Patient level access/audit trail

classic Classic list List threaded Threaded
4 messages Options
Ali-IRD Ali-IRD
Reply | Threaded
Open this post in threaded view
|

Patient level access/audit trail

Hello all,

Is it possible to have patient level access permissions (so that if I work say, in province X, I can't view patients from province Y). Alternately, is there some way to track who has viewed a given patient record?

This is coming from a potential project where the users have concerns about the ethics of patient access. At the minimum, they want to be able to see who has viewed a patient record. Does anyone have ideas about whether this is currently possible in OpenMRS? Or how best to go about coding this in? We're not currently tied to a particular version of OpenMRS.

Thanks!
Ali
--
Ali Habib
Director, Informatics
Interactive Research and Development


[hidden email] from OpenMRS Developers' mailing list
Burke Mamlin Burke Mamlin
Reply | Threaded
Open this post in threaded view
|

Re: Patient level access/audit trail

OpenMRS doesn't (yet) have data-level permissions, including patient-specific permissions.  The restrict-by-role module is an attempt to restrict patient access by role.  Adding this robustly to the platform will likely require some significant changes in the API, like adding an institution attribute to each data table and the API's Context.

We should be logging patient access; however, I don't know that it's being done in a manner that would make it easy to look up who has viewed a patient's information.  This would be a great addition to the platform.

-Burke

On Sat, May 12, 2012 at 12:19 PM, Ali Habib <[hidden email]> wrote:
Hello all,

Is it possible to have patient level access permissions (so that if I work say, in province X, I can't view patients from province Y). Alternately, is there some way to track who has viewed a given patient record?

This is coming from a potential project where the users have concerns about the ethics of patient access. At the minimum, they want to be able to see who has viewed a patient record. Does anyone have ideas about whether this is currently possible in OpenMRS? Or how best to go about coding this in? We're not currently tied to a particular version of OpenMRS.

Thanks!
Ali
--
Ali Habib
Director, Informatics
Interactive Research and Development
Ph: <a href="tel:%2B92-21-34327697" value="+922134327697" target="_blank">+92-21-34327697
[hidden email]
http://www.irdresearch.org


[hidden email] from OpenMRS Developers' mailing list


[hidden email] from OpenMRS Developers' mailing list
Dave Thomas Dave Thomas
Reply | Threaded
Open this post in threaded view
|

Re: Patient level access/audit trail

Hi.  The usage statistics module gives you some of this stuff - I can't remember how it works exactly offhand, but at very least, it explicitly records all patient lookups for all users.  And there are some built in reports that let you monitor this.

D

On May 13, 2012 1:41 PM, "Burke Mamlin" <[hidden email]> wrote:
OpenMRS doesn't (yet) have data-level permissions, including patient-specific permissions.  The restrict-by-role module is an attempt to restrict patient access by role.  Adding this robustly to the platform will likely require some significant changes in the API, like adding an institution attribute to each data table and the API's Context.

We should be logging patient access; however, I don't know that it's being done in a manner that would make it easy to look up who has viewed a patient's information.  This would be a great addition to the platform.

-Burke

On Sat, May 12, 2012 at 12:19 PM, Ali Habib <[hidden email]> wrote:
Hello all,

Is it possible to have patient level access permissions (so that if I work say, in province X, I can't view patients from province Y). Alternately, is there some way to track who has viewed a given patient record?

This is coming from a potential project where the users have concerns about the ethics of patient access. At the minimum, they want to be able to see who has viewed a patient record. Does anyone have ideas about whether this is currently possible in OpenMRS? Or how best to go about coding this in? We're not currently tied to a particular version of OpenMRS.

Thanks!
Ali
--
Ali Habib
Director, Informatics
Interactive Research and Development
Ph: <a href="tel:%2B92-21-34327697" value="+922134327697" target="_blank">+92-21-34327697
[hidden email]
http://www.irdresearch.org


[hidden email] from OpenMRS Developers' mailing list


[hidden email] from OpenMRS Developers' mailing list

[hidden email] from OpenMRS Developers' mailing list
Darius Jazayeri-3 Darius Jazayeri-3
Reply | Threaded
Open this post in threaded view
|

Re: Patient level access/audit trail

Hi Ali,

See the recent email thread started by Daniel asking for suggestions and opinions on the work we'll do during our upcoming sprint on Roles and Privileges. (And my reply asking if anyone is interested in us spending time modernizing the restrict by role module Burke mentioned.)

-Darius

On Sun, May 13, 2012 at 2:11 PM, Dave Thomas <[hidden email]> wrote:

Hi.  The usage statistics module gives you some of this stuff - I can't remember how it works exactly offhand, but at very least, it explicitly records all patient lookups for all users.  And there are some built in reports that let you monitor this.

D

On May 13, 2012 1:41 PM, "Burke Mamlin" <[hidden email]> wrote:
OpenMRS doesn't (yet) have data-level permissions, including patient-specific permissions.  The restrict-by-role module is an attempt to restrict patient access by role.  Adding this robustly to the platform will likely require some significant changes in the API, like adding an institution attribute to each data table and the API's Context.

We should be logging patient access; however, I don't know that it's being done in a manner that would make it easy to look up who has viewed a patient's information.  This would be a great addition to the platform.

-Burke

On Sat, May 12, 2012 at 12:19 PM, Ali Habib <[hidden email]> wrote:
Hello all,

Is it possible to have patient level access permissions (so that if I work say, in province X, I can't view patients from province Y). Alternately, is there some way to track who has viewed a given patient record?

This is coming from a potential project where the users have concerns about the ethics of patient access. At the minimum, they want to be able to see who has viewed a patient record. Does anyone have ideas about whether this is currently possible in OpenMRS? Or how best to go about coding this in? We're not currently tied to a particular version of OpenMRS.

Thanks!
Ali
--
Ali Habib
Director, Informatics
Interactive Research and Development
Ph: <a href="tel:%2B92-21-34327697" value="+922134327697" target="_blank">+92-21-34327697
[hidden email]
http://www.irdresearch.org


[hidden email] from OpenMRS Developers' mailing list


[hidden email] from OpenMRS Developers' mailing list

[hidden email] from OpenMRS Developers' mailing list


[hidden email] from OpenMRS Developers' mailing list