Hi Karsten, NEED TO KNOW is a 'working label' that has a meaning dependent upon the particular circumstance. A Healthcare Practitioner selected to perform foot surgery has a NEED TO KNOW pertinent information about the patient's feet, especially the one the surgery is to be performed on. This would include any condition that could impact the surgery and recovery, e.g., abnormal blood pressure.
A brain specialist would likely not have a NEED TO KNOW nor an interest in result related to the foot surgery, except for those 'cross-over' areas that could impact the surgery, e.g., abnormal blood pressure. In both cases the 'potential impacts' had better be identified and handled. Security systems are commonly compartmented, e.g., if a requestor needs to have access to information contained in a compartment then a NEED TO KNOW is established along with security policies and procedures. The Patient may or may not be in a position to contribute re NEED TO KNOW. Where they are they must be included, e.g., where a specific Healthcare Practitioner is to be excluded per a Patient's request. Failure to honor such a request may become expensive. Certain privacy requests should also be honored, e.g., Patient statements made in certain Healthcare environments (e.g., labor and delivery). Access to Patient, and related, records should be restricted where requested unless a superior demand is present, e.g., legal action. Identification and clarification of a specific is generally needed before NEED TO KNOW can be determined for individuals. One can say, however, that the Flower Lady does not have a NEED TO KNOW but the CHEMIST might. One is no; the other is maybe (conditional). The Patient's family Physician has a NEED TO KNOW, the Public Health Administrator may be conditional, and the Physician that lives down the block has to build a case for having some NEED TO KNOW. -Thomas Clark ----- Original Message ----- From: "Karsten Hilbert" <[email protected]> To: <openehr-technical at openehr.org> Sent: Sunday, April 27, 2003 5:48 AM Subject: Re: openEHR security; Directed to Thomas Beale > [...] > > At all points NEED TO KNOW > > governs access > [...] > > Except that the Need-To-Know paradigm doesn't work very well > in healthcare. The provider may not know what she needs to > know at the time of the patient encounter. The patient can't > possibly correctly decide what her doctor must know in order > to be able to make the right decisions (of course, the patient > is fully able to decide what she *wants* the doctor to know). > Etc. > > Medicine is neither the military nor a secret service, literally > (it's not mass media either, on the other end of the spectrum). > > Just a clinician's muttering ... > > Karsten > -- > GPG key ID E4071346 @ wwwkeys.pgp.net > E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346 > - > If you have any questions about using this list, > please send a message to d.lloyd at openehr.org - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
