Alert: HS2022-01: Multiple IRIS for Health & HealthShare Alerts |

InterSystems Official

Mike Morrissey · Mar 1, 2022

#Alerts #HealthShare #InterSystems IRIS for Health #InterSystems Official

This post is part of the HealthShare HS2022-01 Alert communications process. The same information is also distributed:

By Email
On the Product Alerts & Advisories page
On the WRC Distribution Page InterSystems Documents

There are 22 alerts in the HealthShare HS2022-01 Alert communication. The Alert Summary is in the table below, and the detail is contained in the attached document: HS2022-01-Communication

Alert	Product & Versions Affected	Risk Category
HS2022-01-01: Vaccination Dates Misrepresented in Some Circumstances	All versions of: Information Exchange Unified Care Record Personal Community HealthShare Health Connect InterSystems IRIS for Health	Operational Clinical Safety
HS2022-01-02: Invalid Handling of Multiple Reference Ranges in CDA and C-CDA Documents	All versions of: Information Exchange Unified Care Record (through 2021.1)	Clinical Safety
HS2022-01-03: Security Check for Emergency Access to Patient Records Fails to Occur in Some Situations	All versions of: Information Exchange Unified Care Record (through 2020.2)	Privacy
HS2022-01-04: Security Vulnerability in Unified Care Record 2020.2.0	Unified Care Record: 2020.2.0 (Build 8620)	Privacy
HS2022-01-05: Customers on Unified Care Record 2020.2 and 2021.1 Must Install a Patch Before Upgrading to a Later Version	Version 2020.2, 2021.1 of: Unified Care Record Clinical Viewer Health Insight Patient Index Personal Community Care Community Version 2020.2, 2021.1, 2021.2, 2021.3 of: Provider Directory	Operational
HS2022-01-06: Configuring the Classic Clinical Viewer Requires Outdated Third-Party Software	All versions of: Unified Care Record (Classic Clinical Viewer only)	Security
HS2022-01-07: Users may not be able to Log Out of Clinical Viewer	All versions of: Information Exchange Unified Care Record (through 2020.2)	Privacy
HS2022-01-08: Access Gateway Aggregation Cache Grows over Time	Unified Care Record: 2020.1, 2020.2, 2021.1, 2021.2	Operational
HS2022-01-09: Incompatibility in HL7toSDA3 Customizations when Upgrading from HealthShare 15.03 or earlier	Information Exchange: 15.03 or earlier (when upgrading to Unified Care Record)	Not Rated
HS2022-01-10: IHE Endpoints should use Appropriate Credentials	All versions of: Information Exchange Unified Care Record	Security
HS2022-01-11: ODS Namespace Reactivation Can Result in Prolonged Downtime	Unified Care Record: 2019.1, 2019.2	Operational
HS2022-01-12: Upgrade of ODS may Require Manual Intervention to Complete	Unified Care Record: 2020.1 (when upgrading to version 2020.2)	Operational
HS2022-01-13: ODS Audit Data Inaccessible after Upgrade to Version 2020.1	Unified Care Record: 2019.1 or 2019.2 (when upgrading to 2020.1)	Privacy
HS2022-01-14: System-wide and Facility-level Clinical Consent Policies Ignore Event Dates	All versions of: Information Exchange Unified Care Record (through 2021.1)	Privacy
HS2022-01-15: FHIR Requests Not Being Evaluated Properly for Consent	Unified Care Record: 2020.1	Privacy
HS2022-01-16: FHIR “$everything” Operation Can Return Unconsented Demographics	All versions of: Information Exchange Unified Care Record (through 2021.1)	Privacy
HS2022-01-17: FHIR Index Performance Issue Can Cause ODS Instability	Information Exchange: 2018.1 Unified Care Record: 2019.1, 2019.2	Operational
HS2022-01-18: Security Vulnerability in FHIR Gateway/FHIR Server	Unified Care Record: 2021.1 InterSystems IRIS for Health: 2021.1	Security
HS2022-01-19: FHIR Server Does Not Verify Token Revocation	Unified Care Record: 2020.1, 2020.2, 2021.1 InterSystems IRIS for Health: 2020.4, 2021.1 HealthShare Health Connect: 2020.4, 2021.1	Security
HS2022-01-20: OAuth Token Scope Not Applied in FHIR Batch Transaction Bundles	InterSystems IRIS for Health: 2021.1	Privacy Security Operational
HS2022-01-21: FHIR Server Interoperability REST Client does not Properly Clean Up Data	InterSystems IRIS for Health: 2020.2, 2020.3 HealthShare Health Connect: 2020.2, 2020.3	Operational
HS2022-01-22: Security Issue in Patient Index	All versions of: Patient Index (through 2021.2)	Security

If you have any questions regarding this advisory, please contact support@intersystems.com, and reference “HealthShare Alert HS2022-01”.