Can fields show as ***** when not in edit?

dgold123 wrote on Thursday, May 05, 2011:

It might just be me, but I don’t like having everybody see sensitive info like License # or SS or …

Is it possible to change a setting or … , so that some fields only show in read mode as **** (like password fields do in most apps)? 

For example, in read mode, I would like SS # to show like - ***-**-1234 or even ***-**-**** .

Thanks!

aethelwulffe wrote on Thursday, May 05, 2011:

The ACL (access control list) is not set up to easily restrict individual elements in (given example) demographics fields.  You would have to make a new ARO (access control object) and give it a name like “license”.  Then in the code that echos (prints) the value, the code has to make an “if” statement that asks with the function if(acl_check(‘admin’, ‘license’){echo($dl_number)}; else{echo("***-**_****")};  I am not sure where the function acl_check() is typically called for allowing you to navigate to certain sections or view certain data in the EMR.  Typically, the ACL in OpenEMR is just used in broad strokes (“you can’t see this page at all”) instead of in detail (“You can see the page, but just not this value out of the database”).  It is not set up in a very comprehensive way, because detailed control takes quite a bit of coding. 
  There is a problem with this item specifically, meaning ssn and license.  The code that prints the demographics basically checks to see if you have access to demographics, then displays everything in the database table.  For subscriber ssn, it is different.  There is specific code that says “print subscriber ssn”.  You could do the acl check before that statement, but everything in patient demographics is kinda optional.  I myself took license and ssn out of demographics, because there is little reason to have that data!  In fact, some patients refuse to allow you to have their drivers licenses to scan or take data from, and in many circumstances, they are completely correct.  Subscriber ss may be a required field for some insurance companies, but medicaid and the like don’t use it.  I am not sure if it is even included in an 837.  If we need an ssn, we use a “mock” version.
  Really, you might consider just not tracking that data, and deleting the database fields that contain it.

dgold123 wrote on Tuesday, May 10, 2011:

Thanks.  For now I just if on $field_id in display_layout_tabs_data for drivers_license, ss, and DOB and print **s.