cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to keep the database from return results with row counts less than 5 rows

Go to solution
mrwong05
Participant

on ‎07-06-2018 9:23 AM

0 Kudos

Hi,

I have HIPAA privacy concerns for results returned from my HANA Database 2.0.

I want the database to refuse to return results (return an error message) "rows returned less than 5 rows, please increase your search range".

Is it possible to configure the HANA engine or write custom views to limit returned results?

--Matt

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

lbreddemann
Active Contributor
‎07-06-2018 9:48 AM
0 Kudos

Such a functionality needs to be implemented in your client application. Not sure which part of HIPAA would require such a design, but if complex data access handling is one of your concerns, then direct DB access is not what you should be using in my opinion.

Show replies
Show replies
mrwong05
Participant
‎07-09-2018 8:49 AM
0 Kudos

What we like about the HANA SDA is that data does not have to physically be stored on HDD outside the hospital. You are right that that it should not be accessed through direct DB access, which is why we wanted such limiting functionality to be part of BI Platform Lumira, which I don't believe it is. Thus I hoped to do it at the DB level and then return an error to Lumira when the query returns less than 5 rows.

I'm not sure what you mean by client application. If you mean build a client side application that can handle the data, well that would defeat the purpose of not letting the client handle the sensitive Medical Data.

We are going down the route of writing our own ODBC driver to manage this feature. I was wondering HANA had the possibility to conditionally return the results like with analytical privileges.

Thank you Lars,
Matt

lbreddemann
Active Contributor
‎07-09-2018 10:29 PM
0 Kudos

With "client" I indeed meant the piece of software that reads the result set and yes, the ODBC driver can be that piece.

What's still surprising to me is the approach of not allowing result sets that contain less than 5 records. Highly aggregated queries that deliver key figures often return only a view records. In fact, that's their very purpose.

Can you share a bit more about this requirement? The naive view would be to provide an upper limit of records in order to avoid a "data dump" query if data security is the concern here. Why the lower limit?

mrwong05
Participant
‎07-10-2018 3:02 AM
0 Kudos

Hi Lars,

You have a great question, and the lower limit comes from the fact that for a specific enough query, individual patients could be identified from a single row returned. for example a rare disease patient is taking a very expensive and rare drug only give to 1 patient at the hospital as part of a multi-hospital study. That patient could be cross referenced to with other data sources from News, Pharma, or Doctors to identify the patient. With 5 patients, with the same conditions met, it's harder to identify the individual patient from the set.

--Matt

lbreddemann
Active Contributor
‎07-10-2018 4:47 AM
0 Kudos

That's what I suspected.

Maybe a feature that might help you with this is the HANA Data Anonymization feature:

https://blogs.sap.com/2018/04/23/sap-hana-2.0-sps-03-whats-new-security-by-the-sap-hana-academy/

Answers (1)

Answers (1)

lbreddemann
Active Contributor
‎07-06-2018 9:48 AM
0 Kudos

Such a functionality needs to be implemented in your client application. Not sure which part of HIPAA would require such a design, but if complex data access handling is one of your concerns, then direct DB access is not what you should be using in my opinion.

Show replies
Show replies
Ask a Question