/
Why can't non-super admins perform pivot or count-based PHI queries?
Got feedback or spotted a mistake?

Leave a comment at the end of this page or email contact@krishagni.com

Why can't non-super admins perform pivot or count-based PHI queries?

Currently, pivot or count-based queries on PHI fields are only supported for super admins.

  1. HIPAA compliance: Even though it is a count-based query, it is possible to use filters to narrow results to the extent count equals 1, which would expose PHI.

  2. A user might have PHI access to one CP but not to another. When performing count-based queries, there may be specimens from multiple CPs within the count.

  3. The counts are done at the database level, not at the app level. The roles/privileges assigned to OpenSpecimen user(s) are not known to the database. Calculating the counts within OpenSpecimen would require reading all the data into memory, which can be very expensive in terms of both resources and speed.

Therefore, OpenSpecimen does not support this feature. Unfortunately, there is no immediate plan to fix this issue.

Workaround:

  1. Super admin can create and schedule it as a job (i.e. run on 1st of every month) and include regular users to receive the export file in email notification.
    You can find how to schedule the query on this page: https://openspecimen.atlassian.net/wiki/x/MgDiW

  2. Or, if the query requires modificaiton before exporting (like changing the date-range) regular users can ask the super-admins to run and share the query export for such count-based reports which has PHI fields.

 

Got feedback or spotted a mistake?

Leave a comment at the end of this page or email contact@krishagni.com