It might be necessary to show most personal details of one participant to another, but it should be enforced that if a validation strategy exists in that instance, then only approved users can see personal details of other users.
For example, in m4h, hospitals have to be approved, therefore they should only be able to see personal details once they are an approved hospital with a validated email.
In a system where approvals are not used, it should be configurable and clearly documented, which fields are visible for other participants of both types.
It might be necessary to show most personal details of one participant to another, but it should be enforced that if a validation strategy exists in that instance, then only approved users can see personal details of other users.
For example, in m4h, hospitals have to be approved, therefore they should only be able to see personal details once they are an approved hospital with a validated email.
In a system where approvals are not used, it should be configurable and clearly documented, which fields are visible for other participants of both types.