Has anyone got any experience with the effect of providing users a periodic summary of their activities on an EHR system? We are looking at a couple of different options.
1) A periodic report to our user's inbox outlining their use of the system. This has an added benefit of giving the user a concrete sense of the benefits they receive from the system as well as confirming that their actions are, indeed, being monitored. 2) A mechanism on the patient record itself that displays a list of all users that have accessed the record (with date and time). This will probably be made available to the patient at some point, so they will actually provide a critical part of the checks and balances in the system. Any other thoughts on this? Best Regards, Ken Thompson -----Original Message----- From: Nathan Lea To: Thomas Beale Cc: Openehr-Technical Sent: 3/9/2004 4:46 AM Subject: Re: Data Security was: Basic EHR functionality On 9 Mar 2004, at 06:51, Thomas Beale wrote: >A well known study in Harvard medical school (I think) showed that >putting the message "Do not inappropriately access patient data - all >your accesses are being logged" on clinician screens a few times a day >resulted in a drop to near 0 of inappropriate access. No other >technology was used > > Indeed - but the (perhaps) disingenuous claim which is flashed across clinicians' screens will only work for a finite period before people stop believing it and revert to their old habits. Security is a process, and it requires constant amendment and updating. If someone wants to "attack" a system (in this case by inappropriately accessing records), they will. To use a phrase which is undoubtedly well known to everyone, "there is no silver bullet" - especially where security is concerned... A good book to look at on the subject of insecure data is The Art of Deception by Kevin Mitnik. Never say die. Best, Nathan - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
