Not so much an idea, as validation of Roger's idea. Our medical center's web based results review system (now being phased out, I hear), successfully used a model of
1) Technically possible for any user to view any data. Especially useful in the emergency department and for after-hours access. 2) Access to all data were logged. 3) For certain classes of results, and certain patients (staff, celebrities) users received a click through reminder/acknowledgement of their need to access this information for direct patient care, and a reminder that all click-thru accesses, and a subset of others, were audited by the security team. When I accessed my own record (medical staff), for the first couple of years, I'd get audited, but eventually an exception was made for that...! I didn't put those ideas on the etherpad - not really requirements, I think. But feel free to add them if you think they're useful. Bill From: [email protected] [mailto:[email protected]] On Behalf Of Darius Jazayeri Sent: Thursday, August 25, 2011 2:42 PM To: [email protected] Subject: Re: [OPENMRS-DEV] Location based patient access permissions I created an etherpad to start to collect ideas: http://notes.openmrs.org/limited-patient-access-module-planning -Darius On Thu, Aug 25, 2011 at 2:24 PM, Friedman, Roger (CDC/CGH/DGHA) (CTR) <[email protected]<mailto:[email protected]>> wrote: Rowan, Joaquim - This may be a place where people don't really want what they wish for. At the conference, I was at a session where Shaun Grannis made a presentation related to this and its implications on health info exchange architecture. Let's suppose we have a district hospital with 5 satellite clinics, all of which share a single OpenMRS instance. And let's say we have some sub-locations, like the HIV-STD clinics at the satellites and district, and the psych ward at the district, created to help us isolate out particularly sensitive records. Let's take an ANC patient, we want to find out her HIV status or even whether she's been tested, but we can't because of the restriction on HIV data. Let's take a person brought in with dementia, we can't find out if it's HIV-related or previously diagnosed because that data doesn't cross location boundaries. Let's take the victim of an industrial accident brought to the district ER, the hospital can't even look at his records from one of the clinics to find out his drug allergies. Let's take a data clerk, s/he can't run the monthly report of HIV test results. Let's take the system admin, s/he can't look at anything, even via MySQL, we probably have to encrypt the data. So let's change the rules, let's suppose individual users are given the right to access a particular patient's records for a limited period of time, with a limited number of people designated to grant these rights (records proxy at the primary point of service). This has been implemented in some places, Belize for example. But there are still a couple of problems, both of which were identified by Shaun. One is the inherent difficulty of finding the proxy when needed. Another is the problem of using the data for public health - do we expect the proxy at each satellite to go through each patient and temporarily give access rights to me as regional epi? Maybe we need to put the shoe on the other foot. Grant all users rights to all data, but have any sensitive page log who visited when seeking data on which patient. Then these logs (or summaries thereof) are reviewed by management every month and privilege abusers are fired. Saludos, Roger From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Blaya, Joaquin Andres Sent: Thursday, August 25, 2011 3:37 PM To: [email protected]<mailto:[email protected]> Subject: Re: [OPENMRS-DEV] Location based patient access permissions I'm one of those extremely interested in this, and would be happy to be on a call. My additional request would be to put this into the cohort builder where each health center would view only their patient searches/saved cohorts and also could only see their patients if they asked for all patients. Sent from my Android phone using TouchDown (www.nitrodesk.com<http://www.nitrodesk.com>) -----Original Message----- From: Darius Jazayeri [[email protected]<mailto:djazayeri%[email protected]>] Received: Thursday, 25 Aug 2011, 16:31 To: [email protected]<mailto:[email protected]> [[email protected]<mailto:[email protected]>] Subject: Re: [OPENMRS-DEV] Location based patient access permissions Hi Rowan, You're correct that this is pretty straightforward to do with AOP, although you almost definitely need to take some kind of shortcut to make it perform adequately to limit the patient-search-by-name method called frequently via ajax. (Though, what defines the patient's location and the user's location? For the patient it could be an assigned location via a PersonAttribute, or it could be "Any encounter ever". What about for the user?) The Restrict By Role module does a more general version of this, but was written back in the days of OpenMRS 1.2 or 1.3, and really should be retired in favor of something more modern. I think this is one of the most commonly requested OpenMRS features. It's also a huge task to implement in a general way in core, but I think it would be very valuable to write the module you're describing. Perhaps we can organize a discussion or call among interested people to see if there's an easy-to-implement approach that will solve the 90% use case. I could imagine building ~ 5 different filters that cover many use cases, and that can be individually enabled/disabled in a config page. -Darius On Thu, Aug 25, 2011 at 12:03 PM, Rowan Seymour <[email protected]<mailto:[email protected]>> wrote: Something that's needed in Rwanda is a away to limit access to patient records by providers based on location. Seems like this would be pretty easy to do via aop. A very simple version would just check that the provider is from the same location. A more sophisticated version would allow providers to be assigned to patients from multiple locations. You could define which roles are subject to this location requirement and which aren't. I'm sure I've heard people discussing this before but I can't find any such modules in the repository... I'll put something together if there isn't something I'm missing here. Rowan ________________________________ Click here to unsubscribe<mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l> from OpenMRS Developers' mailing list ________________________________ Click here to unsubscribe<mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l> from OpenMRS Developers' mailing list ________________________________ Click here to unsubscribe<mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l> from OpenMRS Developers' mailing list ________________________________ Click here to unsubscribe<mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l> from OpenMRS Developers' mailing list ________________________________ Click here to unsubscribe<mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l> from OpenMRS Developers' mailing list _________________________________________ To unsubscribe from OpenMRS Developers' mailing list, send an e-mail to [email protected] with "SIGNOFF openmrs-devel-l" in the body (not the subject) of your e-mail. [mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l]
