HighFile-scopeJava Plug & play

Enforce “minimum necessary” data selection in queries

When reading from PHI tables, project only authorized fields and avoid SELECT *. Implement whitelists per role and document them. Reject requests lacking a Purpose-Of-Use justification.

Add to Mesrai Open workspace

Why this matters

HIPAA’s minimum necessary standard reduces exposure by limiting PHI to what’s required for a task.

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

@Query("SELECT * FROM patients WHERE id=:id") Patient find(@Param("id") Long id);

Prefer

interface PatientView { String getInitials(); LocalDate getDob(); }
@Query("SELECT p.initials AS initials, p.dob AS dob FROM Patient p WHERE p.id=:id") PatientView findView(@Param("id") Long id);

More snippets

Bad

SELECT * FROM patients WHERE id=?

Good

SELECT initials, dob FROM patients WHERE id=?

Related rules

From the same buckets as this rule.

Critical
Check consent and role-based authorization before returning ePHI
Handlers must verify the requester’s role and a valid consent/relationship (e.g., care team assignment) before disclosing ePHI; include Purpose-Of-Use in the decision and audit the outcome.
compliance-hipaasecurity-hardening+2
Critical
Encrypt ePHI at rest with KMS-managed AES-256 and envelope keys
Before persisting ePHI, encrypt using a data key protected by a Key Management Service (KMS). Use authenticated encryption (AES-256-GCM or equivalent), rotate keys, and store the key id and algorithm with the record.
compliance-hipaasecurity-hardening+2
High
De-identify analytics and block PHI egress to third parties
Any PR that adds or modifies telemetry/analytics must prove that no PHI leaves the boundary. Use irreversible tokenization or hashing (HMAC with secret salt) for identifiers and document the data dictionary.
compliance-hipaaprivacy-pii+2

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

@Query("SELECT * FROM patients WHERE id=:id") Patient find(@Param("id") Long id);

Prefer

interface PatientView { String getInitials(); LocalDate getDob(); }
@Query("SELECT p.initials AS initials, p.dob AS dob FROM Patient p WHERE p.id=:id") PatientView findView(@Param("id") Long id);

More snippets

Bad

SELECT * FROM patients WHERE id=?

Good

SELECT initials, dob FROM patients WHERE id=?

Related rules

From the same buckets as this rule.

Critical

Check consent and role-based authorization before returning ePHI

Handlers must verify the requester’s role and a valid consent/relationship (e.g., care team assignment) before disclosing ePHI; include Purpose-Of-Use in the decision and audit the outcome.

compliance-hipaasecurity-hardening+2

Critical

Encrypt ePHI at rest with KMS-managed AES-256 and envelope keys

Before persisting ePHI, encrypt using a data key protected by a Key Management Service (KMS). Use authenticated encryption (AES-256-GCM or equivalent), rotate keys, and store the key id and algorithm with the record.

compliance-hipaasecurity-hardening+2

High

De-identify analytics and block PHI egress to third parties

Any PR that adds or modifies telemetry/analytics must prove that no PHI leaves the boundary. Use irreversible tokenization or hashing (HMAC with secret salt) for identifiers and document the data dictionary.

compliance-hipaaprivacy-pii+2