FHM31052601IBL - drop _enc hasil lab: nilai klinis bukan PII, trigger butuh plaintext

t_orderdetail, t_orderheader, so_resultentry*, member_eligible tidak dienkripsi. Perlindungan via enkripsi identitas pasien (m_patient) + access control. Hanya t_orderdelivery (email/HP delivery) yang tetap dienkripsi. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-31 15:49:37 +07:00
parent c1b9891727
commit de7444d5d5
2 changed files with 17 additions and 105 deletions
--- a/docs/pdp-encryption-runbook.md
+++ b/docs/pdp-encryption-runbook.md
@@ -135,19 +135,15 @@ mysql -e "SELECT COUNT(*) total, COUNT(M_PatientAddressDescription_enc) done

 ---

-### Step 7 — Encrypt Data Hasil Lab & Order
+### Step 7 — Encrypt Tujuan Pengiriman Hasil (t_orderdelivery)

 ```bash
-# Hasil lab: t_orderdetail, t_orderheader, so_resultentry*, dll
-# Estimasi: 30-60 menit (banyak tabel)
-php scripts/migrate_encrypt_results.php
-
-# Tujuan pengiriman hasil (email/HP di t_orderdelivery)
+# HANYA t_orderdelivery — berisi email/HP pasien (PII nyata, bisa dimasking)
+# Tabel hasil lab (t_orderdetail, so_resultentry*, dll) TIDAK dienkripsi —
+# lihat bagian "Keputusan Arsitektur" di bawah
 php scripts/migrate_encrypt_orderdelivery.php

 # Verifikasi
-mysql -e "SELECT COUNT(*) total, COUNT(T_OrderDetailResult_enc) done
-  FROM one_lab.t_orderdetail;"
 mysql -e "SELECT COUNT(*) total, COUNT(T_OrderDeliveryDestination_enc) done
  FROM one_lab.t_orderdelivery;"
 ```
@@ -229,22 +225,10 @@ mysql -e "SHOW STATUS LIKE 'Threads_connected';"
 | M_PatientAddressEmail | ✅ | — |
 | M_PatientAddressPhone | ✅ | — |

-### Hasil Lab & Order
+### Tujuan Pengiriman Hasil (PII nyata)
 | Tabel | Field |
 |-------|-------|
-| `t_orderdetail` | T_OrderDetailResult, T_OrderDetailNote |
-| `t_orderheader` | T_OrderHeaderDiagnose |
-| `t_orderdelivery` | T_OrderDeliveryDestination |
-| `so_resultentrydetail` | So_ResultEntryDetailResult |
-| `so_resultentrydetail_other` | OtherResult, OtherResultBefore |
-| `so_resultentry_fisik_umum` | FisikUmumDetails |
-| `so_resultentry_fisik_summary` | Value, Value2 |
-| `so_resultentry_other` | OtherNote |
-| `so_resultentry_fisioterapi` | FisioterapiDetails |
-| `so_resultentry_smwt` | Weight, Height, BMI, Tensi, SPO2, Nadi, VOMax, Kebugaran |
-| `so_resultentry_srq29_conclusion` | ConclusionResult |
-| `so_resultentrysdsinterpretation` | InterpretationDisplay |
-| `member_eligible` | Member_EligibleDescription |
+| `t_orderdelivery` | T_OrderDeliveryDestination (email/HP) |

 ### Log
 | Tabel | Field |
@@ -256,7 +240,11 @@ mysql -e "SHOW STATUS LIKE 'Threads_connected';"
 ### TIDAK Dienkripsi (keputusan disengaja)
 | Tabel | Alasan |
 |-------|--------|
-| `mcu_resume_results` | JSON berisi nilai lab tanpa PII langsung. Enkripsi memberatkan global MCU report. Source data (`t_orderdetail`) sudah dienkripsi. |
+| `t_orderdetail`, `t_orderheader` | Nilai hasil lab bukan PII tanpa identitas pasien. Trigger butuh plaintext untuk flag H/L/N. |
+| `so_resultentry_*`, `member_eligible` | Nilai klinis, bukan PII langsung. Plaintext dibutuhkan proses operasional. |
+| `mcu_resume_results` | JSON nilai lab tanpa PII. Enkripsi memberatkan global MCU report. |
+
+**Perlindungan hasil lab** tetap via: identitas pasien terenkripsi di `m_patient` + access control + audit log.

 ---

--- a/sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql
+++ b/sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql
@@ -35,89 +35,13 @@ ALTER TABLE one_lab.t_orderdelivery
    ADD COLUMN T_OrderDeliveryDestination_enc TEXT NULL AFTER T_OrderDeliveryDestination;

 -- ============================================================
-- one_lab.t_orderdetail: nilai hasil lab utama
+-- KEPUTUSAN: Hasil lab TIDAK dienkripsi di kolom _enc
+-- Alasan: nilai lab ("34", "NORMAL") bukan PII tanpa identitas pasien.
+--         Plaintext dibutuhkan trigger t_orderdetail_bu untuk flag H/L/N.
+--         Perlindungan via: enkripsi identitas pasien (m_patient) + access control.
+-- Tabel yang TIDAK punya _enc:
+--   t_orderdetail, t_orderheader, so_resultentry*, member_eligible
 -- ============================================================
-ALTER TABLE one_lab.t_orderdetail
-    ADD COLUMN T_OrderDetailResult_enc TEXT NULL AFTER T_OrderDetailResult,
-    ADD COLUMN T_OrderDetailNote_enc   TEXT NULL AFTER T_OrderDetailNote;
-
-- ============================================================
-- one_lab.t_orderheader: diagnosa dokter
-- ============================================================
-ALTER TABLE one_lab.t_orderheader
-    ADD COLUMN T_OrderHeaderDiagnose_enc TEXT NULL AFTER T_OrderHeaderDiagnose;
-
-- ============================================================
-- one_lab.so_resultentrydetail: hasil lab standar
-- ============================================================
-ALTER TABLE one_lab.so_resultentrydetail
-    ADD COLUMN So_ResultEntryDetailResult_enc TEXT NULL AFTER So_ResultEntryDetailResult;
-
-- ============================================================
-- one_lab.so_resultentrydetail_other: hasil lab nonstandar
-- ============================================================
-ALTER TABLE one_lab.so_resultentrydetail_other
-    ADD COLUMN So_ResultEntryDetailOtherResult_enc       TEXT NULL AFTER So_ResultEntryDetailOtherResult,
-    ADD COLUMN So_ResultEntryDetailOtherResultBefore_enc TEXT NULL AFTER So_ResultEntryDetailOtherResultBefore;
-
-- ============================================================
-- one_lab.so_resultentry_fisik_umum: JSON pemeriksaan fisik
-- ============================================================
-ALTER TABLE one_lab.so_resultentry_fisik_umum
-    ADD COLUMN So_ResultEntryFisikUmumDetails_enc TEXT NULL AFTER So_ResultEntryFisikUmumDetails;
-
-- ============================================================
-- one_lab.so_resultentry_fisik_summary: ringkasan fisik
-- ============================================================
-ALTER TABLE one_lab.so_resultentry_fisik_summary
-    ADD COLUMN So_ResultEntryFisikSummaryValue_enc  TEXT NULL AFTER So_ResultEntryFisikSummaryValue,
-    ADD COLUMN So_ResultEntryFisikSummaryValue2_enc TEXT NULL AFTER So_ResultEntryFisikSummaryValue2;
-
-- ============================================================
-- one_lab.so_resultentry_other: catatan hasil
-- ============================================================
-ALTER TABLE one_lab.so_resultentry_other
-    ADD COLUMN So_ResultEntryOtherNote_enc TEXT NULL AFTER So_ResultEntryOtherNote;
-
-- ============================================================
-- one_lab.so_resultentry_fisioterapi
-- ============================================================
-ALTER TABLE one_lab.so_resultentry_fisioterapi
-    ADD COLUMN So_ResultEntdyFisioterapiDetails_enc TEXT NULL AFTER So_ResultEntdyFisioterapiDetails;
-
-- ============================================================
-- one_lab.so_resultentry_smwt: hasil 6MWT
-- ============================================================
-ALTER TABLE one_lab.so_resultentry_smwt
-    ADD COLUMN So_ResultentrySmwtWeight_enc            TEXT NULL AFTER So_ResultentrySmwtWeight,
-    ADD COLUMN So_ResultentrySmwtHeight_enc            TEXT NULL AFTER So_ResultentrySmwtHeight,
-    ADD COLUMN So_ResultentrySmwtBMI_enc               TEXT NULL AFTER So_ResultentrySmwtBMI,
-    ADD COLUMN So_ResultentrySmwtPreTensi_enc          TEXT NULL AFTER So_ResultentrySmwtPreTensi,
-    ADD COLUMN So_ResultentrySmwtPreSPO2_enc           TEXT NULL AFTER So_ResultentrySmwtPreSPO2,
-    ADD COLUMN So_ResultentrySmwtPreNadi_enc           TEXT NULL AFTER So_ResultentrySmwtPreNadi,
-    ADD COLUMN So_ResultentrySmwtPostTensi_enc         TEXT NULL AFTER So_ResultentrySmwtPostTensi,
-    ADD COLUMN So_ResultentrySmwtPostSPO2_enc          TEXT NULL AFTER So_ResultentrySmwtPostSPO2,
-    ADD COLUMN So_ResultentrySmwtPostNadi_enc          TEXT NULL AFTER So_ResultentrySmwtPostNadi,
-    ADD COLUMN So_ResultentrySmwtVOMax_enc             TEXT NULL AFTER So_ResultentrySmwtVOMax,
-    ADD COLUMN So_ResultentrySmwtKategoriKebugaran_enc TEXT NULL AFTER So_ResultentrySmwtKategoriKebugaran;
-
-- ============================================================
-- one_lab.so_resultentry_srq29_conclusion: hasil SRQ-29
-- ============================================================
-ALTER TABLE one_lab.so_resultentry_srq29_conclusion
-    ADD COLUMN So_ResultentrySrq29ConclusionResult_enc TEXT NULL AFTER So_ResultentrySrq29ConclusionResult;
-
-- ============================================================
-- one_lab.so_resultentrysdsinterpretation: interpretasi SDS
-- ============================================================
-ALTER TABLE one_lab.so_resultentrysdsinterpretation
-    ADD COLUMN So_ResultEntrySDSInterpretationDisplay_enc TEXT NULL AFTER So_ResultEntrySDSInterpretationDisplay;
-
-- ============================================================
-- one_lab.member_eligible: data BPJS / asuransi
-- ============================================================
-ALTER TABLE one_lab.member_eligible
-    ADD COLUMN Member_EligibleDescription_enc TEXT NULL AFTER Member_EligibleDescription;

 -- ============================================================
 -- one_lab.mcu_resume_results: TIDAK dienkripsi