fajri/BE_IBL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FHM31052601IBL - implementasi enkripsi PII pasien dan data medis (UU PDP)

Browse Source 
- Tambah .env loader di index.php untuk IBL_ENCRYPT_KEY dan IBL_ENCRYPT_SEARCH_KEY
- Library Ibl_encryptor: AES-256-GCM encrypt/decrypt + trigram blind index untuk partial search
- SQL migration: tambah kolom _enc dan _bidx di 16 tabel (m_patient, m_patientaddress, hasil lab, log)
- Script backup_pdp_tables.sh: backup tabel terdampak sebelum migrasi
- Script migrate_encrypt_patient.php: enkripsi batch 178K data PII pasien
- Script migrate_encrypt_results.php: enkripsi data medis hasil lab dan log
- Patient.php: search via trigram blind index, add_new/edit enkripsi sebelum save

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
sas.fajri
2026-05-31 14:07:42 +07:00
parent cf8ef0e590
commit c410d7bbd9
9 changed files with 1858 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,4 +1,5 @@
.DS_Store
.env
# Added by code-review-graph
.code-review-graph/
build/

328
application/controllers/mockup/fo/ibl_registration/Patient.php
View File

@@ -28,6 +28,7 @@ class Patient extends MY_Controller
{
parent::__construct();
$this->db_smartone = $this->load->database("onedev", true);
$this->load->library('ibl_encryptor');
}
function _add_address(&$pat) {
if (count($pat) == "0") {
@@ -76,113 +77,149 @@ class Patient extends MY_Controller
{
$prm = $this->sys_input;
$max_rst = 100;
$tot_count =0;
$number_limit = 10;
$number_offset = (!isset($prm['current_page'])?1:$prm['current_page'] - 1) * $number_limit ;
$number_limit = 10;
$number_offset = (!isset($prm['current_page']) ? 1 : $prm['current_page'] - 1) * $number_limit;
$q = [
'noreg' => "",
'name' => '',
'hp' => '',
'dob' => '',
'address' => ''
];
$where_noreg = '';
$where_name = '';
$where_hp = '';
$where_dob = '';
$where_addr = "AND M_PatientAddressNote = 'Utama'";
$search_address = '';
if (!empty($prm['noreg'])) {
$noreg = $this->db_smartone->escape_like_str($prm['noreg']);
$where_noreg = "AND M_PatientNoReg LIKE '%{$noreg}%'";
}
if ($prm['noreg'] != '')
$q['noreg'] = "AND M_PatientNoReg like '%{$prm['noreg']}%'";
if ($prm['search'] != '')
{
if (!empty($prm['search'])) {
$e = explode('+', $prm['search']);
if (isset($e[0])){
$e[0] = str_replace("'", "\\'", $e[0]);
$q['name'] = "AND M_PatientName LIKE '%{$e[0]}%'";
}
if (isset($e[1]))
$q['hp'] = "AND ((M_PatientHP LIKE '%{$e[1]}%' and M_PatientHP IS NOT NULL) OR (M_PatientHP IS NULL AND '{$e[1]}' = ''))";
if (isset($e[2]))
$q['dob'] = "AND ((DATE_FORMAT(M_PatientDOB, '%d-%m-%Y') LIKE '%{$e[2]}%' and M_PatientDOB IS NOT NULL) OR (M_PatientDOB IS NULL AND '{$e[2]}' = ''))";
if (isset($e[3]))
$q['address'] = "AND M_PatientAddressDescription LIKE '%{$e[3]}%'";
// name — trigram blind index (min 3 karakter)
if (!empty($e[0]) && mb_strlen(trim($e[0])) >= 3) {
$toks = $this->ibl_encryptor->query_tokens($e[0]);
$conds = [];
foreach ($toks as $tok) {
$tok_esc = $this->db_smartone->escape_str($tok);
$conds[] = "JSON_CONTAINS(M_PatientName_bidx, '\"$tok_esc\"')";
}
if ($conds) $where_name = 'AND (' . implode(' AND ', $conds) . ')';
}
// hp — trigram blind index
if (!empty($e[1]) && mb_strlen(trim($e[1])) >= 3) {
$toks = $this->ibl_encryptor->query_tokens($e[1]);
$conds = [];
foreach ($toks as $tok) {
$tok_esc = $this->db_smartone->escape_str($tok);
$conds[] = "JSON_CONTAINS(M_PatientHP_bidx, '\"$tok_esc\"')";
}
if ($conds) $where_hp = 'AND (' . implode(' AND ', $conds) . ')';
}
// dob — trigram blind index (format dd-mm-yyyy)
if (!empty($e[2]) && mb_strlen(trim($e[2])) >= 3) {
$toks = $this->ibl_encryptor->query_tokens($e[2]);
$conds = [];
foreach ($toks as $tok) {
$tok_esc = $this->db_smartone->escape_str($tok);
$conds[] = "JSON_CONTAINS(M_PatientDOB_bidx, '\"$tok_esc\"')";
}
if ($conds) $where_dob = 'AND (' . implode(' AND ', $conds) . ')';
}
// address — trigram blind index
if (!empty($e[3]) && mb_strlen(trim($e[3])) >= 3) {
$toks = $this->ibl_encryptor->query_tokens($e[3]);
$conds = [];
foreach ($toks as $tok) {
$tok_esc = $this->db_smartone->escape_str($tok);
$conds[] = "JSON_CONTAINS(M_PatientAddressDescription_bidx, '\"$tok_esc\"')";
}
if ($conds) $where_addr = 'AND (' . implode(' AND ', $conds) . ')';
}
}
if($q['address'] == ''){
$q['address'] = "AND M_PatientAddressNote = 'Utama'";
}
$sql = "SELECT 'N' divider,M_PatientID, M_PatientNoReg,M_PatientEmail,M_PatientPrefix,M_PatientSuffix,
concat(M_TitleName,' ',IFNULL(M_PatientPrefix,''),' ',M_PatientName,' ',IFNULL(M_PatientSuffix,'')) M_PatientName,
M_PatientName M_PatientRealName, M_TitleID, M_TitleName, M_SexID, M_SexName,
M_PatientHP, M_PatientPOB, M_PatientDOB, DATE_FORMAT(M_PatientDOB,'%d-%m-%Y') as dob_ina,
$sql = "SELECT 'N' divider, M_PatientID, M_PatientNoReg, M_PatientPrefix, M_PatientSuffix,
concat(M_TitleName,' ',IFNULL(M_PatientPrefix,''),' ',M_PatientName,' ',IFNULL(M_PatientSuffix,'')) M_PatientNameRaw,
M_TitleID, M_TitleName, M_SexID, M_SexName,
M_PatientDOB,
'' M_PatientAddress,
M_PatientAddressID,
M_PatientAddressDescription, M_PatientM_IdTypeID, M_PatientIDNumber,
M_PatientAddressRegionalCd,
M_PatientAddressLocation,
M_PatientAddressCity,
M_PatientAddressVillage,
M_PatientAddressDistrict,
M_PatientAddressState,
M_PatientAddressCountry,
M_PatientAddressCountryCode,
IFNULL(M_PatientNote, '') M_PatientNote, M_PatientPhoto, IF(M_PatientPhone IS NULL OR M_PatientPhone = '', M_PatientHP, M_PatientPhone) hp,
-- fn_fo_patient_visit(M_PatientID) info,
M_PatientAddressM_KelurahanID M_KelurahanID, 0 M_DistrictID, 0 M_CityID, 0 M_ProvinceID, M_PatientM_ReligionID,
IFNULL(M_ReligionName, '-') M_ReligionName,
M_PatientAddressRegionalCd, M_PatientAddressLocation, M_PatientAddressCity,
M_PatientAddressVillage, M_PatientAddressDistrict, M_PatientAddressState,
M_PatientAddressCountry, M_PatientAddressCountryCode,
M_PatientAddressM_KelurahanID M_KelurahanID, 0 M_DistrictID, 0 M_CityID, 0 M_ProvinceID,
M_PatientM_ReligionID, IFNULL(M_ReligionName, '-') M_ReligionName,
IFNULL(Patient_SignatureUrl, '') image_signature,
M_PatientNote
FROM m_patient
join m_title on M_PatientM_TitleID = M_TitleID
join m_sex on M_PatientM_SexID = M_SexID
join m_patientaddress on M_PatientAddressM_PatientID = M_PatientID and M_PatientAddressIsActive = 'Y' {$q['address']}
left join m_religion on m_patientm_religionid = m_religionid
left join patient_signature on Patient_SignatureM_PatientID = M_PatientID and Patient_SignatureIsActive = 'Y'
where M_PatientIsActive = 'Y'
{$q['noreg']}
{$q['name']}
{$q['hp']}
{$q['dob']}
group by M_PatientID
limit $number_limit offset $number_offset";
//echo $sql;
IFNULL(M_PatientNote, '') M_PatientNote, M_PatientPhoto,
M_PatientM_IdTypeID,
M_PatientName_enc, M_PatientHP_enc, M_PatientDOB_enc,
M_PatientEmail_enc, M_PatientPhone_enc, M_PatientPOB_enc,
M_PatientIDNumber_enc, M_PatientAddressDescription_enc
FROM m_patient
JOIN m_title ON M_PatientM_TitleID = M_TitleID
JOIN m_sex ON M_PatientM_SexID = M_SexID
JOIN m_patientaddress ON M_PatientAddressM_PatientID = M_PatientID
AND M_PatientAddressIsActive = 'Y' {$where_addr}
LEFT JOIN m_religion ON M_PatientM_ReligionID = M_ReligionID
LEFT JOIN patient_signature ON Patient_SignatureM_PatientID = M_PatientID
AND Patient_SignatureIsActive = 'Y'
WHERE M_PatientIsActive = 'Y'
{$where_noreg}
{$where_name}
{$where_hp}
{$where_dob}
GROUP BY M_PatientID
LIMIT {$number_limit} OFFSET {$number_offset}";
$query = $this->db_smartone->query($sql);
if ($query) {
$rows = $query->result_array();
foreach ($rows as $k => $v)
{
$rows[$k]['M_PatientName'] = stripslashes($rows[$k]['M_PatientName']);
$rows[$k]['M_PatientAddress'] = stripslashes($rows[$k]['M_PatientAddressDescription']);
$info = $this->db_smartone->query("SELECT fn_fo_patient_visit(?) info", [$v['M_PatientID']])->row();
$rows[$k]['info'] = json_decode($info->info);
$references = [];
$sql = "SELECT M_ReferenceID, M_ReferenceName
FROM m_patient_reference
join m_reference on M_PatientReferenceM_ReferenceID = M_ReferenceID
WHERE M_PatientReferenceM_PatientID = ? AND M_PatientReferenceIsActive = 'Y'";
$query = $this->db_smartone->query($sql, [$v['M_PatientID']]);
if ($query) {
$references = $query->result_array();
}
$rows[$k]['references'] = $references;
}
$result = array("total" => $tot_page, "records" => $rows, "sql"=> $this->db_smartone->last_query());
$this->sys_ok($result);
}
else {
$this->sys_error_db("m_patient rows",$this->db_smartone);
exit;
if (!$query) {
$this->sys_error_db("m_patient rows", $this->db_smartone);
return;
}
$rows = $query->result_array();
$enc = $this->ibl_encryptor;
foreach ($rows as $k => $v) {
$name = $enc->decrypt($v['M_PatientName_enc']) ?? $v['M_PatientNameRaw'];
$hp = $enc->decrypt($v['M_PatientHP_enc']) ?? '';
$phone = $enc->decrypt($v['M_PatientPhone_enc']) ?? '';
$dob_dec = $enc->decrypt($v['M_PatientDOB_enc']) ?? date('d-m-Y', strtotime($v['M_PatientDOB']));
$addr = $enc->decrypt($v['M_PatientAddressDescription_enc']) ?? '';
$rows[$k]['M_PatientName'] = $name;
$rows[$k]['M_PatientAddress'] = $addr;
$rows[$k]['M_PatientAddressDescription'] = $addr;
$rows[$k]['M_PatientHP'] = $hp;
$rows[$k]['M_PatientEmail'] = $enc->decrypt($v['M_PatientEmail_enc']) ?? '';
$rows[$k]['M_PatientPhone'] = $phone;
$rows[$k]['M_PatientPOB'] = $enc->decrypt($v['M_PatientPOB_enc']) ?? '';
$rows[$k]['M_PatientIDNumber'] = $enc->decrypt($v['M_PatientIDNumber_enc']) ?? '';
$rows[$k]['dob_ina'] = $dob_dec;
$rows[$k]['hp'] = $phone ?: $hp;
// bersihkan kolom _enc dari response
foreach (array_keys($rows[$k]) as $col) {
if (substr($col, -4) === '_enc') unset($rows[$k][$col]);
}
unset($rows[$k]['M_PatientNameRaw'], $rows[$k]['M_PatientDOB']);
$info = $this->db_smartone->query("SELECT fn_fo_patient_visit(?) info", [$v['M_PatientID']])->row();
$rows[$k]['info'] = json_decode($info->info);
$ref_query = $this->db_smartone->query(
"SELECT M_ReferenceID, M_ReferenceName
FROM m_patient_reference
JOIN m_reference ON M_PatientReferenceM_ReferenceID = M_ReferenceID
WHERE M_PatientReferenceM_PatientID = ? AND M_PatientReferenceIsActive = 'Y'",
[$v['M_PatientID']]
);
$rows[$k]['references'] = $ref_query ? $ref_query->result_array() : [];
}
$this->sys_ok(["total" => 0, "records" => $rows]);
}
@@ -199,24 +236,35 @@ class Patient extends MY_Controller
$M_IdTypeID = $prm['M_PatientM_IdTypeID'];
}
$patient_name = str_replace("'", "\\'", $prm['M_PatientName']);
$dob_str = date('d-m-Y', strtotime($prm['M_PatientDOB']));
$ptn = [
'M_PatientName' => $patient_name,
'M_PatientM_TitleID' => $prm['M_PatientM_TitleID'],
'M_PatientPrefix' => $prm['M_PatientPrefix'],
'M_PatientSuffix' => $prm['M_PatientSuffix'],
'M_PatientM_SexID' => $prm['M_PatientM_SexID'],
'M_PatientM_ReligionID' => $prm['M_PatientM_ReligionID'],
'M_PatientDOB' => $prm['M_PatientDOB'],
'M_PatientPOB' => $prm['M_PatientPOB'],
'M_PatientHP' => $prm['M_PatientHP'],
'M_PatientPhone' => $prm['M_PatientPhone'],
'M_PatientEmail' => $prm['M_PatientEmail'],
'M_PatientM_IdTypeID' => $M_IdTypeID ,
'M_PatientIDNumber' => $prm['M_PatientIDNumber'],
'M_PatientNote' => $prm['M_PatientNote'],
'M_PatientUserID' => $userid,
'M_PatientCreated' => date('Y-m-d H:i:s'),
'M_PatientCreatedUserID' => $userid
'M_PatientName' => $patient_name,
'M_PatientName_enc' => $this->ibl_encryptor->encrypt($patient_name),
'M_PatientName_bidx' => $this->ibl_encryptor->search_bidx($patient_name),
'M_PatientM_TitleID' => $prm['M_PatientM_TitleID'],
'M_PatientPrefix' => $prm['M_PatientPrefix'],
'M_PatientSuffix' => $prm['M_PatientSuffix'],
'M_PatientM_SexID' => $prm['M_PatientM_SexID'],
'M_PatientM_ReligionID' => $prm['M_PatientM_ReligionID'],
'M_PatientDOB' => $prm['M_PatientDOB'],
'M_PatientDOB_enc' => $this->ibl_encryptor->encrypt($dob_str),
'M_PatientDOB_bidx' => $this->ibl_encryptor->search_bidx($dob_str),
'M_PatientPOB' => $prm['M_PatientPOB'],
'M_PatientPOB_enc' => $this->ibl_encryptor->encrypt($prm['M_PatientPOB']),
'M_PatientHP' => $prm['M_PatientHP'],
'M_PatientHP_enc' => $this->ibl_encryptor->encrypt($prm['M_PatientHP']),
'M_PatientHP_bidx' => $this->ibl_encryptor->search_bidx($prm['M_PatientHP']),
'M_PatientPhone' => $prm['M_PatientPhone'],
'M_PatientPhone_enc' => $this->ibl_encryptor->encrypt($prm['M_PatientPhone']),
'M_PatientEmail' => $prm['M_PatientEmail'],
'M_PatientEmail_enc' => $this->ibl_encryptor->encrypt($prm['M_PatientEmail']),
'M_PatientM_IdTypeID' => $M_IdTypeID,
'M_PatientIDNumber' => $prm['M_PatientIDNumber'],
'M_PatientIDNumber_enc' => $this->ibl_encryptor->encrypt($prm['M_PatientIDNumber']),
'M_PatientNote' => $prm['M_PatientNote'],
'M_PatientUserID' => $userid,
'M_PatientCreated' => date('Y-m-d H:i:s'),
'M_PatientCreatedUserID' => $userid
];
$this->db_smartone->insert('m_patient', $ptn);
@@ -235,21 +283,22 @@ class Patient extends MY_Controller
$address_description = str_replace("'", "\\'", $prm['M_PatientAddressDescription']);
// save address
$add = [
'M_PatientAddressM_PatientID' => $id,
'M_PatientAddressDescription' => $address_description,
'M_PatientAddressUserID'=> $userid,
'M_PatientAddressRegionalCd' => $prm['M_PatientAddressRegionalCd'],
'M_PatientAddressLocation' => $prm['M_PatientAddressLocation'],
'M_PatientAddressCity' => $prm['M_PatientAddressCity'],
'M_PatientAddressVillage' => $prm['M_PatientAddressVillage'],
'M_PatientAddressDistrict' => $prm['M_PatientAddressDistrict'],
'M_PatientAddressState' => $prm['M_PatientAddressState'],
'M_PatientAddressCountry' => $prm['M_PatientAddressCountry'],
'M_PatientAddressCountryCode' => $prm['M_PatientAddressCountryCode'],
'M_PatientAddressNote' => isset($prm['M_PatientAddressNote']) ? $prm['M_PatientAddressNote'] : 'Utama',
'M_PatientAddressCreated' => date('Y-m-d H:i:s'),
'M_PatientAddressCreatedUserID' => $userid
'M_PatientAddressM_PatientID' => $id,
'M_PatientAddressDescription' => $address_description,
'M_PatientAddressDescription_enc' => $this->ibl_encryptor->encrypt($address_description),
'M_PatientAddressDescription_bidx' => $this->ibl_encryptor->search_bidx($address_description),
'M_PatientAddressUserID' => $userid,
'M_PatientAddressRegionalCd' => $prm['M_PatientAddressRegionalCd'],
'M_PatientAddressLocation' => $prm['M_PatientAddressLocation'],
'M_PatientAddressCity' => $prm['M_PatientAddressCity'],
'M_PatientAddressVillage' => $prm['M_PatientAddressVillage'],
'M_PatientAddressDistrict' => $prm['M_PatientAddressDistrict'],
'M_PatientAddressState' => $prm['M_PatientAddressState'],
'M_PatientAddressCountry' => $prm['M_PatientAddressCountry'],
'M_PatientAddressCountryCode' => $prm['M_PatientAddressCountryCode'],
'M_PatientAddressNote' => isset($prm['M_PatientAddressNote']) ? $prm['M_PatientAddressNote'] : 'Utama',
'M_PatientAddressCreated' => date('Y-m-d H:i:s'),
'M_PatientAddressCreatedUserID' => $userid
];
$this->db_smartone->insert('m_patientaddress', $add);
$err = $this->db_smartone->error();
@@ -290,23 +339,34 @@ class Patient extends MY_Controller
$prm = $this->sys_input;
$userid = $this->sys_user["M_UserID"];
$prm['M_PatientDOB'] = date('Y-m-d', strtotime($prm['M_PatientDOB']));
$patient_name = str_replace("'", "\\'", $prm['M_PatientName']);
$patient_name = str_replace("'", "\\'", $prm['M_PatientName']);
$dob_str = date('d-m-Y', strtotime($prm['M_PatientDOB']));
$this->db_smartone->set('M_PatientName', $patient_name)
->set('M_PatientName_enc', $this->ibl_encryptor->encrypt($patient_name))
->set('M_PatientName_bidx', $this->ibl_encryptor->search_bidx($patient_name))
->set('M_PatientM_TitleID', $prm['M_PatientM_TitleID'])
->set('M_PatientPrefix', $prm['M_PatientPrefix'])
->set('M_PatientSuffix', $prm['M_PatientSuffix'])
->set('M_PatientSuffix', $prm['M_PatientSuffix'])
->set('M_PatientM_SexID', $prm['M_PatientM_SexID'])
->set('M_PatientM_ReligionID', $prm['M_PatientM_ReligionID'])
->set('M_PatientDOB', $prm['M_PatientDOB'])
->set('M_PatientDOB_enc', $this->ibl_encryptor->encrypt($dob_str))
->set('M_PatientDOB_bidx', $this->ibl_encryptor->search_bidx($dob_str))
->set('M_PatientPOB', $prm['M_PatientPOB'])
->set('M_PatientPOB_enc', $this->ibl_encryptor->encrypt($prm['M_PatientPOB']))
->set('M_PatientHP', $prm['M_PatientHP'])
->set('M_PatientHP_enc', $this->ibl_encryptor->encrypt($prm['M_PatientHP']))
->set('M_PatientHP_bidx', $this->ibl_encryptor->search_bidx($prm['M_PatientHP']))
->set('M_PatientPhone', $prm['M_PatientPhone'])
->set('M_PatientPhone_enc', $this->ibl_encryptor->encrypt($prm['M_PatientPhone']))
->set('M_PatientEmail', $prm['M_PatientEmail'])
->set('M_PatientEmail_enc', $this->ibl_encryptor->encrypt($prm['M_PatientEmail']))
->set('M_PatientM_IdTypeID', $prm['M_PatientM_IdTypeID'])
->set('M_PatientIDNumber', $prm['M_PatientIDNumber'])
->set('M_PatientIDNumber_enc', $this->ibl_encryptor->encrypt($prm['M_PatientIDNumber']))
->set('M_PatientNote', $prm['M_PatientNote'])
->set('M_PatientUserID', $userid)
->set('M_PatientUserID', $userid)
->set('M_PatientLastUpdatedUserID', $userid)
->where('M_PatientID', $prm['id'])
->update('m_patient');
@@ -325,7 +385,7 @@ class Patient extends MY_Controller
$ptn = json_encode($prm);
$id_address = isset($prm['M_PatientAddressID']) && $prm['M_PatientAddressID'] > 0 ? $prm['M_PatientAddressID']:0;
$address_description = str_replace("'", "\\'", $prm['M_PatientAddressDescription']);
$address_description = str_replace("'", "\\'", $prm['M_PatientAddressDescription']);
$this->db_smartone->set('M_PatientAddressRegionalCd', $prm['M_PatientAddressRegionalCd'])
->set('M_PatientAddressLocation', $prm['M_PatientAddressLocation'])
->set('M_PatientAddressCity', $prm['M_PatientAddressCity'])
@@ -334,8 +394,10 @@ class Patient extends MY_Controller
->set('M_PatientAddressState', $prm['M_PatientAddressState'])
->set('M_PatientAddressCountry', $prm['M_PatientAddressCountry'])
->set('M_PatientAddressCountryCode', $prm['M_PatientAddressCountryCode'])
->set('M_PatientAddressDescription', $address_description )
->set('M_PatientAddressUserID', $userid )
->set('M_PatientAddressDescription', $address_description)
->set('M_PatientAddressDescription_enc', $this->ibl_encryptor->encrypt($address_description))
->set('M_PatientAddressDescription_bidx', $this->ibl_encryptor->search_bidx($address_description))
->set('M_PatientAddressUserID', $userid)
->set('M_PatientAddressLastUpdatedUserID', $userid)
->where('M_PatientAddressID', $id_address)
->update('m_patientaddress');

87
application/libraries/Ibl_encryptor.php Normal file
View File

@@ -0,0 +1,87 @@
<?php
defined('BASEPATH') or exit('No direct script access allowed');
class Ibl_encryptor
{
private $key;
private $search_key;
private $cipher = 'aes-256-gcm';
private $tag_length = 16;
public function __construct()
{
$passphrase = $_ENV['IBL_ENCRYPT_KEY'] ?? '';
$passphrase_s = $_ENV['IBL_ENCRYPT_SEARCH_KEY'] ?? '';
if ($passphrase === '' || $passphrase_s === '') {
log_message('error', 'Ibl_encryptor: IBL_ENCRYPT_KEY atau IBL_ENCRYPT_SEARCH_KEY kosong di .env');
}
// Derive 32-byte key dari passphrase via SHA-256
$this->key = hash('sha256', $passphrase, true);
$this->search_key = hash('sha256', $passphrase_s, true);
}
// Enkripsi plaintext → base64(iv[12] + tag[16] + ciphertext)
public function encrypt($plaintext)
{
if ($plaintext === null || $plaintext === '') return null;
$iv = random_bytes(12);
$tag = '';
$ct = openssl_encrypt((string)$plaintext, $this->cipher, $this->key, OPENSSL_RAW_DATA, $iv, $tag, '', $this->tag_length);
if ($ct === false) return null;
return base64_encode($iv . $tag . $ct);
}
// Dekripsi base64(iv + tag + ciphertext) → plaintext
public function decrypt($ciphertext)
{
if ($ciphertext === null || $ciphertext === '') return null;
$raw = base64_decode($ciphertext);
if (strlen($raw) < 12 + $this->tag_length) return null;
$iv = substr($raw, 0, 12);
$tag = substr($raw, 12, $this->tag_length);
$ct = substr($raw, 12 + $this->tag_length);
$pt = openssl_decrypt($ct, $this->cipher, $this->key, OPENSSL_RAW_DATA, $iv, $tag);
return $pt === false ? null : $pt;
}
// Hasilkan JSON array trigram token untuk kolom _bidx (partial search)
public function search_bidx($value)
{
if ($value === null || $value === '') return null;
$norm = mb_strtolower(trim((string)$value), 'UTF-8');
$len = mb_strlen($norm, 'UTF-8');
$tokens = [];
if ($len <= 3) {
$tokens[] = $this->_token($norm);
} else {
for ($i = 0; $i <= $len - 3; $i++) {
$tokens[] = $this->_token(mb_substr($norm, $i, 3, 'UTF-8'));
}
}
return json_encode(array_values(array_unique($tokens)));
}
// Hasilkan array trigram token dari query string (untuk WHERE JSON_CONTAINS)
public function query_tokens($value)
{
if ($value === null || $value === '') return [];
$norm = mb_strtolower(trim((string)$value), 'UTF-8');
$len = mb_strlen($norm, 'UTF-8');
$tokens = [];
if ($len <= 3) {
$tokens[] = $this->_token($norm);
} else {
for ($i = 0; $i <= $len - 3; $i++) {
$tokens[] = $this->_token(mb_substr($norm, $i, 3, 'UTF-8'));
}
}
return array_values(array_unique($tokens));
}
private function _token($str)
{
return hash_hmac('sha256', $str, $this->search_key);
}
}

1117
docs/superpowers/plans/2026-05-31-pdp-patient-encryption.md Normal file
View File

File diff suppressed because it is too large Load Diff

12
index.php
View File

@@ -313,5 +313,17 @@ switch (ENVIRONMENT)
* And away we go...
*/
include_once "./vendor/autoload.php";
// Load .env
$_env_file = __DIR__ . '/.env';
if (file_exists($_env_file)) {
foreach (file($_env_file, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) as $_env_line) {
if (strpos(trim($_env_line), '#') === 0) continue;
[$_env_k, $_env_v] = array_map('trim', explode('=', $_env_line, 2));
if ($_env_k !== '') $_ENV[$_env_k] = $_env_v;
}
unset($_env_file, $_env_line, $_env_k, $_env_v);
}
require_once BASEPATH.'core/CodeIgniter.php';

44
scripts/backup_pdp_tables.sh Executable file
View File

@@ -0,0 +1,44 @@
#!/bin/bash
# Backup tabel-tabel yang terdampak enkripsi UU PDP
# Jalankan sebelum migration: bash scripts/backup_pdp_tables.sh
DATE=$(date +%Y_%m_%d_%H%M%S)
BACKUP_DIR=~/backup_pdp_$DATE
ssh devone "
mkdir -p $BACKUP_DIR
echo 'Dumping one_lab tables...'
mysqldump one_lab \
m_patient \
m_patientaddress \
t_orderdetail \
t_orderheader \
so_resultentrydetail \
so_resultentrydetail_other \
so_resultentry_fisik_umum \
so_resultentry_fisik_summary \
so_resultentry_other \
so_resultentry_fisioterapi \
so_resultentry_smwt \
so_resultentry_srq29_conclusion \
so_resultentrysdsinterpretation \
member_eligible \
> $BACKUP_DIR/one_lab_tables.sql
echo 'one_lab: OK'
echo 'Dumping one_lab_log tables...'
mysqldump one_lab_log \
log_patient \
log_fo \
log_resultentry \
> $BACKUP_DIR/one_lab_log_tables.sql
echo 'one_lab_log: OK'
ls -lh $BACKUP_DIR/
echo ''
echo 'Backup selesai di: $BACKUP_DIR'
echo 'Restore dengan:'
echo ' mysql one_lab < $BACKUP_DIR/one_lab_tables.sql'
echo ' mysql one_lab_log < $BACKUP_DIR/one_lab_log_tables.sql'
"

123
scripts/migrate_encrypt_patient.php Normal file
View File

@@ -0,0 +1,123 @@
<?php
/**
* Batch migration: enkripsi PII m_patient dan m_patientaddress
* Jalankan via: php scripts/migrate_encrypt_patient.php
* Aman dijalankan berulang: skip row yang sudah ada _enc-nya
*/
// Load .env
$env_file = __DIR__ . '/../.env';
if (!file_exists($env_file)) {
die("ERROR: .env tidak ditemukan di " . realpath(__DIR__ . '/..') . PHP_EOL);
}
foreach (file($env_file, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) as $l) {
if (strpos(trim($l), '#') === 0) continue;
[$k, $v] = array_map('trim', explode('=', $l, 2));
if ($k !== '') $_ENV[$k] = $v;
}
define('BASEPATH', true);
require __DIR__ . '/../application/libraries/Ibl_encryptor.php';
$enc = new Ibl_encryptor();
// DB connection dari config CI
include __DIR__ . '/../application/config/database.php';
$cfg = $db['default'];
$pdo = new PDO(
"mysql:host={$cfg['hostname']};dbname={$cfg['database']};charset=utf8",
$cfg['username'],
$cfg['password'],
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
);
$batch = 500;
// ============================================================
// m_patient
// ============================================================
echo "=== Migrasi m_patient ===\n";
$total = 0;
$stmt_upd = $pdo->prepare("UPDATE m_patient SET
M_PatientName_enc = ?, M_PatientName_bidx = ?,
M_PatientHP_enc = ?, M_PatientHP_bidx = ?,
M_PatientDOB_enc = ?, M_PatientDOB_bidx = ?,
M_PatientEmail_enc = ?,
M_PatientPhone_enc = ?,
M_PatientPOB_enc = ?,
M_PatientIDNumber_enc = ?,
M_PatientNIK_enc = ?,
M_PatientNIP_enc = ?
WHERE M_PatientID = ?");
while (true) {
$rows = $pdo->query(
"SELECT M_PatientID, M_PatientName, M_PatientHP, M_PatientDOB,
M_PatientEmail, M_PatientPhone, M_PatientPOB,
M_PatientIDNumber, M_PatientNIK, M_PatientNIP
FROM m_patient
WHERE M_PatientName_enc IS NULL
LIMIT $batch"
)->fetchAll(PDO::FETCH_ASSOC);
if (empty($rows)) break;
foreach ($rows as $row) {
$dob_str = $row['M_PatientDOB'] ? date('d-m-Y', strtotime($row['M_PatientDOB'])) : '';
$stmt_upd->execute([
$enc->encrypt($row['M_PatientName']), $enc->search_bidx($row['M_PatientName']),
$enc->encrypt($row['M_PatientHP']), $enc->search_bidx($row['M_PatientHP']),
$enc->encrypt($dob_str), $enc->search_bidx($dob_str),
$enc->encrypt($row['M_PatientEmail']),
$enc->encrypt($row['M_PatientPhone']),
$enc->encrypt($row['M_PatientPOB']),
$enc->encrypt($row['M_PatientIDNumber']),
$enc->encrypt($row['M_PatientNIK']),
$enc->encrypt($row['M_PatientNIP']),
$row['M_PatientID'],
]);
$total++;
}
echo " {$total} rows...\n";
}
echo "m_patient selesai: {$total} rows\n\n";
// ============================================================
// m_patientaddress
// ============================================================
echo "=== Migrasi m_patientaddress ===\n";
$total = 0;
$stmt_addr = $pdo->prepare("UPDATE m_patientaddress SET
M_PatientAddressDescription_enc = ?,
M_PatientAddressDescription_bidx = ?,
M_PatientAddressEmail_enc = ?,
M_PatientAddressPhone_enc = ?
WHERE M_PatientAddressID = ?");
while (true) {
$rows = $pdo->query(
"SELECT M_PatientAddressID, M_PatientAddressDescription,
M_PatientAddressEmail, M_PatientAddressPhone
FROM m_patientaddress
WHERE M_PatientAddressDescription_enc IS NULL
LIMIT $batch"
)->fetchAll(PDO::FETCH_ASSOC);
if (empty($rows)) break;
foreach ($rows as $row) {
$stmt_addr->execute([
$enc->encrypt($row['M_PatientAddressDescription']),
$enc->search_bidx($row['M_PatientAddressDescription']),
$enc->encrypt($row['M_PatientAddressEmail']),
$enc->encrypt($row['M_PatientAddressPhone']),
$row['M_PatientAddressID'],
]);
$total++;
}
echo " {$total} rows...\n";
}
echo "m_patientaddress selesai: {$total} rows\n\n";
echo "=== Migrasi patient PII selesai ===\n";

138
scripts/migrate_encrypt_results.php Normal file
View File

@@ -0,0 +1,138 @@
<?php
/**
* Batch migration: enkripsi data medis hasil lab dan log
* Jalankan via: php scripts/migrate_encrypt_results.php
* Aman dijalankan berulang: skip row yang sudah ada _enc-nya
*/
// Load .env
$env_file = __DIR__ . '/../.env';
if (!file_exists($env_file)) {
die("ERROR: .env tidak ditemukan di " . realpath(__DIR__ . '/..') . PHP_EOL);
}
foreach (file($env_file, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) as $l) {
if (strpos(trim($l), '#') === 0) continue;
[$k, $v] = array_map('trim', explode('=', $l, 2));
if ($k !== '') $_ENV[$k] = $v;
}
define('BASEPATH', true);
require __DIR__ . '/../application/libraries/Ibl_encryptor.php';
$enc = new Ibl_encryptor();
include __DIR__ . '/../application/config/database.php';
$cfg = $db['default'];
$pdo = new PDO(
"mysql:host={$cfg['hostname']};dbname={$cfg['database']};charset=utf8",
$cfg['username'],
$cfg['password'],
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
);
$batch = 500;
// Helper: migrate tabel dengan field-field sederhana (tanpa bidx)
function migrate_simple(PDO $pdo, Ibl_encryptor $enc, string $table, string $pk, array $fields, string $check_field): void
{
echo "=== {$table} ===\n";
$total = 0;
$cols_sel = implode(', ', array_merge([$pk], $fields));
$sets = implode(', ', array_map(fn($f) => "{$f}_enc = ?", $fields));
$stmt = $pdo->prepare("UPDATE {$table} SET {$sets} WHERE {$pk} = ?");
while (true) {
$rows = $pdo->query(
"SELECT {$cols_sel} FROM {$table} WHERE {$check_field}_enc IS NULL LIMIT 500"
)->fetchAll(PDO::FETCH_ASSOC);
if (empty($rows)) break;
foreach ($rows as $row) {
$params = array_map(fn($f) => $enc->encrypt((string)($row[$f] ?? '')), $fields);
$params[] = $row[$pk];
$stmt->execute($params);
$total++;
}
echo " {$total} rows...\n";
}
echo "selesai: {$total} rows\n\n";
}
// ============================================================
// one_lab tables
// ============================================================
migrate_simple($pdo, $enc, 't_orderdetail', 'T_OrderDetailID',
['T_OrderDetailResult', 'T_OrderDetailNote'],
'T_OrderDetailResult');
migrate_simple($pdo, $enc, 't_orderheader', 'T_OrderHeaderID',
['T_OrderHeaderDiagnose'],
'T_OrderHeaderDiagnose');
migrate_simple($pdo, $enc, 'so_resultentrydetail', 'So_ResultEntryDetailID',
['So_ResultEntryDetailResult'],
'So_ResultEntryDetailResult');
migrate_simple($pdo, $enc, 'so_resultentrydetail_other', 'So_ResultEntryDetailOtherID',
['So_ResultEntryDetailOtherResult', 'So_ResultEntryDetailOtherResultBefore'],
'So_ResultEntryDetailOtherResult');
migrate_simple($pdo, $enc, 'so_resultentry_fisik_umum', 'So_ResultEntryFisikUmumID',
['So_ResultEntryFisikUmumDetails'],
'So_ResultEntryFisikUmumDetails');
migrate_simple($pdo, $enc, 'so_resultentry_fisik_summary', 'So_ResultEntryFisikSummaryID',
['So_ResultEntryFisikSummaryValue', 'So_ResultEntryFisikSummaryValue2'],
'So_ResultEntryFisikSummaryValue');
migrate_simple($pdo, $enc, 'so_resultentry_other', 'So_ResultEntryOtherID',
['So_ResultEntryOtherNote'],
'So_ResultEntryOtherNote');
migrate_simple($pdo, $enc, 'so_resultentry_fisioterapi', 'So_ResultEntdyFisioterapiID',
['So_ResultEntdyFisioterapiDetails'],
'So_ResultEntdyFisioterapiDetails');
migrate_simple($pdo, $enc, 'so_resultentry_smwt', 'So_ResultentrySmwtID', [
'So_ResultentrySmwtWeight', 'So_ResultentrySmwtHeight', 'So_ResultentrySmwtBMI',
'So_ResultentrySmwtPreTensi', 'So_ResultentrySmwtPreSPO2', 'So_ResultentrySmwtPreNadi',
'So_ResultentrySmwtPostTensi', 'So_ResultentrySmwtPostSPO2', 'So_ResultentrySmwtPostNadi',
'So_ResultentrySmwtVOMax', 'So_ResultentrySmwtKategoriKebugaran',
], 'So_ResultentrySmwtWeight');
migrate_simple($pdo, $enc, 'so_resultentry_srq29_conclusion', 'So_ResultentrySrq29ConclusionID',
['So_ResultentrySrq29ConclusionResult'],
'So_ResultentrySrq29ConclusionResult');
migrate_simple($pdo, $enc, 'so_resultentrysdsinterpretation', 'So_ResultEntrySDSInterpretationID',
['So_ResultEntrySDSInterpretationDisplay'],
'So_ResultEntrySDSInterpretationDisplay');
migrate_simple($pdo, $enc, 'member_eligible', 'Member_EligibleID',
['Member_EligibleDescription'],
'Member_EligibleDescription');
// ============================================================
// one_lab_log tables (ganti koneksi ke DB log)
// ============================================================
$cfg_log = $db['one_lab_log'];
$pdo_log = new PDO(
"mysql:host={$cfg_log['hostname']};dbname={$cfg_log['database']};charset=utf8",
$cfg_log['username'],
$cfg_log['password'],
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
);
migrate_simple($pdo_log, $enc, 'log_patient', 'Log_PatientID',
['Log_PatientJsonBefore', 'Log_PatientJsonAfter'],
'Log_PatientJsonBefore');
migrate_simple($pdo_log, $enc, 'log_fo', 'Log_FoID',
['Log_FoJson'],
'Log_FoJson');
migrate_simple($pdo_log, $enc, 'log_resultentry', 'Log_ResultEntryID',
['Log_ResultEntryJSONBefore', 'Log_ResultEntryJSONAfter'],
'Log_ResultEntryJSONBefore');
echo "=== Semua migrasi hasil lab selesai ===\n";

141
sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql Normal file
View File

@@ -0,0 +1,141 @@
-- UU PDP: tambah kolom enkripsi PII pasien dan data medis hasil lab
-- Kolom lama TIDAK dihapus (backward compat selama masa transisi)
-- Enkripsi: AES-256-GCM, key dari .env
-- ============================================================
-- one_lab.m_patient: PII pasien (trigram bidx untuk search)
-- ============================================================
ALTER TABLE one_lab.m_patient
ADD COLUMN M_PatientName_enc TEXT NULL AFTER M_PatientName,
ADD COLUMN M_PatientName_bidx MEDIUMTEXT NULL AFTER M_PatientName_enc,
ADD COLUMN M_PatientHP_enc TEXT NULL AFTER M_PatientHP,
ADD COLUMN M_PatientHP_bidx MEDIUMTEXT NULL AFTER M_PatientHP_enc,
ADD COLUMN M_PatientDOB_enc TEXT NULL AFTER M_PatientDOB,
ADD COLUMN M_PatientDOB_bidx MEDIUMTEXT NULL AFTER M_PatientDOB_enc,
ADD COLUMN M_PatientEmail_enc TEXT NULL AFTER M_PatientEmail,
ADD COLUMN M_PatientPhone_enc TEXT NULL AFTER M_PatientPhone,
ADD COLUMN M_PatientPOB_enc TEXT NULL AFTER M_PatientPOB,
ADD COLUMN M_PatientIDNumber_enc TEXT NULL AFTER M_PatientIDNumber,
ADD COLUMN M_PatientNIK_enc TEXT NULL AFTER M_PatientNIK,
ADD COLUMN M_PatientNIP_enc TEXT NULL AFTER M_PatientNIP;
-- ============================================================
-- one_lab.m_patientaddress: alamat pasien
-- ============================================================
ALTER TABLE one_lab.m_patientaddress
ADD COLUMN M_PatientAddressDescription_enc TEXT NULL AFTER M_PatientAddressDescription,
ADD COLUMN M_PatientAddressDescription_bidx MEDIUMTEXT NULL AFTER M_PatientAddressDescription_enc,
ADD COLUMN M_PatientAddressEmail_enc TEXT NULL AFTER M_PatientAddressEmail,
ADD COLUMN M_PatientAddressPhone_enc TEXT NULL AFTER M_PatientAddressPhone;
-- ============================================================
-- one_lab.t_orderdetail: nilai hasil lab utama
-- ============================================================
ALTER TABLE one_lab.t_orderdetail
ADD COLUMN T_OrderDetailResult_enc TEXT NULL AFTER T_OrderDetailResult,
ADD COLUMN T_OrderDetailNote_enc TEXT NULL AFTER T_OrderDetailNote;
-- ============================================================
-- one_lab.t_orderheader: diagnosa dokter
-- ============================================================
ALTER TABLE one_lab.t_orderheader
ADD COLUMN T_OrderHeaderDiagnose_enc TEXT NULL AFTER T_OrderHeaderDiagnose;
-- ============================================================
-- one_lab.so_resultentrydetail: hasil lab standar
-- ============================================================
ALTER TABLE one_lab.so_resultentrydetail
ADD COLUMN So_ResultEntryDetailResult_enc TEXT NULL AFTER So_ResultEntryDetailResult;
-- ============================================================
-- one_lab.so_resultentrydetail_other: hasil lab nonstandar
-- ============================================================
ALTER TABLE one_lab.so_resultentrydetail_other
ADD COLUMN So_ResultEntryDetailOtherResult_enc TEXT NULL AFTER So_ResultEntryDetailOtherResult,
ADD COLUMN So_ResultEntryDetailOtherResultBefore_enc TEXT NULL AFTER So_ResultEntryDetailOtherResultBefore;
-- ============================================================
-- one_lab.so_resultentry_fisik_umum: JSON pemeriksaan fisik
-- ============================================================
ALTER TABLE one_lab.so_resultentry_fisik_umum
ADD COLUMN So_ResultEntryFisikUmumDetails_enc TEXT NULL AFTER So_ResultEntryFisikUmumDetails;
-- ============================================================
-- one_lab.so_resultentry_fisik_summary: ringkasan fisik
-- ============================================================
ALTER TABLE one_lab.so_resultentry_fisik_summary
ADD COLUMN So_ResultEntryFisikSummaryValue_enc TEXT NULL AFTER So_ResultEntryFisikSummaryValue,
ADD COLUMN So_ResultEntryFisikSummaryValue2_enc TEXT NULL AFTER So_ResultEntryFisikSummaryValue2;
-- ============================================================
-- one_lab.so_resultentry_other: catatan hasil
-- ============================================================
ALTER TABLE one_lab.so_resultentry_other
ADD COLUMN So_ResultEntryOtherNote_enc TEXT NULL AFTER So_ResultEntryOtherNote;
-- ============================================================
-- one_lab.so_resultentry_fisioterapi
-- ============================================================
ALTER TABLE one_lab.so_resultentry_fisioterapi
ADD COLUMN So_ResultEntdyFisioterapiDetails_enc TEXT NULL AFTER So_ResultEntdyFisioterapiDetails;
-- ============================================================
-- one_lab.so_resultentry_smwt: hasil 6MWT
-- ============================================================
ALTER TABLE one_lab.so_resultentry_smwt
ADD COLUMN So_ResultentrySmwtWeight_enc TEXT NULL AFTER So_ResultentrySmwtWeight,
ADD COLUMN So_ResultentrySmwtHeight_enc TEXT NULL AFTER So_ResultentrySmwtHeight,
ADD COLUMN So_ResultentrySmwtBMI_enc TEXT NULL AFTER So_ResultentrySmwtBMI,
ADD COLUMN So_ResultentrySmwtPreTensi_enc TEXT NULL AFTER So_ResultentrySmwtPreTensi,
ADD COLUMN So_ResultentrySmwtPreSPO2_enc TEXT NULL AFTER So_ResultentrySmwtPreSPO2,
ADD COLUMN So_ResultentrySmwtPreNadi_enc TEXT NULL AFTER So_ResultentrySmwtPreNadi,
ADD COLUMN So_ResultentrySmwtPostTensi_enc TEXT NULL AFTER So_ResultentrySmwtPostTensi,
ADD COLUMN So_ResultentrySmwtPostSPO2_enc TEXT NULL AFTER So_ResultentrySmwtPostSPO2,
ADD COLUMN So_ResultentrySmwtPostNadi_enc TEXT NULL AFTER So_ResultentrySmwtPostNadi,
ADD COLUMN So_ResultentrySmwtVOMax_enc TEXT NULL AFTER So_ResultentrySmwtVOMax,
ADD COLUMN So_ResultentrySmwtKategoriKebugaran_enc TEXT NULL AFTER So_ResultentrySmwtKategoriKebugaran;
-- ============================================================
-- one_lab.so_resultentry_srq29_conclusion: hasil SRQ-29
-- ============================================================
ALTER TABLE one_lab.so_resultentry_srq29_conclusion
ADD COLUMN So_ResultentrySrq29ConclusionResult_enc TEXT NULL AFTER So_ResultentrySrq29ConclusionResult;
-- ============================================================
-- one_lab.so_resultentrysdsinterpretation: interpretasi SDS
-- ============================================================
ALTER TABLE one_lab.so_resultentrysdsinterpretation
ADD COLUMN So_ResultEntrySDSInterpretationDisplay_enc TEXT NULL AFTER So_ResultEntrySDSInterpretationDisplay;
-- ============================================================
-- one_lab.member_eligible: data BPJS / asuransi
-- ============================================================
ALTER TABLE one_lab.member_eligible
ADD COLUMN Member_EligibleDescription_enc TEXT NULL AFTER Member_EligibleDescription;
-- ============================================================
-- one_lab_log.log_patient: audit log perubahan data pasien
-- Fix charset ke utf8mb4 (default latin1 tidak support JSON UTF-8 dari trigger)
-- ============================================================
ALTER TABLE one_lab_log.log_patient
ADD COLUMN Log_PatientJsonBefore_enc MEDIUMTEXT NULL AFTER Log_PatientJsonBefore,
ADD COLUMN Log_PatientJsonAfter_enc MEDIUMTEXT NULL AFTER Log_PatientJsonAfter;
ALTER TABLE one_lab_log.log_patient
MODIFY Log_PatientJsonBefore MEDIUMTEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci,
MODIFY Log_PatientJsonAfter MEDIUMTEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci,
MODIFY Log_PatientJsonBefore_enc MEDIUMTEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci,
MODIFY Log_PatientJsonAfter_enc MEDIUMTEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
-- ============================================================
-- one_lab_log.log_fo: audit log order FO
-- ============================================================
ALTER TABLE one_lab_log.log_fo
ADD COLUMN Log_FoJson_enc MEDIUMTEXT NULL AFTER Log_FoJson;
-- ============================================================
-- one_lab_log.log_resultentry: audit log hasil lab
-- ============================================================
ALTER TABLE one_lab_log.log_resultentry
ADD COLUMN Log_ResultEntryJSONBefore_enc MEDIUMTEXT NULL AFTER Log_ResultEntryJSONBefore,
ADD COLUMN Log_ResultEntryJSONAfter_enc MEDIUMTEXT NULL AFTER Log_ResultEntryJSONAfter;