Situation
When querying the OpenEMR FHIR API for Patient MRN123 vital signs using Observation?patient=MRN123&category=vital-signs, the response incorrectly includes vitals from other patients(MRN456), indicating a failure to properly scope the patient parameter. This results in unintended data leakage rather than returning only the requested patient’s records.
OpenEMR Version
7.0.3
Browser:
HTTPS Request and through Spring Boot service
Operating System
Windows
Search
Yes
Logs
Did you check the logs?
Was there anything pertinent in them?
Please paste them here (surround with three backticks (```) for readability.
You can also turn on User Debugging under Administration->Globals->Logging User Debugging Options=>All