Access Control for Certain Types of Patients

mike-h30 wrote on Tuesday, January 11, 2011:

We are a pain management clinic that will begin a Suboxone treatment program this month to treat patients for opioid addiction.  These patients need to remain anonymous to the office staff.  The only person that will know who these patients are will be the the physician, myself, and one other person.  They will not be scheduled by our regular receptionist but will need to have a chart in OpenEMR.  I am trying to think of the best way to limit the exposure of these addiction patient’s charts.  Some of the ideas I have come up with are as follows:

1.  Making a hidden field for patient type (i.e. Addiction) that is only visible to certain individuals.
2.  Tracking these patients via a special form (i.e. Suboxone form) that will be used only for addiction patient’s visits.
3.  Making an access control for a type of patient that will only allow individuals with the correct ACL to view the chart in OpenEMR.
4.  Have a second OpenEMR database for addiction patients ( Not sure I really want to maintain two databases).

How have others implemented a solution for this scenario?  Thanks.

-Mike

sunsetsystems wrote on Tuesday, January 11, 2011:

There’s a “sensitivity” attribute geared towards this need.  However it’s set at the encounter level, not the patient level.  Sensitivities are Access Control Objects and defaults are High and Normal… so for example if you set an encounter to High sensitivity, then only those users with permissions for High can access it (this feature is not well tested and might have some omissions).  It would be reasonable to add logic that supports this also at the patient level.

Rod
www.sunsetsystems.com

mike-h30 wrote on Tuesday, January 11, 2011:

Thanks Rod!  I will test this out on my development VM.