ghost
commented
4 years ago I think this can be done simply by using the patient's Firestore document ID instead of their e-mail when getting and setting the document. However, if the e-mail is used to find the document from the user's device, then this won't work. So, check it out.
The documents that store the patients' checkin information on the Firebase Firestore are currently indexed using the their e-mail. This identifies that information to anyone, namely the developers ... namely me, who has access to the Firestore. It would be better to obfuscate or even encrypt this information using a key. I haven't looked in to how to do this, and so I am open to suggestions.