Do you use or administer OpenEMR? Take the General Satisfaction Survey to help improve the product

ACL for Patients, Appointment Flowboard

I have a requirement that the ‘physicians’ (actually speech-language pathologists) only see the patients that they are the provider for in the system. I know it is a big big project, but my wife needs it for her business. Each provider is a contractor, and really should only have read access to their patient demographics and see only their own patients on the calendar and flowboard. I started by looking at restricting the flowboard and calendar by customizing the code, but my research makes me think there should be a more universal solution.

Here are others asking about similar functionality:

https://sourceforge.net/p/openemr/discussion/202505/thread/bc25f527/


I think I can work the coding out, but I need some guidance and discussion on how to design the solution. I know this involves introducing new ACL categories and implementing checks where the data is accessed, but the design of those categories and underlying permissions is what I need help with, and need input from the development community.

There is an ACL category for Authorize My Encounters (auth) and Authorize Any Encounters (auth_a) that is indicated as unused on https://www.open-emr.org/wiki/index.php/Access_Controls_Listing#Encounter_Information_.28encounters.29

I think that following that convention would be good, but I don’t want to rewrite how the existing ACL categories are used across the entire system. Adding additional ones would seem to have a smaller chance of introducing errors.

I am thinking of something that is like this:
For listboxes and patient list:
Patients…View All
Patients…View Mine

Patients…Appointments
wsome_only_mine
write_only_mine

Patients…View Appointments (this would control in calendar and flowboard)
mine
all

Patients…Demographics
add_only_mine
write_only_mine
ANY_only_mine
as potiental return values

Does anyone have any ideas on how to structure this? What would some alternative ways to do this that would still maintain compatibility with the ACL and other features of the system?

Thanks,
Derek

2 Likes

In some clinics every doctor can see every patient, which is good for emergencies. But in other places privacy is very important, and they prefer a compartments system.
I made a Compartment Module that restricts doctors to see only their patients. I made a PowerPoint presentation explaining its use. Ask me about it.

Hi Sergio,
I am interested in your solution. Why don’t you just post the PPT here?
Raimund