> 1) Patients will always have a right to see who has > accessed their file. > That means that the R:Base/R:Tango application > should keep a log of > every time a user views confidential information. > (right before the EDIT > USING or BROWSE command, e.g., have an INSERT > command into > the log table.) And there should be a way to report > all access of a > given individual's records.
This seems like an enormous amount of work to retrofit into existing systems, and even more work to make sure that _every_ time someone accesses data a record is made. Also, you can't allow anyone to have access to the R> prompt since BROWSE, etc commands could be issued that would result in data being shown. What would really work well is a SELECT trigger, so that everytime a row was accessed you could fire some code. You would need some way to find out what columns are in the output set, because some SELECTs would be "innocent" but some would need to be logged (for instance, a group by ZipCode with no identifying information would not need to be logged, a group by PatientID would be). All you'd need to do is implement a set of robust SELECT triggers for those tables containing identifying information. I don't know of any database that actually implement SELECT triggers (although the concept sounds vaguely familiar, so maybe someone does have it) but any database that did would be particularly well suited to HIPAA-subject applications. > I'm also planning to nag RBTI a little on a > long-standing request for a > new R:Base command: > > UNLOAD DATA FOR tableView AS FORMATTED USING column > x y, > column2 x y, etc. > > It would be the outgoing counterpart to the existing > LOAD ... AS > FORMATTED command. Although it would be nicely symetrical to have an UNLOAD matching the LOAD, am I mistaken in thinking you can do this in a single command already by concatenating a bunch of LJS(CTXT(ColName)) expressions in a SELECT statement? -- Larry __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
