Versions Compared

Old Version 10

changes.mady.by.user aahil

Saved on

compared with

New Version Current

changes.mady.by.user chrissycodes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

Note

This page is outdated and longer receives updates!

This page is devoted to discussion and design related to security and access control.  It arises from a Developers Forum meeting held June 20, 2013, and includes all the material from the notes of that meeting.  During the meeting, we tried to catalog inadequacies of and alternatives to our current access control system as the first step in a process of deciding whether and at what priority we might want to upgrade our current access control system.  We welcome peoples' experiences and ideas either in writing or in person.

USE CASES, PROBLEMS AND REQUIREMENTS

  1. What standards are we trying to meet? 

    In USthe U.S., HIPAA and the states make the rules; Europe has privacy standards. 

  2. What about the countries we are working in?  Are there minimal good practices that we should try to propagate?  UNAIDS/PEPFAR have issued security and privacy guidance.  US In the U.S., the FDA has special requirements for drug trials; as I understand them, they deal more with auditing than with privacy.  See Resources below.

  3. We would like to have the ability to limit access to patient and encounter data by location.  This handles two use cases: (a) a multi-facility installation, either internet connected or synchronized; and (b) a location within a facility with special privacy requirements, typically a psychiatric ward or an STD clinic.  We should discuss whether a treating physician (or others) without special privileges should be able to access these records.

  4. We would like to have the ability to limit access to patient and encounter data by role.  Registration clerks and administrators should not have routine access to patient health data. 

  5. Do we need to limit access any further?  E.g., should community health workers doing programmatic outreach have access to observations/encounters not related to the program?

  6. We would like to have the ability to limit access to providers who have a relationship with the patient. 

    See the British Medical Association principles in the Powerpoint presentation by Dominic Duggan below.

  7. Aggregate reports should always give the same results, regardless of who runs them.  This probably requires us to distinguish between reads for the purpose of aggregating and reads for the purpose displaying detail; we might be able to have reporting tasks run as a different, trusted user. 8. Should a registration clerk be able print out a flow sheet?

WHAT DO WE HAVE NOW AND WHAT HAVE WE TRIED

...

RESOURCES

Information on HIPAA

UNAIDS/PEPFAR Confidentiality and Security Guidelines

...