Cool, I put my notes there. Roger, I think you are right about this getting extremely complex. So far the view I have (and fortunately the people who will be using share it) that you should only be able to see the patient's under your care i.e. in your institution, however, once that patient is under your care then all of their information is available to you, not just from your institution. There's always the sensitive information that may need to be restricted, but I think that's a level of detail that we won't get to in this discussion.
Joaquin ___________________________________________________________________ Chief Technology Officer, eHealth Systems Chile Research Fellow, Harvard Medical School/Partners In Health Moderator, GHDOnline.org -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Darius Jazayeri Sent: Thursday, August 25, 2011 17:42 To: [email protected] Subject: Re: [OPENMRS-DEV] Location based patient access permissions I created an etherpad to start to collect ideas: http://notes.openmrs.org/limited-patient-access-module-planning -Darius On Thu, Aug 25, 2011 at 2:24 PM, Friedman, Roger (CDC/CGH/DGHA) (CTR) <[email protected]> wrote: Rowan, Joaquim - This may be a place where people don't really want what they wish for. At the conference, I was at a session where Shaun Grannis made a presentation related to this and its implications on health info exchange architecture. Let's suppose we have a district hospital with 5 satellite clinics, all of which share a single OpenMRS instance. And let's say we have some sub-locations, like the HIV-STD clinics at the satellites and district, and the psych ward at the district, created to help us isolate out particularly sensitive records. Let's take an ANC patient, we want to find out her HIV status or even whether she's been tested, but we can't because of the restriction on HIV data. Let's take a person brought in with dementia, we can't find out if it's HIV-related or previously diagnosed because that data doesn't cross location boundaries. Let's take the victim of an industrial accident brought to the district ER, the hospital can't even look at his records from one of the clinics to find out his drug allergies. Let's take a data clerk, s/he can't run the monthly report of HIV test results. Let's take the system admin, s/he can't look at anything, even via MySQL, we probably have to encrypt the data. So let's change the rules, let's suppose individual users are given the right to access a particular patient's records for a limited period of time, with a limited number of people designated to grant these rights (records proxy at the primary point of service). This has been implemented in some places, Belize for example. But there are still a couple of problems, both of which were identified by Shaun. One is the inherent difficulty of finding the proxy when needed. Another is the problem of using the data for public health - do we expect the proxy at each satellite to go through each patient and temporarily give access rights to me as regional epi? Maybe we need to put the shoe on the other foot. Grant all users rights to all data, but have any sensitive page log who visited when seeking data on which patient. Then these logs (or summaries thereof) are reviewed by management every month and privilege abusers are fired. Saludos, Roger From: [email protected] [mailto:[email protected]] On Behalf Of Blaya, Joaquin Andres Sent: Thursday, August 25, 2011 3:37 PM To: [email protected] Subject: Re: [OPENMRS-DEV] Location based patient access permissions I'm one of those extremely interested in this, and would be happy to be on a call. My additional request would be to put this into the cohort builder where each health center would view only their patient searches/saved cohorts and also could only see their patients if they asked for all patients. Sent from my Android phone using TouchDown (www.nitrodesk.com) -----Original Message----- From: Darius Jazayeri [[email protected] <mailto:djazayeri%[email protected]> ] Received: Thursday, 25 Aug 2011, 16:31 To: [email protected] [[email protected]] Subject: Re: [OPENMRS-DEV] Location based patient access permissions Hi Rowan, You're correct that this is pretty straightforward to do with AOP, although you almost definitely need to take some kind of shortcut to make it perform adequately to limit the patient-search-by-name method called frequently via ajax. (Though, what defines the patient's location and the user's location? For the patient it could be an assigned location via a PersonAttribute, or it could be "Any encounter ever". What about for the user?) The Restrict By Role module does a more general version of this, but was written back in the days of OpenMRS 1.2 or 1.3, and really should be retired in favor of something more modern. I think this is one of the most commonly requested OpenMRS features. It's also a huge task to implement in a general way in core, but I think it would be very valuable to write the module you're describing. Perhaps we can organize a discussion or call among interested people to see if there's an easy-to-implement approach that will solve the 90% use case. I could imagine building ~ 5 different filters that cover many use cases, and that can be individually enabled/disabled in a config page. -Darius On Thu, Aug 25, 2011 at 12:03 PM, Rowan Seymour <[email protected]> wrote: Something that's needed in Rwanda is a away to limit access to patient records by providers based on location. Seems like this would be pretty easy to do via aop. A very simple version would just check that the provider is from the same location. A more sophisticated version would allow providers to be assigned to patients from multiple locations. You could define which roles are subject to this location requirement and which aren't. I'm sure I've heard people discussing this before but I can't find any such modules in the repository... I'll put something together if there isn't something I'm missing here. Rowan ________________________________ Click here to unsubscribe <mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l> from OpenMRS Developers' mailing list ________________________________ Click here to unsubscribe <mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l> from OpenMRS Developers' mailing list ________________________________ Click here to unsubscribe <mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l> from OpenMRS Developers' mailing list ________________________________ Click here to unsubscribe <mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l> from OpenMRS Developers' mailing list ________________________________ Click here to unsubscribe <mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l> from OpenMRS Developers' mailing list _________________________________________ To unsubscribe from OpenMRS Developers' mailing list, send an e-mail to [email protected] with "SIGNOFF openmrs-devel-l" in the body (not the subject) of your e-mail. [mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l]
