From 18501d07b8548e60cdf2b9d251192e93ef36120e Mon Sep 17 00:00:00 2001
From: "sas.fajri" <sas.fajri@gmail.com>
Date: Sun, 31 May 2026 15:26:57 +0700
Subject: [PATCH] FHM31052601IBL - batalkan enkripsi mcu_resume_results JSON

JSON tidak mengandung PII langsung (nama/NIK/DOB/alamat).
Enkripsi akan memberatkan global MCU report.
Data source (t_orderdetail) sudah dienkripsi.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 docs/pdp-encryption-runbook.md                        | 2 +-
 sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql | 8 +++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/docs/pdp-encryption-runbook.md b/docs/pdp-encryption-runbook.md
index 44cb5737..bf11e742 100644
--- a/docs/pdp-encryption-runbook.md
+++ b/docs/pdp-encryption-runbook.md
@@ -177,7 +177,7 @@ sudo truncate -s 0 /var/log/btmp
 - `t_orderheader`: `T_OrderHeaderDiagnose`
 - `t_orderdelivery`: `T_OrderDeliveryDestination`
 - `so_resultentrydetail`, `so_resultentry_fisik_umum`, dll
-- `mcu_resume_results`: `Mcu_ResumeResultsJSON`
+- `mcu_resume_results`: **TIDAK dienkripsi** — JSON hanya berisi nilai lab (angka/flag) tanpa nama/NIK/DOB/alamat. Enkripsi membuat global MCU report berat.
 
 #### Log
 - `one_lab_log.log_patient`: `Log_PatientJsonBefore/After`
diff --git a/sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql b/sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql
index 53106da2..ea3493d6 100644
--- a/sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql
+++ b/sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql
@@ -120,10 +120,12 @@ ALTER TABLE one_lab.member_eligible
     ADD COLUMN Member_EligibleDescription_enc TEXT NULL AFTER Member_EligibleDescription;
 
 -- ============================================================
--- one_lab.mcu_resume_results: JSON snapshot hasil lab MCU
+-- one_lab.mcu_resume_results: TIDAK dienkripsi
+-- JSON berisi nilai hasil lab (angka + flag) tanpa nama/NIK/DOB/alamat.
+-- Identitas pasien hanya via T_OrderHeaderID (integer).
+-- Enkripsi di sini membuat global MCU report berat (decrypt ribuan row di PHP).
+-- Data di source (t_orderdetail) sudah dienkripsi.
 -- ============================================================
-ALTER TABLE one_lab.mcu_resume_results
-    ADD COLUMN Mcu_ResumeResultsJSON_enc MEDIUMTEXT NULL AFTER Mcu_ResumeResultsJSON;
 
 -- ============================================================
 -- one_lab_log.log_patient: audit log perubahan data pasien