Couple of Functionality Related Questions

Security
#1

Hello there,

I am reviewing OpenEMR and cannot find answers to couple of questions (True / false):

  1. Audit Trail logging cannot be disabled by user?
  2. There’s no PHI information stored on end-user devices (eg. in session data)?
  3. There’s log integrity in place and any alternation is easily detected

Many thanks!

#2

Hi @igorjovanovic,

  1. False, admin user can disable in Admin->Globals->Logging
  2. True, pretty sure session data is stored on the server only but PHI could be downloaded in the form of a printable report etc. (edited)
  3. True, Admin->System->Logs->Validate
#3

Many thanks for your answers, Stephen…

My concern is that there’s a way, eg. using symmetrical encryption, to protect all PHI, no matter who’s using the end-device - meaning that even though there’s a local copy of session data, it cannot be read in plain-text by third party.