Hi Gerard, Good list of requirements. My question concerns contact between Healthcare Practitioners and others which may include geographically remote locations and roving, e.g., in-hospital via wearable or hand-held units. This contact would extend beyond that of the Practitioner-Patient.
A good example would be Remote Surgery with requirements that amount to secure, continuous audio/visual connections. Another would be my clinic where they have migrated to computer systems within the exam room and at other points of contact. If a process, procedure, technology is already in use would it be integrated within the OpenEHR scope, requirements, goals and implementation? Judging from the difficulty getting something implemented it would seem that somewhere, sometime someone was able to justify the project and get it implemented. -Thomas Clark ----- Original Message ----- From: "Gerard Freriks" <[email protected]> To: "Bill Walton" <bill.walton at jstats.com>; <openehr-technical at openehr.org> Sent: Saturday, May 03, 2003 2:37 AM Subject: Re: openEHR security; Directed to Thomas Beale > On 2003-05-02 19:25, "Bill Walton" <bill.walton at jstats.com> wrote: > > > Hi Gerard, > > > > Gerard Freriks wrote: > > > > /snip/ > > > >> In other words: the OpenEHR can assume that the Access Control function > >> operates as if it is a fire wall that executes a set of rules > >> and that the > >> Audit trail is the log with violations (Exceptions) the fire wall had to > >> grant. > >> > >> The operation of the 'firewal' and audit trail are outside the scope of > > Open > >> EHR. > > > > While I support the concept of seperating the access control functionality > > from the storage / retrieval functionality, I'm afraid I have to disagree, > > with all due respect, to the segregation of the audit trail and to what I > > understand your definition of what needs to be contained in the audit trail. > > The notion that the audit trail only log exceptions will be a non-starter > > here in the U.S., I think. > >>>>> > > I understand your remarks. > But. > > The following information must be added to get a fuller picture of how I > envisage things: > > -0- The context for my remarks is the discourse, using human and computer > processable documents, between health professionals over time and space. My > context is not updating databases using messages. > -1- Electronic systems must provide at least the same quality in all aspects > when compared with paper based systems. The quality can be better but never > less. > -2- Of course persons entering the system are logged > -3- And only information is readily available to which one has rightful > access because one is working in the same department the patient is in. > All access to the information will not be logged in the audit trail. > (paper based systems don't record where the eyes hit the paper and ink) > I assume a high degree of social control in a department. > -4- Audit trails in the sense that is recorded why, what, when, from where, > by whom has used the exception path to reach information are needed when the > requestor is overruling the access controls. > -5- the preferred way of obtaining information must stay (as it always was) > direct contact between health professionals either orally or by writing. > > My fear is that because anything can be recorded and tracked or traced we > feel obliged to do so in the electronic domain. > Example: The Data Registrars Office in the Netherlands is of the opinion > that access to electronic medical records can be granted only by using two > ways authentication (password AND biometrics) The only justification is that > it is possible. But it is unaffordable and to complex to organise in the > healthcare domain) > > > > -- <private> -- > Gerard Freriks, arts > Huigsloterdijk 378 > 2158 LR Buitenkaag > The Netherlands > > +31 252 544896 > +31 654 792800 > > > - > If you have any questions about using this list, > please send a message to d.lloyd at openehr.org - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
