patient privacy issues, graphic display of data only

[chhotii-alex]

See https://github.com/chhotii-alex/shovel/issues/14

I am pulling apart the issues of what to do to deal with patient privacy issues if we don't offer a downloadable spreadsheet with row-level detail vs. if we DO. Here's the discussion of to-do's to deal with this issue without the download.

I have already done the following (on the svelte branch at least):

• Eliminate booleans with ≤50 individuals We've ditched 3 comorbidities, and also a couple of low-incidence catagories of catagoricals—"recently pregnant" is now lumped in with "pregnant" and "Native American" is logged in with "Other/Unknown".
• Only returning small number of significant digits on the statistics

These things are in progress:

• Use approximation signs for any value ≤20 (i.e. small group sizes) I've added the approximation symbol. However, the numbers displayed are still the exact numbers. See original ticket for notes on what we get into to implement this.
• Figure out how to turn on IP logging for node/express I've configured the node logger (morgan) to record requestor's IP address. Where exactly this info goes on the cloud platform is a bit unclear. The logger writes to stdout, which can be accessed as the run log through doctl. However is there a limit on how far back the logs go, either in terms of time or space? (There must be.) Also, do app platforms ever crash, and do the logs get saved somewhere that survives the crash? This requires experimentation. Need to set up cron jobs to download and archive logs.

[chhotii-alex]

The only thing left to do on this ticket is to finish writing the script for the cron job to get the access log. Straightforward; however it's annoying to work on this when the institution is blocking access to any DO app. Thus marked as, will work on at home.

[chhotii-alex]

Questions about this that currently require investigation:

1) Will the access log, as I've configured it, actually show the actual client IP addresses? Have communicated with DO tech support and they think so..

2) Will assigning a domain name to the DO deployment allow access to the run log from on-campus?

[chhotii-alex]

Question (1) has been addressed, DO tech support supplied the clue needed to get client IP.

Work on question (2) will wait for getting a domain name to see if that fixes things.

[chhotii-alex]

The only thing left is to deal with the access log as described here https://github.com/chhotii-alex/antigen-sensitivity/issues/41 as I had set up dealing with the access log in a quick-and-dirty way so we could go live but going forward we should do better.