diff --git a/application/libraries/Report.php b/application/libraries/Report.php
index 77e490ca..295f271a 100644
--- a/application/libraries/Report.php
+++ b/application/libraries/Report.php
@@ -222,33 +222,69 @@ class ReportUrl
       return $rows_return;
   }
 
+  // Inject decrypted patient PII ke params jika ada PT_OrderHeaderID
+  // SP header BIRT akan terima PDecryptName, PDecryptDOB, dll sebagai parameter IN
+  private function _inject_patient_decrypt($params) {
+    $order_id = isset($params['PT_OrderHeaderID']) ? intval($params['PT_OrderHeaderID']) : 0;
+    if (!$order_id) return $params;
+
+    $CI = &get_instance();
+    $CI->load->library('ibl_encryptor');
+
+    $sql = "SELECT M_PatientName_enc, M_PatientHP_enc, M_PatientEmail_enc,
+                   M_PatientDOB_enc, M_PatientPOB_enc, M_PatientNIK_enc,
+                   M_PatientIDNumber_enc, M_PatientDOB
+            FROM t_orderheader
+            JOIN m_patient ON T_OrderHeaderM_PatientID = M_PatientID
+            WHERE T_OrderHeaderID = ? LIMIT 1";
+    $row = $this->db->query($sql, [$order_id])->row_array();
+    if (!$row) return $params;
+
+    $enc = $CI->ibl_encryptor;
+    $addr_sql = "SELECT M_PatientAddressDescription_enc FROM m_patientaddress
+                 WHERE M_PatientAddressM_PatientID = (
+                   SELECT T_OrderHeaderM_PatientID FROM t_orderheader WHERE T_OrderHeaderID = ?
+                 ) AND M_PatientAddressIsActive = 'Y' AND M_PatientAddressNote = 'Utama' LIMIT 1";
+    $addr_row = $this->db->query($addr_sql, [$order_id])->row_array();
+
+    $params['PDecryptName']    = urlencode($enc->decrypt($row['M_PatientName_enc']   ?? '') ?? '');
+    $params['PDecryptDOB']     = urlencode($enc->decrypt($row['M_PatientDOB_enc']    ?? '') ?? date('d-m-Y', strtotime($row['M_PatientDOB'] ?? 'now')));
+    $params['PDecryptHP']      = urlencode($enc->decrypt($row['M_PatientHP_enc']     ?? '') ?? '');
+    $params['PDecryptEmail']   = urlencode($enc->decrypt($row['M_PatientEmail_enc']  ?? '') ?? '');
+    $params['PDecryptNIK']     = urlencode($enc->decrypt($row['M_PatientNIK_enc']    ?? '') ?? '');
+    $params['PDecryptIDNum']   = urlencode($enc->decrypt($row['M_PatientIDNumber_enc']?? '') ?? '');
+    $params['PDecryptAddr']    = urlencode($enc->decrypt($addr_row['M_PatientAddressDescription_enc'] ?? '') ?? '');
+
+    return $params;
+  }
+
   function get_report_url_by_code($report_code, $params = array()){
     $CI = &get_instance();
     $this->db = $CI->load->database("onedev", true);
 
     // Get report data by code
     $report_data = $this->get_report_by_code($report_code, $params);
-    
+
     if (!$report_data || empty($report_data)) {
       return array(false, "Report code not found: " . $report_code);
     }
 
+    // Inject decrypted patient PII jika ada order ID
+    $params = $this->_inject_patient_decrypt($params);
+
     // Get URL template
     $url_template = $report_data['Print_TransactionUrl'];
-    
+
     if (empty($url_template)) {
       return array(false, "URL template is empty for report code: " . $report_code);
     }
 
     // Replace placeholders with actual parameter values
     $final_url = $url_template;
-    
+
     foreach ($params as $param_key => $param_value) {
-      // Determine if value should be quoted (string) or not (numeric)
-      $replacement_value = is_numeric($param_value) ? $param_value : "'" . $param_value . "'";
-      
-      // Replace placeholder in URL
-      $final_url = str_replace($param_key, $replacement_value, $final_url);
+      $replacement_value = is_numeric($param_value) ? $param_value : urldecode($param_value);
+      $final_url = str_replace($param_key, urlencode($replacement_value), $final_url);
     }
 
     return array(true, $final_url);