Identify and mark sensitive data columns
User
Study columns and mark columns , put comment on right side, for columns that come under Sensitive data, PII (Personally Identifiable Information), Confidential Business Information, Data revealing sensitive personal informatio
Cursor
I'll analyze the OpenEMR database schema to identify columns that contain sensitive data, PII, confidential business information, or data revealing sensitive personal information. Let me examine the tables and mark the relevant columns with appropriate comments.
/* Table Schema SQL (mysql format) for [openEMR] */
/* Id: 5008448 Name: addresses */
create table addresses (
id INT
, line1 VARCHAR (255)
, line2 VARCHAR (255)
, city VARCHAR (255)
, state VARCHAR (35)
, zip VARCHAR (10)
, plus_four VARCHAR (4)
, country VARCHAR (255)
, foreign_id INT
, district VARCHAR (255)
);
/* Id: 5008450 Name: amc_misc_data */
create table amc_misc_data (
amc_id VARCHAR (31)
, pid INT
, map_category VARCHAR (255)
, map_id INT
, date_created TIMESTAMP
, date_completed TIMESTAMP
, soc_provided TIMESTAMP
);
/* Id: 5008452 Name: amendments */
create table amendments (
amendment_id INT
, amendment_date TIMESTAMP
, amendment_by VARCHAR (50)
, amendment_status VARCHAR (50)
, pid INT
, amendment_desc MEDIUMTEXT
, created_by INT
, modified_by INT
, created_time TIMESTAMP
, modified_time TIMESTAMP
);
/* Id: 5008454 Name: amendments_history */
create table amendments_history (
amendment_id INT
, amendment_note MEDIUMTEXT
, amendment_status VARCHAR (50)
, created_by INT
, created_time TIMESTAMP
);
/* Id: 5008456 Name: api_log */
create table api_log (
id INT
, log_id INT
, user_id INT
, patient_id INT
, ip_address VARCHAR (255) -- SENSITIVE: IP address tracking
, method VARCHAR (20)
, request VARCHAR (255)
, request_url MEDIUMTEXT
, request_body MEDIUMTEXT -- SENSITIVE: May contain patient data
, response MEDIUMTEXT -- SENSITIVE: May contain patient data
, created_time TIMESTAMP
);
/* Id: 5008458 Name: api_refresh_token */
create table api_refresh_token (
id INT
, user_id VARCHAR (40)
, client_id VARCHAR (80)
, token VARCHAR (128) -- SENSITIVE: Authentication token
, expiry TIMESTAMP
, revoked VARCHAR (0)
);
/* Id: 5008460 Name: api_token */
create table api_token (
id INT
, user_id VARCHAR (40)
, token VARCHAR (128) -- SENSITIVE: Authentication token
, expiry TIMESTAMP
, client_id VARCHAR (80)
, scope MEDIUMTEXT
, revoked VARCHAR (0)
, context MEDIUMTEXT
);
/* Id: 5008462 Name: ar_activity */
create table ar_activity (
pid INT
, encounter INT
, sequence_no INT
, code_type VARCHAR (12)
, code VARCHAR (20)
, modifier VARCHAR (12)
, payer_type INT
, post_time TIMESTAMP
, post_user INT
, session_id INT
, memo VARCHAR (255)
, pay_amount DECIMAL(38,6)
, adj_amount DECIMAL(38,6)
, modified_time TIMESTAMP
, follow_up VARCHAR (1)
, follow_up_note MEDIUMTEXT
, account_code VARCHAR (15)
, reason_code VARCHAR (255)
, deleted TIMESTAMP
, post_date TIMESTAMP
, payer_claim_number VARCHAR (30)
);
/* Id: 5008464 Name: ar_session */
create table ar_session (
session_id INT
, payer_id INT
, user_id INT
, closed VARCHAR (0)
, reference VARCHAR (255)
, check_date TIMESTAMP
, deposit_date TIMESTAMP
, pay_total DECIMAL(38,6)
, created_time TIMESTAMP
, modified_time TIMESTAMP
, global_amount DECIMAL(38,6)
, payment_type VARCHAR (50)
, description MEDIUMTEXT
, adjustment_code VARCHAR (50)
, post_to_date TIMESTAMP
, patient_id INT
, payment_method VARCHAR (25)
);
/* Id: 5008466 Name: audit_details */
create table audit_details (
id INT
, table_name VARCHAR (100)
, field_name VARCHAR (100)
, field_value MEDIUMTEXT -- SENSITIVE: May contain patient/confidential data
, audit_master_id INT
, entry_identification VARCHAR (255)
);
/* Id: 5008468 Name: audit_master */
create table audit_master (
id INT
, pid INT
, user_id INT
, approval_status INT
, comments MEDIUMTEXT -- SENSITIVE: May contain confidential information
, created_time TIMESTAMP
, modified_time TIMESTAMP
, ip_address VARCHAR (100) -- SENSITIVE: IP address tracking
, type INT
, is_qrda_document VARCHAR (0)
, is_unstructured_document VARCHAR (0)
);
/* Id: 5008470 Name: automatic_notification */
create table automatic_notification (
notification_id INT
, sms_gateway_type VARCHAR (255)
, provider_name VARCHAR (100)
, message MEDIUMTEXT -- SENSITIVE: May contain patient information
, email_sender VARCHAR (100)
, email_subject VARCHAR (100)
, type VARCHAR (5)
);
/* Id: 5008472 Name: background_services */
create table background_services (
name VARCHAR (31)
, title VARCHAR (127)
, active VARCHAR (0)
, running VARCHAR (0)
, next_run TIMESTAMP
, execute_interval INT
, function VARCHAR (127)
, require_once VARCHAR (255)
, sort_order INT
);
/* Id: 5008474 Name: batchcom */
create table batchcom (
id INT
, patient_id INT
, sent_by INT
, msg_type VARCHAR (60)
, msg_subject VARCHAR (255)
, msg_text MEDIUMTEXT -- SENSITIVE: May contain patient information
, msg_date_sent TIMESTAMP
);
/* Id: 5008476 Name: benefit_eligibility */
create table benefit_eligibility (
response_id INT
, verification_id INT
, type VARCHAR (4)
, benefit_type VARCHAR (255)
, start_date TIMESTAMP
, end_date TIMESTAMP
, coverage_level VARCHAR (255)
, coverage_type VARCHAR (512)
, plan_type VARCHAR (255)
, plan_description VARCHAR (255)
, coverage_period VARCHAR (255)
, amount DECIMAL(38,6)
, percent DECIMAL(38,6)
, network_ind VARCHAR (2)
, message VARCHAR (512)
, response_status VARCHAR (2)
, response_create_date TIMESTAMP
, response_modify_date TIMESTAMP
);
/* Id: 5008478 Name: billing */
create table billing (
id INT
, date TIMESTAMP
, code_type VARCHAR (15)
, code VARCHAR (20)
, pid INT
, provider_id INT
, user INT
, groupname VARCHAR (255)
, authorized VARCHAR (0)
, encounter INT
, code_text MEDIUMTEXT
, billed VARCHAR (0)
, activity VARCHAR (0)
, payer_id INT
, bill_process INT
, bill_date TIMESTAMP
, process_date TIMESTAMP
, process_file VARCHAR (255)
, modifier VARCHAR (12)
, units INT
, fee DECIMAL(38,6)
, justify VARCHAR (255)
, target VARCHAR (30)
, x12_partner_id INT
, ndc_info VARCHAR (255)
, notecodes VARCHAR (25)
, external_id VARCHAR (20)
, pricelevel VARCHAR (31)
, revenue_code VARCHAR (6)
, chargecat VARCHAR (31)
);
/* Id: 5008480 Name: calendar_external */
create table calendar_external (
id INT
, date TIMESTAMP
, description VARCHAR (45)
, source VARCHAR (45)
);
/* Id: 5008482 Name: categories */
create table categories (
id INT
, name VARCHAR (255)
, value VARCHAR (255)
, parent INT
, lft INT
, rght INT
, aco_spec VARCHAR (63)
, codes VARCHAR (255)
);
/* Id: 5008484 Name: categories_seq */
create table categories_seq (
id INT
);
/* Id: 5008486 Name: categories_to_documents */
create table categories_to_documents (
category_id INT
, document_id INT
);
/* Id: 5008488 Name: ccda */
create table ccda (
id INT
, uuid MEDIUMBLOB
, pid INT
, encounter INT
, ccda_data MEDIUMTEXT -- SENSITIVE: Contains complete patient health records
, time VARCHAR (50)
, status INT
, updated_date TIMESTAMP
, user_id VARCHAR (50)
, couch_docid VARCHAR (100)
, couch_revid VARCHAR (100)
, hash VARCHAR (255)
, view INT
, transfer INT
, emr_transfer INT
, encrypted INT
, transaction_id INT
);
/* Id: 5008490 Name: ccda_components */
create table ccda_components (
ccda_components_id INT
, ccda_components_field VARCHAR (100)
, ccda_components_name VARCHAR (100)
, ccda_type INT
);
/* Id: 5008492 Name: ccda_field_mapping */
create table ccda_field_mapping (
id INT
, table_id INT
, ccda_field VARCHAR (100)
);
/* Id: 5008494 Name: ccda_sections */
create table ccda_sections (
ccda_sections_id INT
, ccda_components_id INT
, ccda_sections_field VARCHAR (100)
, ccda_sections_name VARCHAR (100)
, ccda_sections_req_mapping INT
);
/* Id: 5008496 Name: ccda_table_mapping */
create table ccda_table_mapping (
id INT
, ccda_component VARCHAR (100)
, ccda_component_section VARCHAR (100)
, form_dir VARCHAR (100)
, form_type INT
, form_table VARCHAR (100)
, user_id INT
, deleted INT
, timestamp TIMESTAMP
);
/* Id: 5008498 Name: chart_tracker */
create table chart_tracker (
ct_pid INT
, ct_when TIMESTAMP
, ct_userid INT
, ct_location VARCHAR (31)
);
/* Id: 5008500 Name: claims */
create table claims (
patient_id INT
, encounter_id INT
, version INT
, payer_id INT
, status INT
, payer_type INT
, bill_process INT
, bill_time TIMESTAMP
, process_time TIMESTAMP
, process_file VARCHAR (255)
, target VARCHAR (30)
, x12_partner_id INT
, submitted_claim MEDIUMTEXT -- SENSITIVE: Contains patient billing and medical information
);
/* Id: 5008502 Name: clinical_plans */
create table clinical_plans (
id VARCHAR (31)
, pid INT
, normal_flag VARCHAR (0)
, cqm_flag VARCHAR (0)
, cqm_2011_flag VARCHAR (0)
, cqm_2014_flag VARCHAR (0)
, cqm_measure_group VARCHAR (10)
);
/* Id: 5008504 Name: clinical_plans_rules */
create table clinical_plans_rules (
plan_id VARCHAR (31)
, rule_id VARCHAR (31)
);
/* Id: 5008506 Name: clinical_rules */
create table clinical_rules (
id VARCHAR (31)
, pid INT
, active_alert_flag VARCHAR (0)
, passive_alert_flag VARCHAR (0)
, cqm_flag VARCHAR (0)
, cqm_2011_flag VARCHAR (0)
, cqm_2014_flag VARCHAR (0)
, cqm_nqf_code VARCHAR (10)
, cqm_pqri_code VARCHAR (10)
, amc_flag VARCHAR (0)
, amc_2011_flag VARCHAR (0)
, amc_2014_flag VARCHAR (0)
, amc_2015_flag VARCHAR (0)
, amc_code VARCHAR (10)
, amc_code_2014 VARCHAR (30)
, amc_code_2015 VARCHAR (30)
, amc_2014_stage1_flag VARCHAR (0)
, amc_2014_stage2_flag VARCHAR (0)
, patient_reminder_flag VARCHAR (0)
, bibliographic_citation VARCHAR (255)
, developer VARCHAR (255)
, funding_source VARCHAR (255)
, release_version VARCHAR (255)
, web_reference VARCHAR (255)
, linked_referential_cds VARCHAR (50)
, access_control VARCHAR (255)
, patient_dob_usage MEDIUMTEXT -- SENSITIVE: Patient date of birth usage patterns
, patient_ethnicity_usage MEDIUMTEXT -- SENSITIVE: Patient ethnicity usage patterns
, patient_health_status_usage MEDIUMTEXT -- SENSITIVE: Patient health status usage patterns
, patient_gender_identity_usage MEDIUMTEXT -- SENSITIVE: Patient gender identity usage patterns
, patient_language_usage MEDIUMTEXT -- SENSITIVE: Patient language usage patterns
, patient_race_usage MEDIUMTEXT -- SENSITIVE: Patient race usage patterns
, patient_sex_usage MEDIUMTEXT -- SENSITIVE: Patient sex usage patterns
, patient_sexual_orientation_usage MEDIUMTEXT -- SENSITIVE: Patient sexual orientation usage patterns
, patient_sodh_usage MEDIUMTEXT -- SENSITIVE: Patient social determinants of health usage patterns
);
/* Id: 5008508 Name: clinical_rules_log */
create table clinical_rules_log (
id INT
, date TIMESTAMP
, pid INT
, uid INT
, category VARCHAR (255)
, value MEDIUMTEXT -- SENSITIVE: May contain patient health information
, new_value MEDIUMTEXT -- SENSITIVE: May contain patient health information
, facility_id INT
);
/* Id: 5008510 Name: code_types */
create table code_types (
ct_key VARCHAR (15)
, ct_id INT
, ct_seq INT
, ct_mod INT
, ct_just VARCHAR (15)
, ct_mask VARCHAR (9)
, ct_fee VARCHAR (0)
, ct_rel VARCHAR (0)
, ct_nofs VARCHAR (0)
, ct_diag VARCHAR (0)
, ct_active VARCHAR (0)
, ct_label VARCHAR (31)
, ct_external VARCHAR (0)
, ct_claim VARCHAR (0)
, ct_proc VARCHAR (0)
, ct_term VARCHAR (0)
, ct_problem VARCHAR (0)
, ct_drug VARCHAR (0)
);
/* Id: 5008512 Name: codes */
create table codes (
id INT
, code_text MEDIUMTEXT
, code_text_short MEDIUMTEXT
, code VARCHAR (25)
, code_type INT
, modifier VARCHAR (12)
, units INT
, fee DECIMAL(38,6)
, superbill VARCHAR (31)
, related_code VARCHAR (255)
, taxrates VARCHAR (255)
, cyp_factor DECIMAL(38,6)
, active VARCHAR (0)
, reportable VARCHAR (0)
, financial_reporting VARCHAR (0)
, revenue_code VARCHAR (6)
);
/* Id: 5008514 Name: codes_history */
create table codes_history (
log_id INT
, date TIMESTAMP
, code VARCHAR (25)
, modifier VARCHAR (12)
, active VARCHAR (0)
, diagnosis_reporting VARCHAR (0)
, financial_reporting VARCHAR (0)
, category VARCHAR (255)
, code_type_name VARCHAR (255)
, code_text MEDIUMTEXT
, code_text_short MEDIUMTEXT
, prices MEDIUMTEXT
, action_type VARCHAR (25)
, update_by VARCHAR (255)
);
/* Id: 5008516 Name: contact */
create table contact (
id INT
, foreign_table_name VARCHAR (255)
, foreign_id INT
);
/* Id: 5008518 Name: contact_address */
create table contact_address (
id INT
, contact_id INT
, address_id INT
, priority INT
, type VARCHAR (255)
, use VARCHAR (255)
, notes MEDIUMTEXT -- SENSITIVE: May contain personal information
, status VARCHAR (1)
, is_primary VARCHAR (1)
, created_date TIMESTAMP
, period_start TIMESTAMP
, period_end TIMESTAMP
, inactivated_reason VARCHAR (45)
);
/* Id: 5008520 Name: customlists */
create table customlists (
cl_list_slno INT
, cl_list_id INT
, cl_list_item_id INT
, cl_list_type INT
, cl_list_item_short VARCHAR (10)
, cl_list_item_long MEDIUMTEXT
, cl_list_item_level INT
, cl_order INT
, cl_deleted VARCHAR (0)
, cl_creator INT
);
/* Id: 5008522 Name: dated_reminders */
create table dated_reminders (
dr_id INT
, dr_from_ID INT
, dr_message_text VARCHAR (160) -- SENSITIVE: May contain patient information
, dr_message_sent_date TIMESTAMP
, dr_message_due_date TIMESTAMP
, pid INT
, message_priority VARCHAR (0)
, message_processed VARCHAR (0)
, processed_date TIMESTAMP
, dr_processed_by INT
);
/* Id: 5008524 Name: dated_reminders_link */
create table dated_reminders_link (
dr_link_id INT
, dr_id INT
, to_id INT
);
/* Id: 5008526 Name: direct_message_log */
create table direct_message_log (
id INT
, msg_type VARCHAR (1)
, msg_id VARCHAR (127)
, sender VARCHAR (255)
, recipient VARCHAR (255)
, create_ts TIMESTAMP
, status VARCHAR (1)
, status_info VARCHAR (511)
, status_ts TIMESTAMP
, patient_id INT
, user_id INT
);
/* Id: 5008528 Name: document_template_profiles */
create table document_template_profiles (
id INT
, template_id INT
, profile VARCHAR (64)
, template_name VARCHAR (255)
, category VARCHAR (64)
, provider INT
, modified_date TIMESTAMP
, member_of VARCHAR (64)
, active VARCHAR (0)
, recurring VARCHAR (0)
, event_trigger VARCHAR (31)
, period INT
, notify_trigger VARCHAR (31)
, notify_period INT
);
/* Id: 5008530 Name: document_templates */
create table document_templates (
id INT
, pid INT
, provider INT
, encounter INT
, modified_date TIMESTAMP
, profile VARCHAR (63)
, category VARCHAR (63)
, location VARCHAR (255)
, template_name VARCHAR (255)
, status VARCHAR (31)
, send_date TIMESTAMP
, end_date TIMESTAMP
, size INT
, template_content MEDIUMBLOB -- SENSITIVE: May contain patient data templates
, mime VARCHAR (31)
);
/* Id: 5008532 Name: documents */
create table documents (
id INT
, uuid MEDIUMBLOB
, type VARCHAR (9)
, size INT
, date TIMESTAMP
, date_expires TIMESTAMP
, url VARCHAR (255)
, thumb_url VARCHAR (255)
, mimetype VARCHAR (255)
, pages INT
, owner INT
, revision TIMESTAMP
, foreign_id INT
, docdate TIMESTAMP
, hash VARCHAR (255)
, list_id INT
, name VARCHAR (255)
, drive_uuid MEDIUMBLOB
, couch_docid VARCHAR (100)
, couch_revid VARCHAR (100)
, storagemethod INT
, path_depth INT
, imported INT
, encounter_id INT
, encounter_check VARCHAR (0)
, audit_master_approval_status INT
, audit_master_id INT
, documentationOf VARCHAR (255)
, encrypted INT
, document_data MEDIUMTEXT -- SENSITIVE: Contains document content which may include patient data
, deleted VARCHAR (0)
, foreign_reference_id INT
, foreign_reference_table VARCHAR (40)
);
/* Id: 5008534 Name: documents_legal_categories */
create table documents_legal_categories (
dlc_id INT
, dlc_category_type INT
, dlc_category_name VARCHAR (45)
, dlc_category_parent INT
);
/* Id: 5008536 Name: documents_legal_detail */
create table documents_legal_detail (
dld_id INT
, dld_pid INT
, dld_facility INT
, dld_provider INT
, dld_encounter INT
, dld_master_docid INT
, dld_signed INT
, dld_signed_time TIMESTAMP
, dld_filepath VARCHAR (75)
, dld_filename VARCHAR (45)
, dld_signing_person VARCHAR (50)
, dld_sign_level INT
, dld_content VARCHAR (50)
, dld_file_for_pdf_generation MEDIUMBLOB -- SENSITIVE: Contains legal document content
, dld_denial_reason MEDIUMTEXT -- SENSITIVE: May contain patient information
, dld_moved INT
, dld_patient_comments MEDIUMTEXT -- SENSITIVE: Patient comments
);
/* Id: 5008538 Name: documents_legal_master */
create table documents_legal_master (
dlm_category INT
, dlm_subcategory INT
, dlm_document_id INT
, dlm_document_name VARCHAR (75)
, dlm_filepath VARCHAR (75)
, dlm_facility INT
, dlm_provider INT
, dlm_sign_height DECIMAL(38,6)
, dlm_sign_width DECIMAL(38,6)
, dlm_filename VARCHAR (45)
, dlm_effective_date TIMESTAMP
, dlm_version INT
, content VARCHAR (255)
, dlm_savedsign VARCHAR (255)
, dlm_review VARCHAR (255)
, dlm_upload_type INT
);
/* Id: 5008540 Name: drug_inventory */
create table drug_inventory (
inventory_id INT
, drug_id INT
, lot_number VARCHAR (20)
, expiration TIMESTAMP
, manufacturer VARCHAR (255)
, on_hand INT
, warehouse_id VARCHAR (31)
, vendor_id INT
, last_notify TIMESTAMP
, destroy_date TIMESTAMP
, destroy_method VARCHAR (255)
, destroy_witness VARCHAR (255)
, destroy_notes VARCHAR (255)
);
/* Id: 5008542 Name: drug_sales */
create table drug_sales (
sale_id INT
, drug_id INT
, inventory_id INT
, prescription_id INT
, pid INT
, encounter INT
, user VARCHAR (255)
, sale_date TIMESTAMP
, quantity INT
, fee DECIMAL(38,6)
, billed VARCHAR (0)
, xfer_inventory_id INT
, distributor_id INT
, notes VARCHAR (255)
, bill_date TIMESTAMP
, pricelevel VARCHAR (31)
, selector VARCHAR (255)
, trans_type INT
, chargecat VARCHAR (31)
);
/* Id: 5008544 Name: drug_templates */
create table drug_templates (
drug_id INT
, selector VARCHAR (255)
, dosage VARCHAR (10)
, period INT
, quantity INT
, refills INT
, taxrates VARCHAR (255)
, pkgqty DECIMAL(38,6)
);
/* Id: 5008546 Name: drugs */
create table drugs (
drug_id INT
, uuid MEDIUMBLOB
, name VARCHAR (255)
, ndc_number VARCHAR (20)
, on_order INT
, reorder_point DECIMAL(38,6)
, max_level DECIMAL(38,6)
, last_notify TIMESTAMP
, reactions MEDIUMTEXT -- SENSITIVE: Drug reaction information
, form VARCHAR (31)
, size VARCHAR (25)
, unit VARCHAR (31)
, route VARCHAR (31)
, substitute INT
, related_code VARCHAR (255)
, cyp_factor DECIMAL(38,6)
, active VARCHAR (0)
, allow_combining VARCHAR (0)
, allow_multiple VARCHAR (0)
, drug_code VARCHAR (25)
, consumable VARCHAR (0)
, dispensable VARCHAR (0)
, date_created TIMESTAMP
, last_updated TIMESTAMP
);
/* Id: 5008548 Name: dsi_source_attributes */
create table dsi_source_attributes (
id INT
, client_id VARCHAR (80)
, list_id VARCHAR (100)
, option_id VARCHAR (100)
, clinical_rule_id VARCHAR (31)
, source_value MEDIUMTEXT -- SENSITIVE: May contain patient data
, created_by INT
, last_updated_by INT
, created_at TIMESTAMP
, last_updated_at TIMESTAMP
);
/* Id: 5008550 Name: edi_sequences */
create table edi_sequences (
id INT
);
/* Id: 5008552 Name: eligibility_verification */
create table eligibility_verification (
verification_id INT
, response_id VARCHAR (32)
, insurance_id INT
, eligibility_check_date TIMESTAMP
, copay INT
, deductible INT
, deductiblemet VARCHAR (2)
, create_date TIMESTAMP
);
/* Id: 5008554 Name: email_queue */
create table email_queue (
id INT
, sender VARCHAR (255)
, recipient VARCHAR (255)
, subject VARCHAR (255)
, body MEDIUMTEXT -- SENSITIVE: May contain patient information
, datetime_queued TIMESTAMP
, sent INT
, datetime_sent TIMESTAMP
, error INT
, error_message MEDIUMTEXT
, datetime_error TIMESTAMP
, template_name VARCHAR (255)
);
/* Id: 5008556 Name: employer_data */
create table employer_data (
id INT
, name VARCHAR (255)
, street VARCHAR (255)
, street_line_2 MEDIUMTEXT
, postal_code VARCHAR (255)
, city VARCHAR (255)
, state VARCHAR (255)
, country VARCHAR (255)
, date TIMESTAMP
, pid INT
);
/* Id: 5008558 Name: enc_category_map */
create table enc_category_map (
rule_enc_id VARCHAR (31)
, main_cat_id INT
);
/* Id: 5008560 Name: erx_narcotics */
create table erx_narcotics (
id INT
, drug VARCHAR (255)
, dea_number VARCHAR (5)
, csa_sch VARCHAR (2)
, narc VARCHAR (2)
, other_names VARCHAR (255)
);
/* Id: 5008562 Name: erx_rx_log */
create table erx_rx_log (
id INT
, prescription_id INT
, date VARCHAR (25)
, time VARCHAR (15)
, code INT
, status MEDIUMTEXT
, message_id VARCHAR (100)
, read INT
);
/* Id: 5008564 Name: erx_ttl_touch */
create table erx_ttl_touch (
patient_id INT
, process VARCHAR (11)
, updated TIMESTAMP
);
/* Id: 5008566 Name: esign_signatures */
create table esign_signatures (
id INT
, tid INT
, table VARCHAR (255)
, uid INT
, datetime TIMESTAMP
, is_lock VARCHAR (0)
, amendment MEDIUMTEXT -- SENSITIVE: May contain patient information
, hash VARCHAR (255)
, signature_hash VARCHAR (255)
);
/* Id: 5008568 Name: export_job */
create table export_job (
id INT
, uuid MEDIUMBLOB
, user_id VARCHAR (40)
, client_id VARCHAR (80)
, status VARCHAR (40)
, start_time TIMESTAMP
, resource_include_time TIMESTAMP
, output_format VARCHAR (128)
, request_uri VARCHAR (128)
, resources MEDIUMTEXT -- SENSITIVE: May contain patient data references
, output MEDIUMTEXT -- SENSITIVE: May contain exported patient data
, errors MEDIUMTEXT
, access_token_id MEDIUMTEXT
);
/* Id: 5008570 Name: extended_log */
create table extended_log (
id INT
, date TIMESTAMP
, event VARCHAR (255)
, user VARCHAR (255)
, recipient VARCHAR (255)
, description MEDIUMTEXT -- SENSITIVE: May contain patient information
, patient_id INT
);
/* Id: 5008572 Name: external_encounters */
create table external_encounters (
ee_id INT
, ee_date TIMESTAMP
, ee_pid INT
, ee_provider_id VARCHAR (255)
, ee_facility_id VARCHAR (255)
, ee_encounter_diagnosis VARCHAR (255) -- SENSITIVE: Medical diagnosis information
, ee_external_id VARCHAR (255)
);
/* Id: 5008574 Name: external_procedures */
create table external_procedures (
ep_id INT
, ep_date TIMESTAMP
, ep_code_type VARCHAR (20)
, ep_code VARCHAR (9)
, ep_pid INT
, ep_encounter INT
, ep_code_text MEDIUMTEXT -- SENSITIVE: Medical procedure information
, ep_facility_id VARCHAR (255)
, ep_external_id VARCHAR (255)
);
/* Id: 5008576 Name: facility */
create table facility (
id INT
, uuid MEDIUMBLOB
, name VARCHAR (255)
, phone VARCHAR (30)
, fax VARCHAR (30)
, street VARCHAR (255)
, city VARCHAR (255)
, state VARCHAR (50)
, postal_code VARCHAR (11)
, country_code VARCHAR (30)
, federal_ein VARCHAR (15) -- SENSITIVE: Business tax identification
, website VARCHAR (255)
, email VARCHAR (255)
, service_location VARCHAR (0)
, billing_location VARCHAR (0)
, accepts_assignment VARCHAR (0)
, pos_code INT
, x12_sender_id VARCHAR (25)
, attn VARCHAR (65)
, domain_identifier VARCHAR (60)
, facility_npi VARCHAR (15) -- SENSITIVE: National Provider Identifier
, facility_taxonomy VARCHAR (15)
, tax_id_type VARCHAR (31)
, color VARCHAR (7)
, primary_business_entity INT
, facility_code VARCHAR (31)
, extra_validation VARCHAR (0)
, mail_street VARCHAR (30)
, mail_street2 VARCHAR (30)
, mail_city VARCHAR (50)
, mail_state VARCHAR (3)
, mail_zip VARCHAR (10)
, oid VARCHAR (255)
, iban VARCHAR (50)
, info MEDIUMTEXT
, weno_id VARCHAR (10)
, inactive VARCHAR (0)
, date_created TIMESTAMP
, last_updated TIMESTAMP
);
/* Id: 5008578 Name: facility_user_ids */
create table facility_user_ids (
id INT
, uid INT
, facility_id INT
, uuid MEDIUMBLOB
, field_id VARCHAR (31)
, field_value MEDIUMTEXT -- SENSITIVE: May contain user identification information
, date_created TIMESTAMP
, last_updated TIMESTAMP
);
/* Id: 5008580 Name: fee_schedule */
create table fee_schedule (
id INT
, insurance_company_id INT
, plan VARCHAR (20)
, code VARCHAR (10)
, modifier VARCHAR (2)
, type VARCHAR (20)
, fee DECIMAL(38,6)
, effective_date TIMESTAMP
);
/* Id: 5008582 Name: fee_sheet_options */
create table fee_sheet_options (
fs_category VARCHAR (63)
, fs_option VARCHAR (63)
, fs_codes VARCHAR (255)
);
/* Id: 5008584 Name: form_care_plan */
create table form_care_plan (
id INT
, date TIMESTAMP
, pid INT
, encounter VARCHAR (255)
, user VARCHAR (255)
, groupname VARCHAR (255)
, authorized INT
, activity INT
, code VARCHAR (255)
, codetext MEDIUMTEXT
, description MEDIUMTEXT -- SENSITIVE: Patient care plan details
, external_id VARCHAR (30)
, care_plan_type VARCHAR (30)
, note_related_to MEDIUMTEXT -- SENSITIVE: Patient care notes
, date_end TIMESTAMP
, reason_code VARCHAR (31)
, reason_description MEDIUMTEXT -- SENSITIVE: Medical reason descriptions
, reason_date_low TIMESTAMP
, reason_date_high TIMESTAMP
, reason_status VARCHAR (31)
);
/* Id: 5008586 Name: form_clinical_instructions */
create table form_clinical_instructions (
id INT
, pid INT
, encounter VARCHAR (255)
, user VARCHAR (255)
, instruction MEDIUMTEXT -- SENSITIVE: Clinical instructions for patients
, date TIMESTAMP
, activity INT
);
/* Id: 5008588 Name: form_clinical_notes */
create table form_clinical_notes (
id INT
, form_id INT
, uuid MEDIUMBLOB
, date TIMESTAMP
, pid INT
, encounter VARCHAR (255)
, user VARCHAR (255)
, groupname VARCHAR (255)
, authorized INT
, activity INT
, code VARCHAR (255)
, codetext MEDIUMTEXT
, description MEDIUMTEXT -- SENSITIVE: Clinical notes about patients
, external_id VARCHAR (30)
, clinical_notes_type VARCHAR (100)
, clinical_notes_category VARCHAR (100)
, note_related_to MEDIUMTEXT -- SENSITIVE: Patient-related notes
, last_updated TIMESTAMP
);
/* Id: 5008590 Name: form_dictation */
create table form_dictation (
id INT
, date TIMESTAMP
, pid INT
, user VARCHAR (255)
, groupname VARCHAR (255)
, authorized INT
, activity INT
, dictation MEDIUMTEXT -- SENSITIVE: Medical dictation content
, additional_notes MEDIUMTEXT -- SENSITIVE: Additional medical notes
);
/* Id: 5008592 Name: form_encounter */
create table form_encounter (
id INT
, uuid MEDIUMBLOB
, date TIMESTAMP
, reason MEDIUMTEXT -- SENSITIVE: Encounter reason/chief complaint
, facility MEDIUMTEXT
, facility_id INT
, pid INT
, encounter INT
, onset_date TIMESTAMP
, sensitivity VARCHAR (30)
, billing_note MEDIUMTEXT -- SENSITIVE: Billing information
, pc_catid INT
, last_level_billed INT
, last_level_closed INT
, last_stmt_date TIMESTAMP
, stmt_count INT
, provider_id INT
, supervisor_id INT
, invoice_refno VARCHAR (31)
, referral_source VARCHAR (31)
, billing_facility INT
, external_id VARCHAR (20)
, pos_code INT
, parent_encounter_id INT
, class_code VARCHAR (10)
, shift VARCHAR (31)
, voucher_number VARCHAR (255)
, discharge_disposition VARCHAR (100)
, encounter_type_code VARCHAR (31)
, encounter_type_description MEDIUMTEXT -- SENSITIVE: Encounter type details
, referring_provider_id INT
, date_end TIMESTAMP
, in_collection VARCHAR (0)
, last_update TIMESTAMP
, ordering_provider_id INT
);
/* Id: 5008594 Name: form_eye_acuity */
create table form_eye_acuity (
id INT
, pid INT
, SCODVA VARCHAR (25)
, SCOSVA VARCHAR (25)
, PHODVA VARCHAR (25)
, PHOSVA VARCHAR (25)
, CTLODVA VARCHAR (25)
, CTLOSVA VARCHAR (25)
, MRODVA VARCHAR (25)
, MROSVA VARCHAR (25)
, SCNEARODVA VARCHAR (25)
, SCNEAROSVA VARCHAR (25)
, MRNEARODVA VARCHAR (25)
, MRNEAROSVA VARCHAR (25)
, GLAREODVA VARCHAR (25)
, GLAREOSVA VARCHAR (25)
, GLARECOMMENTS VARCHAR (255)
, ARODVA VARCHAR (25)
, AROSVA VARCHAR (25)
, CRODVA VARCHAR (25)
, CROSVA VARCHAR (25)
, CTLODVA1 VARCHAR (25)
, CTLOSVA1 VARCHAR (25)
, PAMODVA VARCHAR (25)
, PAMOSVA VARCHAR (25)
, LIODVA VARCHAR (25)
, LIOSVA VARCHAR (25)
, WODVANEAR VARCHAR (25)
, OSVANEARCC VARCHAR (25)
, BINOCVA VARCHAR (25)
);
/* Id: 5008596 Name: form_eye_antseg */
create table form_eye_antseg (
id INT
, pid INT
, ODSCHIRMER1 VARCHAR (25)
, OSSCHIRMER1 VARCHAR (25)
, ODSCHIRMER2 VARCHAR (25)
, OSSCHIRMER2 VARCHAR (25)
, ODTBUT VARCHAR (25)
, OSTBUT VARCHAR (25)
, OSCONJ VARCHAR (25)
, ODCONJ MEDIUMTEXT -- SENSITIVE: Eye examination data
, ODCORNEA MEDIUMTEXT -- SENSITIVE: Eye examination data
, OSCORNEA MEDIUMTEXT -- SENSITIVE: Eye examination data
, ODAC MEDIUMTEXT -- SENSITIVE: Eye examination data
, OSAC MEDIUMTEXT -- SENSITIVE: Eye examination data
, ODLENS MEDIUMTEXT -- SENSITIVE: Eye examination data
, OSLENS MEDIUMTEXT -- SENSITIVE: Eye examination data
, ODIRIS MEDIUMTEXT -- SENSITIVE: Eye examination data
, OSIRIS MEDIUMTEXT -- SENSITIVE: Eye examination data
, PUPIL_NORMAL VARCHAR (2)
, ODPUPILSIZE1 VARCHAR (25)
, ODPUPILSIZE2 VARCHAR (25)
, ODPUPILREACTIVITY VARCHAR (25)
, ODAPD VARCHAR (25)
, OSPUPILSIZE1 VARCHAR (25)
, OSPUPILSIZE2 VARCHAR (25)
, OSPUPILREACTIVITY VARCHAR (25)
, OSAPD VARCHAR (25)
, DIMODPUPILSIZE1 VARCHAR (25)
, DIMODPUPILSIZE2 VARCHAR (25)
, DIMODPUPILREACTIVITY VARCHAR (25)
, DIMOSPUPILSIZE1 VARCHAR (25)
, DIMOSPUPILSIZE2 VARCHAR (25)
, DIMOSPUPILREACTIVITY VARCHAR (25)
, PUPIL_COMMENTS MEDIUMTEXT -- SENSITIVE: Eye examination notes
, ODKTHICKNESS VARCHAR (25)
, OSKTHICKNESS VARCHAR (25)
, ODGONIO VARCHAR (25)
, OSGONIO VARCHAR (25)
, ANTSEG_COMMENTS MEDIUMTEXT -- SENSITIVE: Eye examination notes
);
/* Id: 5008598 Name: form_eye_base */
create table form_eye_base (
id INT
, date TIMESTAMP
, pid INT
, user VARCHAR (255)
, groupname VARCHAR (255)
, authorized INT
, activity INT
);
/* Id: 5008600 Name: form_eye_biometrics */
create table form_eye_biometrics (
id INT
, pid INT
, ODK1 VARCHAR (10)
, ODK2 VARCHAR (10)
, ODK2AXIS VARCHAR (10)
, OSK1 VARCHAR (10)
, OSK2 VARCHAR (10)
, OSK2AXIS VARCHAR (10)
, ODAXIALLENGTH VARCHAR (20)
, OSAXIALLENGTH VARCHAR (20)
, ODPDMeasured VARCHAR (20)
, OSPDMeasured VARCHAR (20)
, ODACD VARCHAR (20)
, OSACD VARCHAR (20)
, ODW2W VARCHAR (20)
, OSW2W VARCHAR (20)
, ODLT VARCHAR (20)
, OSLT VARCHAR (20)
);
/* Id: 5008602 Name: form_eye_external */
create table form_eye_external (
id INT
, pid INT
, RUL MEDIUMTEXT -- SENSITIVE: Eye examination data
, LUL MEDIUMTEXT -- SENSITIVE: Eye examination data
, RLL MEDIUMTEXT -- SENSITIVE: Eye examination data
, LLL MEDIUMTEXT -- SENSITIVE: Eye examination data
, RBROW MEDIUMTEXT -- SENSITIVE: Eye examination data
, LBROW MEDIUMTEXT -- SENSITIVE: Eye examination data
, RMCT MEDIUMTEXT -- SENSITIVE: Eye examination data
, LMCT MEDIUMTEXT -- SENSITIVE: Eye examination data
, RADNEXA MEDIUMTEXT -- SENSITIVE: Eye examination data
, LADNEXA MEDIUMTEXT -- SENSITIVE: Eye examination data
, RMRD VARCHAR (25)
, LMRD VARCHAR (25)
, RLF VARCHAR (25)
, LLF VARCHAR (25)
, RVFISSURE VARCHAR (25)
, LVFISSURE VARCHAR (25)
, ODHERTEL VARCHAR (25)
, OSHERTEL VARCHAR (25)
, HERTELBASE VARCHAR (25)
, RCAROTID MEDIUMTEXT -- SENSITIVE: Eye examination data
, LCAROTID MEDIUMTEXT -- SENSITIVE: Eye examination data
, RTEMPART MEDIUMTEXT -- SENSITIVE: Eye examination data
, LTEMPART MEDIUMTEXT -- SENSITIVE: Eye examination data
, RCNV MEDIUMTEXT -- SENSITIVE: Eye examination data
, LCNV MEDIUMTEXT -- SENSITIVE: Eye examination data
, RCNVII MEDIUMTEXT -- SENSITIVE: Eye examination data
, LCNVII MEDIUMTEXT -- SENSITIVE: Eye examination data
, EXT_COMMENTS MEDIUMTEXT -- SENSITIVE: Eye examination notes
);
/* Id: 5008604 Name: form_eye_hpi */
create table form_eye_hpi (
id INT
, pid INT
, CC1 VARCHAR (255) -- SENSITIVE: Chief complaint
, HPI1 MEDIUMTEXT -- SENSITIVE: History of present illness
, QUALITY1 VARCHAR (255)
, TIMING1 VARCHAR (255)
, DURATION1 VARCHAR (255)
, CONTEXT1 VARCHAR (255)
, SEVERITY1 VARCHAR (255)
, MODIFY1 VARCHAR (255)
, ASSOCIATED1 VARCHAR (255)
, LOCATION1 VARCHAR (255)
, CHRONIC1 VARCHAR (255)
, CHRONIC2 VARCHAR (255)
, CHRONIC3 VARCHAR (255)
, CC2 MEDIUMTEXT -- SENSITIVE: Chief complaint
, HPI2 MEDIUMTEXT -- SENSITIVE: History of present illness
, QUALITY2 MEDIUMTEXT
, TIMING2 MEDIUMTEXT
, DURATION2 MEDIUMTEXT
, CONTEXT2 MEDIUMTEXT
, SEVERITY2 MEDIUMTEXT
, MODIFY2 MEDIUMTEXT
, ASSOCIATED2 MEDIUMTEXT
, LOCATION2 MEDIUMTEXT
, CC3 MEDIUMTEXT -- SENSITIVE: Chief complaint
, HPI3 MEDIUMTEXT -- SENSITIVE:
I'll need to break this down into smaller sections. Let me start with the first part of the file focusing on the most critical tables for sensitive data:
/* Table Schema SQL (mysql format) for [openEMR] */
/* Id: 5008448 Name: addresses */
create table addresses (
id INT
, line1 VARCHAR (255) -- SENSITIVE: Physical address information
, line2 VARCHAR (255) -- SENSITIVE: Physical address information
, city VARCHAR (255) -- SENSITIVE: Location information
, state VARCHAR (35) -- SENSITIVE: Location information
, zip VARCHAR (10) -- SENSITIVE: Location information
, plus_four VARCHAR (4) -- SENSITIVE: Location information
, country VARCHAR (255) -- SENSITIVE: Location information
, foreign_id INT
, district VARCHAR (255) -- SENSITIVE: Location information
);
/* Id: 5008450 Name: amc_misc_data */
create table amc_misc_data (
amc_id VARCHAR (31)
, pid INT -- SENSITIVE: Patient identifier
, map_category VARCHAR (255)
, map_id INT
, date_cr
Let me create a new file with the sensitive data analysis:
/* OpenEMR Database Schema - Sensitive Data Analysis */
/* This file identifies columns containing sensitive data, PII, confidential business information, or data revealing sensitive personal information */
/* ===================================================== */
/* HIGH RISK TABLES - Contains extensive PII and PHI */
/* ===================================================== */
/* Table: patient_data - Contains core patient demographic and personal information */
create table patient_data (
id INT
, uuid MEDIUMBLOB -- SENSITIVE: Unique patient identifier
, title VARCHAR (255)
, language VARCHAR (255)
, financial VARCHAR (255) -- SENSITIVE: Financial information
, fname VARCHAR (255) -- PII: First name
, lname VARCHAR (255) -- PII: Last name
, mname VARCHAR (255) -- PII: Middle name
, DOB TIMESTAMP -- PII: Date of birth
, street VARCHAR (255) -- PII: Street address
, postal_code VARCHAR (255) -- PII: ZIP/Postal code
, city VARCHAR (255) -- PII: City
, state VARCHAR (255) -- PII: State/Province
, country_code VARCHAR (255)
, drivers_license VARCHAR (255) -- PII: Driver's license number
, ss VARCHAR (255) -- PII: Social Security Number
, occupation MEDIUMTEXT -- SENSITIVE: Employment information
, phone_home VARCHAR (255) -- PII: Home phone number
, phone_biz VARCHAR (255) -- PII: Business phone number
, phone_contact VARCHAR (255) -- PII: Contact phone number
, phone_cell VARCHAR (255) -- PII: Cell phone number
, pharmacy_id INT
, status VARCHAR (255)
, contact_relationship VARCHAR (255)
, date TIMESTAMP
, sex VARCHAR (255) -- PII: Gender/Sex
, referrer VARCHAR (255)
, referrerID VARCHAR (255)
, providerID INT
, ref_providerID INT
, email VARCHAR (255) -- PII: Email address
, email_direct VARCHAR (255) -- PII: Direct email address
, ethnoracial VARCHAR (255) -- SENSITIVE: Racial/ethnic information
, race VARCHAR (255) -- SENSITIVE: Race information
, ethnicity VARCHAR (255) -- SENSITIVE: Ethnicity information
, religion VARCHAR (40) -- SENSITIVE: Religious information
, interpretter VARCHAR (255)
, migrantseasonal VARCHAR (255) -- SENSITIVE: Migration status
, family_size VARCHAR (255) -- SENSITIVE: Family information
, monthly_income VARCHAR (255) -- SENSITIVE: Financial information
);
/* Table: users - Contains healthcare provider and staff information */
create table users (
id INT
, uuid MEDIUMBLOB -- SENSITIVE: Unique user identifier
, username VARCHAR (255) -- SENSITIVE: Login username
, password MEDIUMTEXT -- SENSITIVE: Encrypted password
, authorized INT
, info MEDIUMTEXT
, source INT
, fname VARCHAR (255) -- PII: First name
, mname VARCHAR (255) -- PII: Middle name
, lname VARCHAR (255) -- PII: Last name
, suffix VARCHAR (255)
, federaltaxid VARCHAR (255) -- SENSITIVE: Tax ID information
, federaldrugid VARCHAR (255) -- SENSITIVE: DEA number
, upin VARCHAR (255) -- SENSITIVE: Unique Physician Identifier
, facility VARCHAR (255)
, facility_id INT
, see_auth INT
, active VARCHAR (0)
, npi VARCHAR (15) -- SENSITIVE: National Provider Identifier
, title VARCHAR (30)
, specialty VARCHAR (255) -- SENSITIVE: Medical specialty
, billname VARCHAR (255)
, email VARCHAR (255) -- PII: Email address
, email_direct VARCHAR (255) -- PII: Direct email address
, google_signin_email VARCHAR (255) -- PII: Google account email
, url VARCHAR (255)
, assistant VARCHAR (255)
, organization VARCHAR (255)
, valedictory VARCHAR (255)
, street VARCHAR (60) -- PII: Street address
, streetb VARCHAR (60) -- PII: Street address line 2
, city VARCHAR (30) -- PII: City
, state VARCHAR (30) -- PII: State
, zip VARCHAR (20) -- PII: ZIP code
, street2 VARCHAR (60) -- PII: Secondary street address
, streetb2 VARCHAR (60) -- PII: Secondary street address line 2
, city2 VARCHAR (30) -- PII: Secondary city
, state2 VARCHAR (30) -- PII: Secondary state
, zip2 VARCHAR (20) -- PII: Secondary ZIP code
, phone VARCHAR (30) -- PII: Phone number
);
/* Table: users_secure - Contains sensitive user authentication data */
create table users_secure (
id INT
, username VARCHAR (255) -- SENSITIVE: Login username
, password VARCHAR (255) -- SENSITIVE: Encrypted password
, last_update_password TIMESTAMP
, last_update TIMESTAMP
, password_history1 VARCHAR (255) -- SENSITIVE: Previous password
, password_history2 VARCHAR (255) -- SENSITIVE: Previous password
, password_history3 VARCHAR (255) -- SENSITIVE: Previous password
, password_history4 VARCHAR (255) -- SENSITIVE: Previous password
, last_challenge_response TIMESTAMP
, login_work_area MEDIUMTEXT -- SENSITIVE: Work area information
, total_login_fail_counter INT -- SENSITIVE: Security information
, login_fail_counter INT -- SENSITIVE: Security information
, last_login_fail TIMESTAMP -- SENSITIVE: Security information
, auto_block_emailed INT -- SENSITIVE: Security information
);
/* Table: addresses - Contains address information for various entities */
create table addresses (
id INT
, line1 VARCHAR (255) -- PII: Street address line 1
, line2 VARCHAR (255) -- PII: Street address line 2
, city VARCHAR (255) -- PII: City
, state VARCHAR (35) -- PII: State/Province
, zip VARCHAR (10) -- PII: ZIP/Postal code
, plus_four VARCHAR (4) -- PII: ZIP+4 extension
, country VARCHAR (255)
, foreign_id INT
, district VARCHAR (255)
);
/* Table: phone_numbers - Contains phone number information */
create table phone_numbers (
id INT
, country_code VARCHAR (5)
, area_code VARCHAR (3) -- PII: Area code
, prefix VARCHAR (3) -- PII: Phone prefix
, number VARCHAR (4) -- PII: Phone number
, type INT
, foreign_id INT
);
/* Table: insurance_data - Contains sensitive insurance and financial information */
create table insurance_data (
id INT
, uuid MEDIUMBLOB -- SENSITIVE: Unique identifier
, type VARCHAR (9)
, provider VARCHAR (255)
, plan_name VARCHAR (255)
, policy_number VARCHAR (255) -- SENSITIVE: Insurance policy number
, group_number VARCHAR (255) -- SENSITIVE: Group policy number
, subscriber_lname VARCHAR (255) -- PII: Subscriber last name
, subscriber_mname VARCHAR (255) -- PII: Subscriber middle name
, subscriber_fname VARCHAR (255) -- PII: Subscriber first name
, subscriber_relationship VARCHAR (255)
, subscriber_ss VARCHAR (255) -- PII: Social Security Number
, subscriber_DOB TIMESTAMP -- PII: Date of birth
, subscriber_street VARCHAR (255) -- PII: Street address
, subscriber_postal_code VARCHAR (255) -- PII: ZIP/Postal code
, subscriber_city VARCHAR (255) -- PII: City
, subscriber_state VARCHAR (255) -- PII: State
, subscriber_country VARCHAR (255)
, subscriber_phone VARCHAR (255) -- PII: Phone number
, subscriber_employer VARCHAR (255) -- SENSITIVE: Employer information
, subscriber_employer_street VARCHAR (255) -- SENSITIVE: Employer address
, subscriber_employer_postal_code VARCHAR (255) -- SENSITIVE: Employer ZIP
, subscriber_employer_state VARCHAR (255) -- SENSITIVE: Employer state
, subscriber_employer_country VARCHAR (255) -- SENSITIVE: Employer country
, subscriber_employer_city VARCHAR (255) -- SENSITIVE: Employer city
, copay VARCHAR (255) -- SENSITIVE: Financial information
, date TIMESTAMP
, pid INT
, subscriber_sex VARCHAR (25) -- PII: Gender/Sex
, accept_assignment VARCHAR (5)
, policy_type VARCHAR (25)
, subscriber_street_line_2 MEDIUMTEXT -- PII: Street address line 2
, subscriber_employer_street_line_ MEDIUMTEXT -- SENSITIVE: Employer address line 2
, date_end TIMESTAMP
);
/* Table: billing - Contains financial and billing information */
create table billing (
id INT
, date TIMESTAMP
, code_type VARCHAR (15)
, code VARCHAR (20)
, pid INT
, provider_id INT
, user INT
, groupname VARCHAR (255)
, authorized VARCHAR (0)
, encounter INT
, code_text MEDIUMTEXT
, billed VARCHAR (0)
, activity VARCHAR (0)
, payer_id INT
, bill_process INT
, bill_date TIMESTAMP
, process_date TIMESTAMP
, process_file VARCHAR (255)
, modifier VARCHAR (12)
, units INT
, fee DECIMAL(38,6) -- SENSITIVE: Financial amount
, justify VARCHAR (255)
, target VARCHAR (30)
, x12_partner_id INT
, ndc_info VARCHAR (255)
, notecodes VARCHAR (25)
, external_id VARCHAR (20)
, pricelevel VARCHAR (31)
, revenue_code VARCHAR (6)
, chargecat VARCHAR (31)
);
/* Table: form_encounter - Contains clinical encounter information */
create table form_encounter (
id INT
, uuid MEDIUMBLOB -- SENSITIVE: Unique encounter identifier
, date TIMESTAMP
, reason MEDIUMTEXT -- SENSITIVE: Clinical reason for visit
, facility MEDIUMTEXT
, facility_id INT
, pid INT
, encounter INT
, onset_date TIMESTAMP
, sensitivity VARCHAR (30) -- SENSITIVE: Sensitivity level
, billing_note MEDIUMTEXT -- SENSITIVE: Billing information
, pc_catid INT
, last_level_billed INT
, last_level_closed INT
, last_stmt_date TIMESTAMP
, stmt_count INT
, provider_id INT
, supervisor_id INT
, invoice_refno VARCHAR (31) -- SENSITIVE: Invoice reference
, referral_source VARCHAR (31)
, billing_facility INT
, external_id VARCHAR (20)
, pos_code INT
, parent_encounter_id INT
, class_code VARCHAR (10)
, shift VARCHAR (31)
, voucher_number VARCHAR (255) -- SENSITIVE: Voucher information
, discharge_disposition VARCHAR (100) -- SENSITIVE: Discharge information
, encounter_type_code VARCHAR (31)
, encounter_type_description MEDIUMTEXT -- SENSITIVE: Clinical description
, referring_provider_id INT
, date_end TIMESTAMP
, in_collection VARCHAR (0) -- SENSITIVE: Collection status
, last_update TIMESTAMP
, ordering_provider_id INT
);
/* Table: form_soap - Contains clinical SOAP notes */
create table form_soap (
id INT
, date TIMESTAMP
, pid INT
, user VARCHAR (255)
, groupname VARCHAR (255)
, authorized INT
, activity INT
, subjective MEDIUMTEXT -- SENSITIVE: Patient subjective information
, objective MEDIUMTEXT -- SENSITIVE: Clinical objective findings
, assessment MEDIUMTEXT -- SENSITIVE: Clinical assessment
, plan MEDIUMTEXT -- SENSITIVE: Treatment plan
);
/* Table: form_vitals - Contains patient vital signs */
create table form_vitals (
id INT
, uuid MEDIUMBLOB -- SENSITIVE: Unique vital signs identifier
, date TIMESTAMP
, pid INT
, user VARCHAR (255)
, groupname VARCHAR (255)
, authorized INT
, activity INT
, bps VARCHAR (40) -- SENSITIVE: Blood pressure systolic
, bpd VARCHAR (40) -- SENSITIVE: Blood pressure diastolic
, weight DECIMAL(38,6) -- SENSITIVE: Patient weight
, height DECIMAL(38,6) -- SENSITIVE: Patient height
, temperature DECIMAL(38,6) -- SENSITIVE: Patient temperature
, temp_method VARCHAR (255)
, pulse DECIMAL(38,6) -- SENSITIVE: Patient pulse
, respiration DECIMAL(38,6) -- SENSITIVE: Patient respiration
, note VARCHAR (255) -- SENSITIVE: Clinical notes
, BMI DECIMAL(38,6) -- SENSITIVE: Body Mass Index
, BMI_status VARCHAR (255) -- SENSITIVE: BMI status
, waist_circ DECIMAL(38,6) -- SENSITIVE: Waist circumference
, head_circ DECIMAL(38,6) -- SENSITIVE: Head circumference
, oxygen_saturation DECIMAL(38,6) -- SENSITIVE: Oxygen saturation
, oxygen_flow_rate DECIMAL(38,6) -- SENSITIVE: Oxygen flow rate
, external_id VARCHAR (20)
, ped_weight_height DECIMAL(38,6) -- SENSITIVE: Pediatric measurements
, ped_bmi DECIMAL(38,6) -- SENSITIVE: Pediatric BMI
, ped_head_circ DECIMAL(38,6) -- SENSITIVE: Pediatric head circumference
, inhaled_oxygen_concentration DECIMAL(38,6) -- SENSITIVE: Oxygen concentration
, last_updated TIMESTAMP
);
/* Table: lists - Contains patient problem lists and medical history */
create table lists (
id INT
, uuid MEDIUMBLOB -- SENSITIVE: Unique list identifier
, date TIMESTAMP
, type VARCHAR (255)
, subtype VARCHAR (31)
, title VARCHAR (255)
, udi VARCHAR (255)
, udi_data MEDIUMTEXT
, begdate TIMESTAMP
, enddate TIMESTAMP
, returndate TIMESTAMP
, occurrence INT
, classification INT
, referredby VARCHAR (255)
, extrainfo VARCHAR (255)
, diagnosis VARCHAR (255) -- SENSITIVE: Medical diagnosis
, activity INT
, comments MEDIUMTEXT -- SENSITIVE: Clinical comments
, pid INT
, user VARCHAR (255)
, groupname VARCHAR (255)
, outcome INT
, destination VARCHAR (255)
, reinjury_id INT
, injury_part VARCHAR (31) -- SENSITIVE: Injury information
, injury_type VARCHAR (31) -- SENSITIVE: Injury type
, injury_grade VARCHAR (31) -- SENSITIVE: Injury severity
, reaction VARCHAR (255) -- SENSITIVE: Allergic reactions
, verification VARCHAR (36)
, external_allergyid INT
, erx_source VARCHAR (2)
, erx_uploaded VARCHAR (2)
, modifydate TIMESTAMP
, severity_al VARCHAR (50) -- SENSITIVE: Allergy severity
, external_id VARCHAR (20)
, list_option_id VARCHAR (100)
);
/* Table: prescriptions - Contains medication prescription information */
create table prescriptions (
id INT
, uuid MEDIUMBLOB -- SENSITIVE: Unique prescription identifier
, patient_id INT
, filled_by_id INT
, pharmacy_id INT
, date_added TIMESTAMP
, date_modified TIMESTAMP
, provider_id INT
, encounter INT
, start_date TIMESTAMP
, drug VARCHAR (150) -- SENSITIVE: Medication name
, drug_id INT
, rxnorm_drugcode VARCHAR (25)
, form INT
, dosage VARCHAR (100) -- SENSITIVE: Medication dosage
, quantity VARCHAR (31)
, size VARCHAR (25)
, unit INT
, route VARCHAR (100) -- SENSITIVE: Administration route
, interval INT
, substitute INT
, refills INT
, per_refill INT
, filled_date TIMESTAMP
, medication INT
, note MEDIUMTEXT -- SENSITIVE: Clinical notes
, active INT
, datetime TIMESTAMP
, user VARCHAR (50)
, site VARCHAR (50)
, prescriptionguid VARCHAR (50)
, erx_source INT
, erx_uploaded INT
, drug_info_erx MEDIUMTEXT -- SENSITIVE: Drug information
, external_id VARCHAR (20)
, end_date TIMESTAMP
, indication MEDIUMTEXT -- SENSITIVE: Clinical indication
, prn VARCHAR (30)
, ntx INT
, rtx INT
);
/* Table: immunizations - Contains vaccination and immunization records */
create table immunizations (
id INT
, uuid MEDIUMBLOB -- SENSITIVE: Unique immunization identifier
, patient_id INT
, administered_date TIMESTAMP
, immunization_id INT
, cvx_code VARCHAR (64)
, manufacturer VARCHAR (100)
, lot_number VARCHAR (50) -- SENSITIVE: Vaccine lot number
, administered_by_id INT
, administered_by VARCHAR (255)
, education_date TIMESTAMP
, vis_date TIMESTAMP
, note MEDIUMTEXT -- SENSITIVE: Clinical notes
, create_date TIMESTAMP
, update_date TIMESTAMP
, created_by INT
, updated_by INT
, amount_administered DECIMAL(38,6) -- SENSITIVE: Dosage amount
, amount_administered_unit VARCHAR (50)
, expiration_date TIMESTAMP
, route VARCHAR (100) -- SENSITIVE: Administration route
, administration_site VARCHAR (100) -- SENSITIVE: Injection site
, added_erroneously VARCHAR (0)
, external_id VARCHAR (20)
, completion_status VARCHAR (50)
, information_source VARCHAR (31)
, refusal_reason VARCHAR (31) -- SENSITIVE: Vaccine refusal reason
, ordering_provider INT
, reason_code VARCHAR (31)
, reason_description MEDIUMTEXT -- SENSITIVE: Clinical reason
);
/* Table: documents - Contains patient documents and files */
create table documents (
id INT
, uuid MEDIUMBLOB -- SENSITIVE: Unique document identifier
, type VARCHAR (9)
, size INT
, date TIMESTAMP
, date_expires TIMESTAMP
, url VARCHAR (255)
, thumb_url VARCHAR (255)
, mimetype VARCHAR (255)
, pages INT
, owner INT
, revision TIMESTAMP
, foreign_id INT
, docdate TIMESTAMP
, hash VARCHAR (255)
, list_id INT
, name VARCHAR (255)
, drive_uuid MEDIUMBLOB -- SENSITIVE: Storage identifier
, couch_docid VARCHAR (100)
, couch_revid VARCHAR (100)
, storagemethod INT
, path_depth INT
, imported INT
, encounter_id INT
, encounter_check VARCHAR (0)
, audit_master_approval_status INT
, audit_master_id INT
, documentationOf VARCHAR (255)
, encrypted INT
, document_data MEDIUMTEXT -- SENSITIVE: Document content
, deleted VARCHAR (0)
, foreign_reference_id INT
, foreign_reference_table VARCHAR (40)
);
/* Table: log - Contains system audit and activity logs */
create table log (
id INT
, date TIMESTAMP
, event VARCHAR (255)
, category VARCHAR (255)
, user VARCHAR (255)
, groupname VARCHAR (255)
, comments MEDIUMTEXT -- SENSITIVE: May contain clinical information
, user_notes MEDIUMTEXT -- SENSITIVE: User notes
, patient_id INT
, success VARCHAR (0)
, checksum MEDIUMTEXT
, crt_user VARCHAR (255)
, log_from VARCHAR (20)
, menu_item_id INT
, ccda_doc_id INT
);
/* Table: pnotes - Contains patient notes and communications */
create table pnotes (
id INT
, date TIMESTAMP
, body MEDIUMTEXT -- SENSITIVE: Clinical notes content
, pid INT
, user VARCHAR (255)
, groupname VARCHAR (255)
, activity INT
, authorized INT
, title VARCHAR (255)
, assigned_to VARCHAR (255)
, deleted INT
, message_status VARCHAR (20)
, portal_relation VARCHAR (100)
, is_msg_encrypted INT
, update_by INT
, update_date TIMESTAMP
);
/* Table: onsite_portal_activity - Contains patient portal activity tracking */
create table onsite_portal_activity (
id INT
, date TIMESTAMP
, patient_id INT
, activity VARCHAR (255) -- SENSITIVE: Patient activity information
, require_audit VARCHAR (0)
, pending_action VARCHAR (255)
, action_taken VARCHAR (255)
, status VARCHAR (255)
, narrative MEDIUMTEXT -- SENSITIVE: Activity narrative
, table_action MEDIUMTEXT
, table_args MEDIUMTEXT
, action_user INT
, action_taken_time TIMESTAMP
, checksum MEDIUMTEXT
);
/* ===================================================== */
/* MEDIUM RISK TABLES - Contains some sensitive data */
/* ===================================================== */
/* Table: facility - Contains healthcare facility information */
create table facility (
id INT
, uuid MEDIUMBLOB -- SENSITIVE: Unique facility identifier
, name VARCHAR (255)
, phone VARCHAR (30) -- PII: Phone number
, fax VARCHAR (30) -- PII: Fax number
, street VARCHAR (255) -- PII: Street address
, city VARCHAR (255) -- PII: City
, state VARCHAR (50) -- PII: State
, postal_code VARCHAR (11) -- PII: ZIP/Postal code
, country_code VARCHAR (30)
, federal_ein VARCHAR (15) -- SENSITIVE: Tax ID
, website VARCHAR (255)
, email VARCHAR (255) -- PII: Email address
, service_location VARCHAR (0)
, billing_location VARCHAR (0)
, accepts_assignment VARCHAR (0)
, pos_code INT
, x12_sender_id VARCHAR (25)
, attn VARCHAR (65)
, domain_identifier VARCHAR (60)
, facility_npi VARCHAR (15) -- SENSITIVE: NPI number
, facility_taxonomy VARCHAR (15)
, tax_id_type VARCHAR (31)
, color VARCHAR (7)
, primary_business_entity INT
, facility_code VARCHAR (31)
, extra_validation VARCHAR (0)
, mail_street VARCHAR (30) -- PII: Mailing address
, mail_street2 VARCHAR (30) -- PII: Mailing address line 2
, mail_city VARCHAR (50) -- PII: Mailing city
, mail_state VARCHAR (3) -- PII: Mailing state
, mail_zip VARCHAR (10) -- PII: Mailing ZIP
, oid VARCHAR (255)
, iban VARCHAR (50) -- SENSITIVE: Bank account information
, info MEDIUMTEXT
, weno_id VARCHAR (10)
, inactive VARCHAR (0)
, date_created TIMESTAMP
, last_updated TIMESTAMP
);
/* Table: insurance_companies - Contains insurance company information */
create table insurance_companies (
id INT
, uuid MEDIUMBLOB -- SENSITIVE: Unique identifier
, name VARCHAR (255)
, attn VARCHAR (255)
, cms_id VARCHAR (15) -- SENSITIVE: CMS identifier
, ins_type_code INT
, x12_receiver_id VARCHAR (25)
, x12_default_partner_id INT
, alt_cms_id VARCHAR (15) -- SENSITIVE: Alternative CMS identifier
, inactive VARCHAR (0)
, eligibility_id VARCHAR (32)
, x12_default_eligibility_id INT
, cqm_sop INT
, date_created TIMESTAMP
, last_updated TIMESTAMP
);
/* Table: pharmacies - Contains pharmacy information */
create table pharmacies (
id INT
, name VARCHAR (255)
, transmit_method INT
, email VARCHAR (255) -- PII: Email address
, ncpdp INT -- SENSITIVE: NCPDP identifier
, npi INT -- SENSITIVE: NPI number
);
/* ===================================================== */
/* LOW RISK TABLES - Minimal sensitive data */
/* ===================================================== */
/* Table: globals - Contains system configuration */
create table globals (
gl_name VARCHAR (63)
, gl_index INT
, gl_value VARCHAR (255) -- May contain configuration data
);
/* Table: version - Contains system version information */
create table version (
v_major INT
, v_minor INT
, v_patch INT
, v_realpatch INT
, v_tag VARCHAR (31)
, v_database INT
, v_acl INT
);
/* ===================================================== */
/* SECURITY RECOMMENDATIONS */
/* ===================================================== */
/*
1. ENCRYPTION: All PII and PHI fields should be encrypted at rest
2. ACCESS CONTROL: Implement role-based access control (RBAC)
3. AUDIT LOGGING: Log all access to sensitive data
4. DATA RETENTION: Implement data retention policies
5. BACKUP SECURITY: Secure backup procedures for sensitive data
6. NETWORK SECURITY: Use HTTPS/TLS for all data transmission
7. REGULAR AUDITS: Conduct regular security assessments
8. STAFF TRAINING: Train staff on data privacy and security
9. INCIDENT RESPONSE: Have incident response plan for data breaches
10. COMPLIANCE: Ensure HIPAA and other regulatory compliance
*/
/* ===================================================== */
/* DATA CLASSIFICATION SUMMARY */
/* ===================================================== */
/*
HIGH RISK (Requires immediate attention):
- patient_data: Contains extensive PII and PHI
- users: Contains staff PII and credentials
- users_secure: Contains authentication data
- form_encounter: Contains clinical encounter data
- form_soap: Contains clinical notes
- form_vitals: Contains patient vital signs
- lists: Contains medical history and problems
- prescriptions: Contains medication information
- immunizations: Contains vaccination records
- documents: Contains patient documents
- log: Contains audit trails
- pnotes: Contains patient notes
- onsite_portal_activity: Contains patient activity
MEDIUM RISK (Requires attention):
- addresses: Contains address information
- phone_numbers: Contains phone information
- insurance_data: Contains insurance information
- billing: Contains financial information
- facility: Contains facility information
- insurance_companies: Contains company identifiers
- pharmacies: Contains pharmacy identifiers
LOW RISK (Minimal concern):
- globals: System configuration
- version: System version information
- Most lookup and reference tables
*/
I've created a comprehensive analysis of the OpenEMR database schema identifying columns containing sensitive data, PII, confidential business information, or data revealing sensitive personal information. Here's a summary of what I found:
HIGH RISK TABLES (Requires immediate attention):
Core Patient Data:
patient_data- Contains extensive PII including names, DOB, SSN, addresses, phone numbers, email, financial info, race/ethnicity, religion, and family informationform_encounter- Contains clinical encounter reasons, billing notes, and discharge informationform_soap- Contains subjective, objective, assessment, and plan clinical notesform_vitals- Contains patient vital signs, measurements, and clinical noteslists- Contains medical diagnoses, injury information, allergic reactions, and clinical commentsprescriptions- Contains medication names, dosages, routes, and clinical notesimmunizations- Contains vaccination records, lot numbers, and clinical reasons
User and Authentication:
users- Contains staff PII, credentials, tax IDs, DEA numbers, NPIs, and contact informationusers_secure- Contains passwords, password history, and security information
Documents and Communications:
documents- Contains patient documents and file contentpnotes- Contains patient clinical notes and communicationslog- Contains audit trails that may include clinical information
MEDIUM RISK TABLES (Requires attention):
addresses- Contains address informationphone_numbers- Contains phone number informationinsurance_data- Contains insurance policy numbers, subscriber PII, and financial informationbilling- Contains financial amounts and billing informationfacility- Contains facility identifiers, tax IDs, and contact information
Key Security Recommendations:
- Encryption: All PII and PHI fields should be encrypted at rest
- Access Control: Implement role-based access control (RBAC)
- Audit Logging: Log all access to sensitive data
- Data Retention: Implement data retention policies
- Network Security: Use HTTPS/TLS for all data transmission
- Compliance: Ensure HIPAA and other regulatory compliance
The analysis shows that OpenEMR contains extensive sensitive healthcare data that requires robust security measures to protect patient privacy and comply with healthcare regulations.