I’m building an app that may contain some sensitive information about people and I’m trying to use the Data Privacy rules but I can’t figure it out how to make it work for what I need.
I just want to say upfront that the data displayed in the user interface is already showing correctly only to people who should see it. I got all UI and workflows working. This is just to prevent hackers or unauthorized users from snooping in, as privacy is of great importance for this app. (So I’m trying to use the Data Privacy rules).
I’ll try to simplify what I’m trying to do to illustrate it.
In my app, I have a few Types and example fields:
- User (the usual user fields - can be doctors, patients or admin staff in a medical practice)
- Patient (User, Name, BloodType, DOB, Allergies… - with patient-specific info. Some patients can be users but most are not as they are just created by the practice for internal use)
- Doctor (User, Credential, Speciality… - with doctor-specific info)
- PatientDoctor (Patient, Doctor - this creates a many-to-many relationship as one doctor treats many patients and one patient can be treated by many doctors)
- ExamResults (Patient, Type, Score, Comments… - exam results related to a single patient. One patient can have many ExamResults records)
What I am trying to do is to create a rule in the ExamResults type that will allow only users who are either the Patients themselves or Doctors who are linked to the Patient to see the data in the ExamResults table.
When I go create a rule, I can easily create one for the User who is a patient, as the relationship is directly linked by one to one relationships. However, I can’t create a rule for doctors, as I would need to do a search in PatientDoctor for doctors who can see the Patient related to the data in this table. I can’t use search in Privacy Rules and I can reference PatientDoctors from there.
I will also need a similar rule for Doctors seeing info in the Patients table related to their patients only.
Any ideas on how to make that info private only to the people I want?