154 lines
5.1 KiB
JSON
154 lines
5.1 KiB
JSON
{
|
|
"timestamp": "2025-07-08T21:51:41.326Z",
|
|
"summary": {
|
|
"hipaaCompliance": {
|
|
"status": "NEEDS_ATTENTION",
|
|
"violations": 10
|
|
},
|
|
"authentication": {
|
|
"status": "NEEDS_ATTENTION",
|
|
"issues": 8
|
|
},
|
|
"parameterAccuracy": {
|
|
"status": "PASS",
|
|
"accuracy": "90.0%",
|
|
"checkedEndpoints": 10,
|
|
"accurateEndpoints": 9
|
|
}
|
|
},
|
|
"issues": {
|
|
"hipaaViolations": [
|
|
{
|
|
"type": "HIPAA_VIOLATION",
|
|
"path": "/api/emr/provider-register",
|
|
"issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
|
|
"recommendation": "Move to PROVIDER or PATIENT category"
|
|
},
|
|
{
|
|
"type": "HIPAA_VIOLATION",
|
|
"path": "/api/emr/set-password",
|
|
"issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
|
|
"recommendation": "Move to PROVIDER or PATIENT category"
|
|
},
|
|
{
|
|
"type": "HIPAA_VIOLATION",
|
|
"path": "/api/emr/provider/reset-password",
|
|
"issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
|
|
"recommendation": "Move to PROVIDER or PATIENT category"
|
|
},
|
|
{
|
|
"type": "HIPAA_VIOLATION",
|
|
"path": "/api/patient/refresh-token",
|
|
"issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
|
|
"recommendation": "Move to PROVIDER or PATIENT category"
|
|
},
|
|
{
|
|
"type": "HIPAA_VIOLATION",
|
|
"path": "/api/patient/available-slots/{date}",
|
|
"issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
|
|
"recommendation": "Move to PROVIDER or PATIENT category"
|
|
},
|
|
{
|
|
"type": "HIPAA_VIOLATION",
|
|
"path": "/api/patient/available-slots/{date}",
|
|
"issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
|
|
"recommendation": "Move to PROVIDER or PATIENT category"
|
|
},
|
|
{
|
|
"type": "HIPAA_VIOLATION",
|
|
"path": "/api/appointment/verify/{appointmentId}",
|
|
"issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
|
|
"recommendation": "Move to PROVIDER or PATIENT category"
|
|
},
|
|
{
|
|
"type": "HIPAA_VIOLATION",
|
|
"path": "/api/appointment-participants/{appointmentId}",
|
|
"issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
|
|
"recommendation": "Move to PROVIDER or PATIENT category"
|
|
},
|
|
{
|
|
"type": "HIPAA_VIOLATION",
|
|
"path": "/api/get/document/{userId}/{rowId}/{key}",
|
|
"issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
|
|
"recommendation": "Move to PROVIDER or PATIENT category"
|
|
},
|
|
{
|
|
"type": "HIPAA_VIOLATION",
|
|
"path": "/api/get/document/{userId}/{rowId}/{key}",
|
|
"issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
|
|
"recommendation": "Move to PROVIDER or PATIENT category"
|
|
}
|
|
],
|
|
"authIssues": [
|
|
{
|
|
"type": "AUTH_MISMATCH",
|
|
"path": "/api/emr/provider-register",
|
|
"currentAuth": "PUBLIC",
|
|
"expectedAuth": "PROVIDER",
|
|
"issue": "Sensitive endpoint should require PROVIDER authentication"
|
|
},
|
|
{
|
|
"type": "AUTH_MISMATCH",
|
|
"path": "/api/emr/set-password",
|
|
"currentAuth": "PUBLIC",
|
|
"expectedAuth": "PROVIDER",
|
|
"issue": "Sensitive endpoint should require PROVIDER authentication"
|
|
},
|
|
{
|
|
"type": "AUTH_MISMATCH",
|
|
"path": "/api/emr/provider/forgot-password",
|
|
"currentAuth": "PUBLIC",
|
|
"expectedAuth": "PROVIDER",
|
|
"issue": "Sensitive endpoint should require PROVIDER authentication"
|
|
},
|
|
{
|
|
"type": "AUTH_MISMATCH",
|
|
"path": "/api/emr/provider/reset-password",
|
|
"currentAuth": "PUBLIC",
|
|
"expectedAuth": "PROVIDER",
|
|
"issue": "Sensitive endpoint should require PROVIDER authentication"
|
|
},
|
|
{
|
|
"type": "AUTH_MISMATCH",
|
|
"path": "/api/patient/refresh-token",
|
|
"currentAuth": "PUBLIC",
|
|
"expectedAuth": "PATIENT",
|
|
"issue": "Sensitive endpoint should require PATIENT authentication"
|
|
},
|
|
{
|
|
"type": "AUTH_MISMATCH",
|
|
"path": "/api/patient/available-slots/{date}",
|
|
"currentAuth": "PUBLIC",
|
|
"expectedAuth": "PATIENT",
|
|
"issue": "Sensitive endpoint should require PATIENT authentication"
|
|
},
|
|
{
|
|
"type": "AUTH_MISMATCH",
|
|
"path": "/api/patient/available-slots/{date}",
|
|
"currentAuth": "PUBLIC",
|
|
"expectedAuth": "PATIENT",
|
|
"issue": "Sensitive endpoint should require PATIENT authentication"
|
|
},
|
|
{
|
|
"type": "AUTH_MISMATCH",
|
|
"path": "/api/affiliate/set-password",
|
|
"currentAuth": "PUBLIC",
|
|
"expectedAuth": "AFFILIATE",
|
|
"issue": "Sensitive endpoint should require AFFILIATE authentication"
|
|
}
|
|
],
|
|
"parameterIssues": []
|
|
},
|
|
"recommendations": [
|
|
{
|
|
"priority": "HIGH",
|
|
"category": "HIPAA Compliance",
|
|
"action": "Review and recategorize 10 endpoints that may violate HIPAA requirements"
|
|
},
|
|
{
|
|
"priority": "HIGH",
|
|
"category": "Authentication",
|
|
"action": "Fix authentication requirements for 8 sensitive endpoints"
|
|
}
|
|
]
|
|
} |