Nobody gets admin/delete permissions, that “Delete” button, is just too much of a temptation. People are drawn to it like moths to flame. Typically 1 or 2 management type people in an office should have dedicated separate admin privilege accounts, anyone needs something deleted, it goes through them first, and those (hopefully) responsible people understand the consequences of nuking data that should not be nuked. If the button is there, someone will click it, it is inevitable. I could fill pages with Deletion horror stories…
Why not delete the Delete patient button? It is for some USERS inactivated, since it is only the very angry client that wants to have removed all medical information and also the Demographics.
Remark: the clinician and doctors (also nurses and more USERS (with lower permissions than ADMINISTRATOR) have no permission to delete a client.
With this remark: In most Demo openEMR’s you LOGIN as Administrator and as such have the permission and can accidentally delete a client. If LOGIN as clinician or physician there is nothing available to delete a client.
Also the fine-tuning in phpGACL give the option of all USERS to allow or deny certain actions. If I find some free time I will dedicate some time toward fine-tuning USERS in the GACL section of OpenEMR.
Unfortunately administrators have deleted the Demographics section, not the front desk. Hiding the various Delete buttons would be a good start. Making the potential deleters jump through multiple hoops would be another.
Pimm, please commence. The Delete button is necessary because it’s like taking out the garbage. Imagine how it would be in the Blankevoort home if no one got rid of the trash. We just want the ability not to throw out the family jewels.
A recycle bin/trash can paradigm which can be easily reversed might be feasible. Then if one has remorse about a deletion, a patient record can be retrieved before it ends up in the landfill.
Now suppose my wife is the Administrator with her own Login and Password. If I know her Login and Password I also can Login as etc…
Now for the physician. He/She makes the money and can not delete. Because the Administrator decided so and immediately changed the password so the Physician can only delete IF and only IF the Administrator agrees.
Now for my house and office: I started with enough square/cubic meters. I did not buy more square meters, since it is not available. My first Harddisk of 240 Mbyte is now more than several Giga bytes… and has enough free space to hold all my other Harddisks of the past. So is there a need to delete? No! Is there a need to clean up after the Administrator tells me to do so, since there is a very angry client… it can be done.
YES, I like the Trash-bin idea of Kevin. (Just to keep it short)