At the respondent level inappropriate access control for the communication and activity logs makes it possible for staff to see log details of patients in other organizations (if they now the patient number in that organization).
The risk of this happening, let alone happening with malicious intent is low; but it should not be possible.
This is fixed in 1.9.1, but if this is seen as a serious risc, the solution is to remove the right to look at the mail and access log of any patient.
At the respondent level inappropriate access control for the communication and activity logs makes it possible for staff to see log details of patients in other organizations (if they now the patient number in that organization).
The risk of this happening, let alone happening with malicious intent is low; but it should not be possible.
This is fixed in 1.9.1, but if this is seen as a serious risc, the solution is to remove the right to look at the mail and access log of any patient.