Rowan, Joaquim -
This may be a place where people don't really want what they wish for. At
the conference, I was at a session where Shaun Grannis made a presentation
related to this and its implications on health info exchange architecture.
Let's suppose we have a district hospital with 5 satellite clinics, all of
which share a single OpenMRS instance. And let's say we have some
sub-locations, like the HIV-STD clinics at the satellites and district, and the
psych ward at the district, created to help us isolate out particularly
sensitive records. Let's take an ANC patient, we want to find out her HIV
status or even whether she's been tested, but we can't because of the
restriction on HIV data. Let's take a person brought in with dementia, we
can't find out if it's HIV-related or previously diagnosed because that data
doesn't cross location boundaries. Let's take the victim of an industrial
accident brought to the district ER, the hospital can't even look at his
records from one of the clinics to find out his drug allergies. Let's take a
data clerk, s/he can't run the monthly report of HIV test results. Let's take
the system admin, s/he can't look at anything, even via MySQL, we probably have
to encrypt the data.
So let's change the rules, let's suppose individual users are given the
right to access a particular patient's records for a limited period of time,
with a limited number of people designated to grant these rights (records proxy
at the primary point of service). This has been implemented in some places,
Belize for example. But there are still a couple of problems, both of which
were identified by Shaun. One is the inherent difficulty of finding the proxy
when needed. Another is the problem of using the data for public health - do
we expect the proxy at each satellite to go through each patient and
temporarily give access rights to me as regional epi?
Maybe we need to put the shoe on the other foot. Grant all users rights to
all data, but have any sensitive page log who visited when seeking data on
which patient. Then these logs (or summaries thereof) are reviewed by
management every month and privilege abusers are fired.
Saludos, Roger
From: [email protected] [mailto:[email protected]] On Behalf Of Blaya, Joaquin
Andres
Sent: Thursday, August 25, 2011 3:37 PM
To: [email protected]
Subject: Re: [OPENMRS-DEV] Location based patient access permissions
I'm one of those extremely interested in this, and would be happy to be on a
call. My additional request would be to put this into the cohort builder where
each health center would view only their patient searches/saved cohorts and
also could only see their patients if they asked for all patients.
Sent from my Android phone using TouchDown (www.nitrodesk.com)
-----Original Message-----
From: Darius Jazayeri [[email protected]]
Received: Thursday, 25 Aug 2011, 16:31
To: [email protected] [[email protected]]
Subject: Re: [OPENMRS-DEV] Location based patient access permissions
Hi Rowan,
You're correct that this is pretty straightforward to do with AOP, although you
almost definitely need to take some kind of shortcut to make it perform
adequately to limit the patient-search-by-name method called frequently via
ajax.
(Though, what defines the patient's location and the user's location? For the
patient it could be an assigned location via a PersonAttribute, or it could be
"Any encounter ever". What about for the user?)
The Restrict By Role module does a more general version of this, but was
written back in the days of OpenMRS 1.2 or 1.3, and really should be retired in
favor of something more modern.
I think this is one of the most commonly requested OpenMRS features. It's also
a huge task to implement in a general way in core, but I think it would be very
valuable to write the module you're describing. Perhaps we can organize a
discussion or call among interested people to see if there's an
easy-to-implement approach that will solve the 90% use case.
I could imagine building ~ 5 different filters that cover many use cases, and
that can be individually enabled/disabled in a config page.
-Darius
On Thu, Aug 25, 2011 at 12:03 PM, Rowan Seymour
<[email protected]<mailto:[email protected]>> wrote:
Something that's needed in Rwanda is a away to limit access to patient records
by providers based on location. Seems like this would be pretty easy to do via
aop. A very simple version would just check that the provider is from the same
location. A more sophisticated version would allow providers to be assigned to
patients from multiple locations. You could define which roles are subject to
this location requirement and which aren't.
I'm sure I've heard people discussing this before but I can't find any such
modules in the repository... I'll put something together if there isn't
something I'm missing here.
Rowan
________________________________
Click here to
unsubscribe<mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l>
from OpenMRS Developers' mailing list
________________________________
Click here to
unsubscribe<mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l>
from OpenMRS Developers' mailing list
________________________________
Click here to
unsubscribe<mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l>
from OpenMRS Developers' mailing list
_________________________________________
To unsubscribe from OpenMRS Developers' mailing list, send an e-mail to
[email protected] with "SIGNOFF openmrs-devel-l" in the body (not
the subject) of your e-mail.
[mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l]
