gnumed-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] chart accesses

From: James Busser
Subject: Re: [Gnumed-devel] chart accesses
Date: Mon, 14 Jan 2008 22:39:04 -0800 
On 14-Jan-08, at 2:35 PM, Karsten Hilbert wrote:


On Sun, Jan 13, 2008 at 03:48:53PM -0800, James Busser wrote:
Is the encounter created when a patient is selected for example from the 
search box?

Whenever the clinical record class is instantiated.
When a front desk staff searches and selects a patient, even though the involvement of the front desk staff in the clinical record might be minimal, does the clinical record class get instantiated?
There is a use case that is not edge, but may in fact be core for some 
groups, to be able to audit the accesses of a chart.

This is impossible by technical means short of videotaping
physical access points....
It is only possible to give some indication as to under
which system account a chart was accessed. It is not
possible to say "who" as in flesh-and-bone. Read-access logs
are more feel-good than really helpful. And they tend to
become gargantuan in size.
I agree that the backend cannot "magically" know or should it want to record all accesses, for example there may be automated queries or other processes that may "call" the data. The middleware or clients could be programmed to cause the read-access logs to get recorded. I suppose that their size could be limited by limiting to patients designated with some kind of high-sensitivity status and kept for the minimum time.
If a patient with high-sensitivity status wished to be known within the practice only by a pseudonym except that their doctor would know the patient's real name, is it possible for this real name to exist among the identities, but to be excluded from the searches and from display in searches, except to persons in the surgery/clinic/practice with special permissions (even for that patient). Maybe this is a GNUmed 2.x functionality.
In the meantime, if the "true identity" information is to remain protected, must it be kept out of the identities list and, if so, where would the real name best be stored... maybe as a health issue "Identity protection"?
Last question for now about protecting information within the practice: there are situations where by convenience --- or by necessity where options are limited --- workers within a surgery/ praxis get their care from one of the doctors within the group, some insulation (protection) against others accessing their record is desired, especially if they had anything sensitive relating to mental health or sexuality / pregnancy. So that even if their name existed "in the clear" among patients in the praxis, they would desire some kind of "protection" against anyone other than their designated doctor to be able to access their record. Can we easily enough manage something for this in GNUmed? I have been very involved in privacy discussions and this is something that many (most) GPs would agree is important in an EMR.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]