Bert, " GP sends the patient to the hospital"
What do you mean: Is he referred to a specialist? Then implicitly, at least in the Netherlands, both the GP and specialist have access rights. Is he referred to a lab-service in the hospital? Then the same reasoning can be applied. Always the patient has the rights to limit the access rights of others, including him self and the GP. The whole business of co-operating physicians is dealth with in a coming European Standard: "System of Concepts for Continuity of Care", ContSys) In the whole chain of events: Identification, Authentication, Authorisation, Access Control and Logging. What you describe is, are problems at the level of Access Control where the Patient mandate is executed against the rights granted in the authorization phase. Gerard -- <private> -- Gerard Freriks, arts Huigsloterdijk 378 2158 LR Buitenkaag The Netherlands T: +31 252 544896 M: +31 654 792800 On 14-apr-2006, at 13:12, Bert Verhees wrote: > A GP a few days ago was thinking of the following situation > > A patient goes to the GP, the GP sends the patient to the hospital, > in the hospital there are some tests. > The results of these tests can arrive in the openehr system, > possiblities > - the GP may not be allowed to see the results of these tests, > because the specialist thinks the GP is not qualified to judge the > outcome > - the GP may not be allowed to see the results of these tests > because the patient does not want him to see them > - the GP is allowed to see the results because the specialist and > the patient allow him to see the result. > > As I understand, in this case, the committer of the composition is > the specialist > ------------------ > As I understand this, a authorization application keeping track of > authorizations and group-definitions is needed to support the > openehr-using application. > Are there any thoughts about this? > Can I read some more about this, anybody know where > > And also other thoughts about authorization by other ways are welcome. > > I was thinking of authorizations on the use of archetypes. > In the above example, the specialist could have used a specially > prepared archetype to post the test-results in case he did not want > the GP to see the results, and another archetype if he grants the > GP to see the results, then there would be only one extra > authorization necessary, the patient must allow the GP to use all > the archetypes, he as a GP is entitled to use. > > But maybe, very well possible, I am overlooking a lot, so > > Please help me thinkig about this > > Thanks > > Bert Verhees -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openehr.org/mailman/private/openehr-technical_lists.openehr.org/attachments/20060414/d9b33ac6/attachment.html>
