soc-se-bot
commented
6 days ago Team's Response
Thank you for your bug report!
Our current duplicate persons detection is done via the phone numbers of patients. This design decision currently allows for users to add multiple patients with the same email, as per your bug report. We made this design decision to detect duplicate patients via their phone number as MedConnect as our app is made for tracking the information of elderly dementia patients, who are more likely to have their own phone number, rather than their own email address.
In MedConnect, we do not allow 2 patients to have the same phone number, as seen in the screenshot below where the person to be added and Alex Yeoh (Patient #1 in the list) have the same phone number.
In a healthcare setting, phone numbers are often the primary means of contact and are unique to an individual. Using phone numbers as the basis for duplicate detection ensures that communication can reliably reach the intended person.
On the other hand, in the context of our app, which tracks contact information for elderly patients, it is important to recognize that overlapping emails may not be rare but highly plausible. Many elderly individuals may not have their own personal email addresses, and instead, they often share an email with a close family member or caregiver. Below are two such scenarios where this might possibly occur:
-
Shared Email Accounts: Elderly couples, particularly husbands and wives, may share a single email account. This is often the case when one of them is less tech-savvy and relies on their spouse or a family member to manage digital communication. For example, both a husband and wife might use a shared email like johnandmary@example.com for appointments, notifications, and general communication.
-
Family Members' Email Addresses: In many cases, elderly individuals may not be comfortable managing their own email accounts. As a result, they may use their son or daughter’s email address for receiving important messages. In this case, an elderly couple admitted in the same home are likely to share the same email. This practice helps family members keep track of critical information, such as medical appointments or emergency contacts, while ensuring that the elderly person does not need to manage multiple digital accounts.
Nevertheless, we do recognise the potential inconvenience and erroneous behaviour that adding patients with the same email might bring. Improving the duplicate detection to include email addresses is definitely a future implementation for us to improve upon for MedConnect. A possible workaround would be to prompt users with a warning when trying to add patients with already existing emails to ensure the duplication is intended. However, given that this requires significant additions to the app, such as UI elements for the confirmation prompts, this would be beyond the scope of the current version of the app.
Items for the Tester to Verify
:question: Issue response
Team chose [response.NotInScope]
- [x] I disagree
Reason for disagreement: I don't think there is such a big difference between the role of phone number and email, as it all serves as a mean of communication. In terms of implementation, I think the work won't take that much time as it is just a resemblance of what the team has done for phone number. Hence, I believe this bug is indeed a FeatureFlaw.
## :question: Issue severity Team chose [`severity.Low`] Originally [`severity.Medium`] - [x] I disagree **Reason for disagreement:** As I have pointed out above, I don't think there is such a big difference between the role of phone number and email, as it all serves as a mean of communication. We totally can apply the same rationale of the team for allowing duplicate email to phone number and still have a valid justification. For example, elderly individuals can totally use their son/family phone number as their mean of communication; leading to 2 people sharing the same phone number. Imagine a scenario where there are 2 completely strangers named Peter Do and Peter Di and their emails are peterdo@gmail.com and peterdi@gmail.com. Since i and o are two close keys in the keyboard, it is totally possible for user of the product to face a typo, and accidentally register these 2 emails as one (duplicate) into the system without any warnings from the app. And when says user want to send a private data to Peter Do (a description of illness, bills, etc) through email (It is very unlikely that this kind of data will be sent through phone number), Peter Di clearly can access this private data of Peter Do. This causes a severe data leakage and might potentially cause a lot of troubles to both 2 people. Therefore, I choose the Medium Severity for this bug
It is nearly impossible for 2 entire different persons having same email. However, this anomaly add still pass the restriction of
addcommand. It could be a chance for bad guy to do this anomaly operation for their purpose and managing work would be more difficult