HighFile-scopeJava Plug & play

Replace printStackTrace with proper logging

Do not use printStackTrace/System.err; log via a structured logger with context and level.

Why this matters

Structured logs are routable, parsable, and support levels/contexts for observability.

Side-by-side examples engineers can pattern-match during review.

Avoid

catch (Exception e) { e.printStackTrace(); }

Prefer

catch (Exception e) { logger.error("Payment failed id={}", paymentId, e); }

Bad

e.printStackTrace()

Good

logger.warn("op failed", e)

From the same buckets as this rule.

Critical
Check consent and role-based authorization before returning ePHI
Handlers must verify the requester’s role and a valid consent/relationship (e.g., care team assignment) before disclosing ePHI; include Purpose-Of-Use in the decision and audit the outcome.
compliance-hipaasecurity-hardening+2
Critical
Mask PAN and exclude SAD from logs
Never emit Primary Account Number (PAN) or Sensitive Authentication Data (SAD: CVV/CVC, full track data, PIN) to application or audit logs. Per PCI DSS 4.0 Req. 3 and 10, always mask PAN as first6last4 and fully redact SAD before logging.
compliance-pci-dssobservability-logging+1
High
Add comprehensive error logging
Log failures with operation name, key identifiers, and exception; prefer structured logging (fields).
error-handlingobservability-logging