Some of the NSPF policies like “Individual Access” and “Correction” comes under the Meaningful Use health policy "Engage Patients and Families. “Data integrity” is already taken care of as part of a HIPAA feature.
Features like “ATNA” and “HIPAA de-identification” are considered on the basis of the standards mentioned in () and of course by checking with the CCHIT requirements.
While performing the changes, we make sure to comply with the 2011 ARRA Preliminary requirements of CCHIT (that tests the Meaningful Use Objectives)
Currently we are focusing on enhancing OpenEMR for the Meaningful Use Objectives. Once this is accomplished, i’m sure we can concentrate on fixing the existing security holes in OpenEMR.
Very helpful; would be useful to provide an online link to your sourced docs on your wiki page: I think these are the docs your sourcing for HIPAAA: . Would also be nice to have link to NSPF docs on there.
I noted you just posted using the methods in sql.inc file. Please note not all of the sql calls in OpenEMR go through the actual functions. Some of them bypass and instead use the handle created in sql.inc ($GLOBALS or $GLOBALS)and use ADODB commands on that. Also related to your plan in auditing.
One quick question… Do we have any specific reasons of why we are centralising the DB calls in two ways (one through sql.inc and another through adodb)?
The mixed use of adodb dates back before any of us got involved with OpenEMR. I imagine it’s partly because it’s used by the PostNuke code that was incorporated.
If you analyze sql.inc, can we deduce that everything in fact goes through ADODB indirectly, since it’s all going through a connection created via ADODB? Perhaps if you go further upstream to the ADODB code you’ll get everything. Also, in postnuke and php-gacl there is a single place where all the sql calls go through (via their own ADODB libraries). So could possibly get everything in three places.
If I’m wrong with above ADODB deduction in OpenEMR, then could fix the code that bypasses to handles in sql.inc in a code walk through (sounds like your gonna do a code walk through for concurrency anyways).