deployments are fixed: Incomplete or truncated responses when querying very large data. Documentation Links: Developer Guide - Operational Reporting Integration Point - Error Messages Developer Guide - Data Transfer Integration Point - Response Developer Guide - Data Transfer Integration Point - CSV Developer Guide - Data Transfer Integration Point - Response File Format
CPN-4025	Security logs retrieval via API and data transfer Prior to this release, security logs were written only to the file system and were not accessible through any API. With this enhancement, SaaS customers can now retrieve security logs using a dedicated API as well as through the data transfer feature. A new API, logsecurityevents, is introduced, backed by the new table LOG_SECURITY_EVENTS. A corresponding base view, PHI_LOG_SECURITY_EVENTS_BV, is now available to support extraction of security logs via the data transfer feature. This allows customers to schedule regular extracts (e.g., daily) and load the data into their own analytics or SIEM systems. Access to security logs is controlled: The access restriction for PHI_LOG_SECURITY_EVENTS_BV is created but not granted automatically to ALL_VIEW_ACCESS_ROLE. A dedicated access role must be explicitly granted to users who are allowed to extract security logs. The table LOG_SECURITY_EVENTS is included in auto-purge with a default retention period of 7 days. Documentation Links: Administration Guide - Fetch Security Logs through API Administration Guide - Auto Purge
POL-16598	Detecting and resolving duplicate message transformation tasks. If there is a duplicate message transformation task, the most recent one will be completed. Only 'Errored' tasks can be restarted.
POL-18136	Disable source change log aggregation for the connector configuration With this enhancement, it is now possible to: Disable aggregation for source change logs when generating outbound messages using the connector configuration. Include a unique correlation ID header as part of the outbound request header. Access aggregate change event from within the Message Transformation dynamic logic. Documentation Links: Developer Guide - Dynamic Logic - References - Functions - Message Transformation Developer Guide - Integration Connector - Using the Oracle Health Insurance Integration Connector

Upgrade Steps for Installation

To perform the upgrade, perform the following steps:

1. Perform any pre-upgrade steps.

2. Stop all the managed nodes running the existing version of the application.

3. Perform any pre-undeploy steps.

4. Undeploy the existing version of the application.

5. Back up the database.

6. Perform any post-undeploy steps.

7. Unpack the release bundle into a directory that we refer to as OHI_ROOT from now on.

8. Change Installation Configuration: In <OHI_ROOT>/util/install, make a copy of ohi_install.cfg.template and name it ohi_install.cfg.

9. Edit ohi_install.cfg to contain your specific database connection data and other configuration settings. The settings are explained in the file itself.

10. Make sure NO connections are present to the database using the OHI_xxx_USER account (where xxx is the abbreviation of the application)

11. Run the Upgrade script:

    1. Open a command window and browse to <OHI_ROOT>/util/install.

    2. Run the upgrade by executing ./ohi-update.sh .

12. Make the required changes to the ohi properties file

13. Perform any post-upgrade steps

14. Start WebLogic application server

15. Deploy the Application

16. Perform any post-deploy steps

Additional Upgrade Steps for Installation

The following phases are defined: pre-upgrade: Application is still running. pre-undeploy: Application is stopped, but not undeployed. post-undeploy: Application is undeployed. Database is backed up. post-upgrade: Released upgrade script run is complete. post-deploy: New application is deployed, and is up and running.

Post-Upgrade phase

1. A new MDC (Mapped Diagnostic Context) field, user, has been introduced for security logs. To ensure this information appears in the security log file, update the log pattern for the securityAppender (which uses RollingFileAppender) to include the user MDC field.

   Example updated pattern:

   <appender name="securityAppender" class="ch.qos.logback.core.rolling.RollingFileAppender">
       <encoder>
           <pattern>%d{ISO8601} [ %t ] %marker %c - %m [user:%X{user:-N/A}] %n</pattern>
       </encoder>
       ...
   </appender>

2. Create a new securityDBAppender in SaaS deployments. This appender enables writing security logs to the database.

   Example Logback configuration:

   <configuration debug="true" scan="true" scanPeriod="60 seconds">
     ...
     <appender name="securityDBAppender"
               class="com.oracle.healthinsurance.loggingsupport.appender.impl.OhiSecurityLoggerAppender">
       <connectionSource class="ch.qos.logback.core.db.JNDIConnectionSource">
         <jndiLocation>jdbc/policiesUserOhiApplicationDS</jndiLocation>
       </connectionSource>
       <logType>security</logType>
       <bufferDir>/writable/log/storage/buffer/security</bufferDir>
     </appender>
     ...
     <root level="error">
       ...
       <appender-ref ref="securityDBAppender"/>
     </root>
   </configuration>

Configuration Properties

This section intentionally left blank.

Web Services

Ref	Action	Description
CPN-3799	Modified	Data Transfer IP CSV files generated by the Data Transfer IP includes the header. When the query returned no records, the Data Transfer IP responds with HTTP 204 (No Content).
CPN-3799	Modified	Operational Reporting IP Two new error messages are introduced in the Operational Reporting IP. The IP returns an HTTP 422 response with one of the following error messages: OHI-IP-ORV-008: View {0} does not exist OHI-IP-ORV-009: Access restriction grant is missing to query the view {0}
POL-18136	Modified	connectorconfigurations API Added new attributes aggregateSourceChangeLogs and includeSystemCorrelationIdHeader to connectorconfigurations API.

Data Conversion

Ref	Action	Description
POL-18136	Added	includeSystemCorrelationIdHeader The value of includeSystemCorrelationIdHeader for existing connector configurations are set to false and there is no impact
POL-18136	Added	aggregateSourceChangeLogs The value of aggregateSourceChangeLogs for existing connector configurations are set to true and there is no impact

Dynamic Logic

Ref	Action	Description
POL-18136	Modified	Message Transformation aggregateChangeEvent is added as a new In parameter when aggregateSourceChangeLogs is set to false

UI Changes

Ref	Action	Description
POL-18136	Modified	Connector Configuration (PO0125) Four new fields introduced - 'includeSystemCorrelationIdHeader', 'aggregateSourceChangeLogs', 'createEvents', 'eventDescription'

Breaking Changes

Ref	Action	Description
CPN-4025	Modified	securityAppender A new MDC (Mapped Diagnostic Context) field, user, has been introduced for security logs. To ensure this information appears in the security log file, update the log pattern for the securityAppender (which uses RollingFileAppender) to include the user MDC field. Example updated pattern: <appender name="securityAppender" class="ch.qos.logback.core.rolling.RollingFileAppender"> <encoder> <pattern>%d{ISO8601} [ %t ] %marker %c - %m [user:%X{user:-N/A}] %n</pattern> </encoder> ... </appender> Also, security log messages now refer to the "login name" of the user instead of the "ID" of the user.

Access Restrictions

This section intentionally left blank.

Bug Fixes

BugDB	SR	Internal	Summary
38554206	3-42061494681	POL-17932	Both code and formatted name should be displayed for policyholder
Description:		On the policy search and detail pages, the policyholder name is not displaying.
Resolution:		The code and policyholder name are displaying correctly on the policy search and detail pages.
38652960		POL-18048	Group Client page is not loaded when it is in In-Process Status
Description:		Trying to open Group Clients page when it is in In-Process status doesn’t open the page. Expected behaviour is to view In-Process group client only in view mode
Resolution:		Able to open In-Process group client in view mode
38718572	3-42761376561	POL-18112	Quick search operator is changed to 'eq' for Policy Code in policy activities page
Description:		To address performance issue, quick search operator is changed to 'eq' for Policy Code in policy activities page and creation date 'between' is added
Resolution:		It is now possible to search policy activities matching the 'exact' policy code in quick search so that there is not much delay in response
38664807	3-42695355031	POL-18059	Increase in heap memory usage following the Groovy 4 upgrade
Description:		Post Groovy 4 upgrade, noticed higher memory usage, which can slow down the system. Groovy stores the reference of large Groovy-meta-class objects using soft references, meaning these objects are only removed when garbage collection runs and memory is low. Before this happens, the system can approach critical memory levels, triggering safety measures that reduce processing capacity on affected nodes and cause visible performance issues.
Resolution:		We have disabled the use of Groovy meta classes to address the memory issue. The necessary functionality will now be provided using non meta class references and methods instead.
38601541		POL-17960	Index.html is added to URL after login with IDCS config
Description:		Post login, index.html is getting appended to application URL. This is observed in SAML authentication flow
Resolution:		index.html is not observed in the application URL in SAML authentication flow post fix.
38732113	3-42695523481	POL-18123	Object Change Log has no reference to Policy Enrollment or person for new Policy
Description:		Policy Enrollment Events representing changes that are related to a specific Person or Policy Enrollment have a reference to that Person or Policy Enrollment. This way, a user can distinguish the changes that are made to each Person or Enrollment. The reference to the Person or Policy Enrollment is also made in the Object Change Policy Enrollment, which allows a user to access the reference in the Business Event Dynamic Logic. The reference is missing when a new Policy is created and the Object Change Policy Enrollment represents a change on a Dynamic Field or Dynamic Record.
Resolution:		The Person and Policy Enrollment reference is added to the Object Change Policy Enrollment representing a change on a Dynamic Field or Dynamic Record, when the field is related to either a Person or Policy Enrollment.
38743013		POL-18152	Policy activities: Error is shown for view messages dialog
Description:		In Policy activities page, when user performs advance search and clicks on View Messages link, an error is shown and messages doesn’t load
Resolution:		Messages are displayed in Policy Activities page

Issues that were backported in previous Release / Patch

No backports.