Move PHI Logs to Object Storage

Overview

Protected Health Information (PHI) logs volume in Oracle Health Insurance applications typically grows with the PHI logging feature in operational reporting and the new data transfer IP, a significant increase in PHI logs volume, which potentially increases the database storage.

This document abstracts migrate PHI logs from the database to object storage, which reduces storage costs and improves performance.

How PHI Logging Works

When a data transfer request is initiated from the Oracle Health Insurance application, a PHI logging insert statement is triggered, adding entries to the log_phi_events table.

A daily DB (database) scheduler job aggregates all PHI logs older than 60 days from the previous day, including logs generated by other application use cases, such as generic APIs. These aggregated logs are stored in a JSON file within OHI-managed object storage.

If no PHI logs are generated on a given day, no JSON file will be created for that day. Once the data is successfully moved to object storage, it will be deleted from the database.

PHI Logs Retention Policy

SaaS (Software as a Service) Deployment

PHI logs older than 60 days are moved to object storage, where they are retained for 7 years. After the retention period ends, the logs will be automatically deleted.

PHI logs are moved from database to object storage only in SaaS deployment.

On Premises Deployment

A new Oracle database directory named OHI_PHI_LOGS_DIRECTORY must be configured and this directory will be used to store the PHI logs extracted from the database. The extract operation is performed as part of the auto-purge job.

For example:

1. create directory.
  create directory OHI_PHI_LOGS_DIRECTORY as '<file_path>';
2. Grant read & write access to directory to application owner schema.
  grant read, write on directory OHI_PHI_LOGS_DIRECTORY to <ohi_app_owner>;

On-premises installations of Oracle Health Insurance applications will export the phi logs to the Oracle directory created on shared storage. The file names will follow the format yyyy-mm-dd_phi_logs_filepartname.json and be exported to the appropriate Oracle directory for each application.

For example:

        For PHI Logging

          /extract/phi_log/

                    2024-11-21_phi_logs_1.json

                    2024-11-21_phi_logs_2json

        In the above example /extract/phi_log/ is considered as oracle directory created on shared drive.

A new system property ohi.phi.logs.data.transfer.target.db.directory.name must be configured for PHI logging scenarios in each application. These properties should point to the Oracle directory name.

Accessing PHI Logs in Oracle Health Insurance Cloud Services (OHI CS)

Following migration, the Query API on the logphievents resource can be used to get PHI logs of the last 60 days as they are retained in the DB for 60 days. For older logs, OHI CS users must submit a request to the OHI CS AMS team to copy the logs from Oracle-owned buckets to their storage location.