Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

GDPR Compliant Removal of Resources #399

Open
alexanderkiel opened this issue Jun 8, 2021 · 7 comments
Open

GDPR Compliant Removal of Resources #399

alexanderkiel opened this issue Jun 8, 2021 · 7 comments
Assignees
Labels
epic A large body of work that can be broken down into a number of smaller issues.
Milestone

Comments

@alexanderkiel
Copy link
Member

alexanderkiel commented Jun 8, 2021

As Blaze implements versioning of resources, the delete interaction only marks resources as deleted. In some scenarios, for example for GDPR compliance, it might be necessary to really remove a resource from Blaze.

Other Work

FHIR Standard

GDPR

  • data has to be erased within 30 days

Plan

We like to implement:

Encryption of Paging Links

#1995

Delete History

FHIR Spec #1382

DELETE [base]/[type]/[id]/_history - remove all versions of the resource except the current version (which if the resource has been deleted, will be an empty placeholder)

Delete History Version

FHIR Spec

DELETE [base]/[type]/[id]/_history/[vid] - remove the specified version of the resource. It is an error to remove the 'current' version. (Must first perform a regular delete, and can then delete the non-current version.)

Patient Purge

FHIR Spec #1298

POST /Patient/[id]/$purge - get rid of all current + historical data for a whole Patient compartment

  • doing a cascading delete on resources referenced from elsewhere should fail
  • It will be ok for $purge to take a rather long amount of time - even in the minutes
  • deleting history is a new delete operation, called delete-history, that will prevent history output from that database value onwards. It's like a blocker on history output even if the resource would go live again. This also means that the newest delete-history entry is never garbage.

Implement Index Garbage Collection

#1505

Implement Resource Store Garbage Collection

#2171

Cut Off the Transaction Log

Implement Replication in Distributed Storage Mode without Transaction Log

@alexanderkiel alexanderkiel self-assigned this Jun 8, 2021
@alexanderkiel alexanderkiel added the epic A large body of work that can be broken down into a number of smaller issues. label Jun 8, 2021
@MM-Lehmann
Copy link

MM-Lehmann commented Jun 23, 2021

Must have (MVP): removal of a single resource by reference (id)
Should have: cascading removal of all resources referencing a particular Patient(-id)
Could have: cascading removal of all resource referencing any given resource
... by REST API

@MM-Lehmann
Copy link

Is there any other way to completely wipe the server via REST?

@alexanderkiel
Copy link
Member Author

Is there any other way to completely wipe the server via REST?

No, you have to shutdown Blaze, delete the docker volume and restart it.

@JohannesOehm
Copy link

Are there any update on this? This prevents us currently from using Blaze in our DIC.

@alexanderkiel
Copy link
Member Author

@JohannesOehm Would it be sufficient to be able to purge a single resource with all of it's history? That would be "Instance-Level Expunge" in HAPI. Would it be ok if metadata about the transactions that created/updated/deleted the resource will still exist but the resource contents are purged from disk?

@MM-Lehmann
Copy link

MM-Lehmann commented Oct 19, 2022 via email

@JohannesOehm
Copy link

It would be better if the resources ID is also deleted, but we can replace the resource IDs, which currently hold the patients pseudonym with some random numbers, so it is also fine for us.

@juliangruendner juliangruendner changed the title Implement Permanent Removal of Resources Implement Permanent Removal of Resources (Purging) Jan 17, 2024
@alexanderkiel alexanderkiel added this to the v1.0.0 milestone Sep 30, 2024
@alexanderkiel alexanderkiel changed the title Implement Permanent Removal of Resources (Purging) GDPR Compliant Removal of Resources Dec 10, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
epic A large body of work that can be broken down into a number of smaller issues.
Projects
None yet
Development

When branches are created from issues, their pull requests are automatically linked.

4 participants