Very interesting and will look up that presentation on the virtual conference site.
If the auditing approach was sufficient then UsageStatistics already logs all patient record accesses. It would though still require some enforcement of locations for users and patients to make it easier to identify incidents when a user accesses a patient who is not from their location. On 25 August 2011 17:24, Friedman, Roger (CDC/CGH/DGHA) (CTR) <[email protected]>wrote: > Rowan, Joaquim –**** > > This may be a place where people don’t really want what they wish for. > At the conference, I was at a session where Shaun Grannis made a > presentation related to this and its implications on health info exchange > architecture.**** > > Let’s suppose we have a district hospital with 5 satellite clinics, all > of which share a single OpenMRS instance. And let’s say we have some > sub-locations, like the HIV-STD clinics at the satellites and district, and > the psych ward at the district, created to help us isolate out particularly > sensitive records. Let’s take an ANC patient, we want to find out her HIV > status or even whether she’s been tested, but we can’t because of the > restriction on HIV data. Let’s take a person brought in with dementia, we > can’t find out if it’s HIV-related or previously diagnosed because that data > doesn’t cross location boundaries. Let’s take the victim of an industrial > accident brought to the district ER, the hospital can’t even look at his > records from one of the clinics to find out his drug allergies. Let’s take > a data clerk, s/he can’t run the monthly report of HIV test results. Let’s > take the system admin, s/he can’t look at anything, even via MySQL, we > probably have to encrypt the data.**** > > So let’s change the rules, let’s suppose individual users are given the > right to access a particular patient’s records for a limited period of time, > with a limited number of people designated to grant these rights (records > proxy at the primary point of service). This has been implemented in some > places, Belize for example. But there are still a couple of problems, both > of which were identified by Shaun. One is the inherent difficulty of > finding the proxy when needed. Another is the problem of using the data for > public health – do we expect the proxy at each satellite to go through each > patient and temporarily give access rights to me as regional epi?**** > > Maybe we need to put the shoe on the other foot. Grant all users > rights to all data, but have any sensitive page log who visited when seeking > data on which patient. Then these logs (or summaries thereof) are reviewed > by management every month and privilege abusers are fired.**** > > Saludos, Roger **** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Blaya, > Joaquin Andres > *Sent:* Thursday, August 25, 2011 3:37 PM > > *To:* [email protected] > *Subject:* Re: [OPENMRS-DEV] Location based patient access permissions**** > > ** ** > > I'm one of those extremely interested in this, and would be happy to be on > a call. My additional request would be to put this into the cohort builder > where each health center would view only their patient searches/saved > cohorts and also could only see their patients if they asked for all > patients. > > Sent from my Android phone using TouchDown (www.nitrodesk.com) > > -----Original Message----- > *From:* Darius Jazayeri [[email protected]] > *Received:* Thursday, 25 Aug 2011, 16:31 > *To:* [email protected] [ > [email protected]] > *Subject:* Re: [OPENMRS-DEV] Location based patient access permissions**** > > Hi Rowan, **** > > ** ** > > You're correct that this is pretty straightforward to do with AOP, although > you almost definitely need to take some kind of shortcut to make it perform > adequately to limit the patient-search-by-name method called frequently via > ajax.**** > > ** ** > > (Though, what defines the patient's location and the user's location? For > the patient it could be an assigned location via a PersonAttribute, or it > could be "Any encounter ever". What about for the user?)**** > > ** ** > > The Restrict By Role module does a more general version of this, but was > written back in the days of OpenMRS 1.2 or 1.3, and really should be retired > in favor of something more modern.**** > > ** ** > > I think this is one of the most commonly requested OpenMRS features. It's > also a huge task to implement in a general way in core, but I think it would > be very valuable to write the module you're describing. Perhaps we can > organize a discussion or call among interested people to see if there's an > easy-to-implement approach that will solve the 90% use case.**** > > ** ** > > I could imagine building ~ 5 different filters that cover many use cases, > and that can be individually enabled/disabled in a config page.**** > > ** ** > > -Darius**** > > On Thu, Aug 25, 2011 at 12:03 PM, Rowan Seymour <[email protected]> > wrote:**** > > Something that's needed in Rwanda is a away to limit access to patient > records by providers based on location. Seems like this would be pretty easy > to do via aop. A very simple version would just check that the provider is > from the same location. A more sophisticated version would allow providers > to be assigned to patients from multiple locations. You could define which > roles are subject to this location requirement and which aren't. **** > > ** ** > > I'm sure I've heard people discussing this before but I can't find any such > modules in the repository... I'll put something together if there isn't > something I'm missing here.**** > > ** ** > > Rowan**** > ------------------------------ > > Click here to > unsubscribe<[email protected]?body=SIGNOFF%20openmrs-devel-l>from > OpenMRS Developers' mailing list > **** > > ** ** > ------------------------------ > > Click here to > unsubscribe<[email protected]?body=SIGNOFF%20openmrs-devel-l>from > OpenMRS Developers' mailing list > **** > ------------------------------ > > Click here to > unsubscribe<[email protected]?body=SIGNOFF%20openmrs-devel-l>from > OpenMRS Developers' mailing list > **** > ------------------------------ > Click here to > unsubscribe<[email protected]?body=SIGNOFF%20openmrs-devel-l>from > OpenMRS Developers' mailing list > -- *Rowan Seymour* tel: +250 783835665 http://twitter.com/rowanseymour _________________________________________ To unsubscribe from OpenMRS Developers' mailing list, send an e-mail to [email protected] with "SIGNOFF openmrs-devel-l" in the body (not the subject) of your e-mail. [mailto:[email protected]?body=SIGNOFF%20openmrs-devel-l]
