Skip to main content

Registration Service — Service Risk Register

Status: populated Owner: TBD Last updated: 2026-04-17 Companion: Service Template

Risk Register

ID	Risk	Likelihood	Impact	Owner	Mitigation
RISK-REG-01	Wrong-patient error due to MPI miss (false negative)	Medium	Critical (patient safety)	Clinical Safety Lead	Configurable MPI thresholds; duplicate review UI; periodic MPI calibration against known duplicates
RISK-REG-02	Incorrect merge permanently damages identity record	Low	Critical (data integrity)	Platform Architect	Unmerge capability; full merge audit trail; multi-step approval (phase D)
RISK-REG-03	Unidentified patient records never reconciled (data debt)	Medium	High	Operations	SLA reminder system (`REGISTRATION_UNIDENTIFIED_SLA_DAYS`); reconciliation queue; alert on SLA breach
RISK-REG-04	National ID data breach (masking bypass)	Low	Critical (legal/compliance)	Security Lead	Column-level masking by role; RLS; audit on national ID access; portrait encryption key rotation
RISK-REG-05	HL7 ADT inbound data quality issues corrupt demographics	Medium	High	Integration Lead	ADT parsing validation; idempotent replay; dead-letter queue review workflow
RISK-REG-06	PostgreSQL upgrade breaks `pg_trgm` fuzzy search	Low	Medium	DevOps	Smoke test suite for search in CI; `pg_trgm` version pinned in migration
RISK-REG-07	Redis unavailability causes duplicate patient creates	Low	Medium	DevOps	MPI acts as safety net; alert on Redis downtime; auto-recovery within minutes
RISK-REG-08	Deceased patient scheduling not blocked	Low	High	Clinical Safety Lead	Vital-status event consumed by scheduling-service; scheduling must implement deceased guard
RISK-REG-09	Multi-country identifier format expansion not tested	Medium	Medium	QA Lead	Country-configurable validation regexes; integration tests per supported jurisdiction

Risk Register