RE: [Care2002-developers] Education Provision

Thu, 19 Feb 2004 22:03:03 -0800 

Ideally the data itself needs to have flags about what can be shared with
outside agencies - ie it is not an 'all-or-none' affair: a referring doctor
or clinic for example might be given read-only access to a patient's
admission data - not all admission data, just that particular admission.
Certain data would need to be flagged as 'emergency access', for example,
that the patient is a diabetic and what treatment she is on and who her
attending physician is.  The rest of the data should be closed, even to
emergency access.  Of course the patient still has the rights to grant the
emergency room physician rights to see the whole file if she so wishes.

How we translate that to code will be interesting!  I guess it will be
similar to table and column level user rights in a database.  It also could
be very cumbersome in allocating outside agency rights thro' the GUI.

My initial thoughts: each person on the system will have their own list of
users who have access rights.  Each user is allocated a number
(1,2,4,8,16...).  Each record which contains data eg encounters, diagnosis,
notes etc etc has a user_rights field, which contains the number which
determines whether that user has rights; as a user gets entered for a
patient, his number gets added to that field.  Each patient has a 'default'
set of rights (eg GP has read-only rights to all data) which can be
overriddden. Obviously, the person who entered the data has full rights
automatically to that record (that's already there I think).

Emergency access will be a special type of user, certain types of data - eg
haemophilia, diabetes, etc, default to allow for emergency access.  Some
other 'data-types' such as STDs or HIV results etc, might default to
override the other default access.

Just some thoughts...

Regards,

Mark Painter

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Elpidio Latorilla
Sent: 20 February 2004 06:39
To: [EMAIL PROTECTED]; Terry Galloway
Subject: Re: [Care2002-developers] Education Provision


On Wednesday 18 February 2004 02:23, Terry Galloway wrote:
> 1.The idea of sharing data between institutions is an excellent
one
> as Elpilidio has stated, however there are data protection issues that
need
> to be explored.

I dont know your data protection policies yet but anyway we can explore a
possible solution theoritically.

Principle:
The person is the sole owner of his data and has the exclusive right to
decide
who is allowed to access it (except in cases of "emergency").

Technical solution:
The student whose data are stored in the university database will be given
an
official form (paper or electronic) where he can decide whether he will
allow
outside agents to access his data. If no, then the data are flagged as
"this_inst_only". If yes, then he can check which outside agents are allowed
access.

Example form:

Allow access for outside agenst  [Yes]  [No]
If yes pls. check the ff: agents:

[ ] All outside agents
[ ] Rural clinic 1
[ ] City General Hospital
[ ] Dr. Smith GP

Signature ___________________________

All selected agents will then be included in the flag. Once an outsider
requests access to the data, the system will check whether he is on the list
of allowed agents.

Regarding "emergency" cases,  there is a big problem here. Although it is
technically very easy for the agent to send an "emergency" code together
with
the access request, how will the system know that this is a legitimate
"emergency" case?

Any ideas, or tested solutions for this?

Regards,
elpidio


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=ick
_______________________________________________
Care2002-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/care2002-developers



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Care2002-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/care2002-developers

Reply via email to