I need to update the patient data from demographics_full. But I received an error :
ERROR: insert failed: insert into patient_data set id=‘1’, title=…
I think the problem is that is already a patient with id = 1 (and id is an autoincrement field).
In the code there is the following comment:
// this was a ‘replace into’ statement but that would overwrite data
// seems like a HIPAA violation of some sort to me – JRM Apr 2008
$query = (“insert into patient_data set …”);
Questions:
1. - how can I update some patient data (e.g. street or something else)
2. - HIPAA is applied only to U.S.? If yes, what about the rest of the world who doesn’t use these regulations?
That comment and code change were mine. Sorry if it broke something. I’m trying to recreate the situation you’re encountering. I created a new patient OK. I edited that same patient and saved their data OK.
Truly my fault here. The quick fix is to change "insert" back to "replace".
I’ve changed the CVS codebase back to using the ‘replace into’ statement.
True, HIPAA does apply only to the USA. Being in the USA my comments are country-specific even though I try to see things globally as often as possible. Never the less, using a ‘replace into’ statement seems like a good way to accidentally overwrite existing patient data, thus my HIPAA comment.
If HIPAA doesn’t allow changing patient data after first input, maybe a different page where we just display the details could do the trick.
I’m not sure if such tight security measures can be applied here. What if the patient address changes? There must be a way to edit some details, I think.
Anyway, ‘replace’ is fine now. Thanks for your answer.
You might want to review the HIPAA Security rules.
To the best of my understanding HIPAA has to do with security and privacy. The ability for an authorized user to change patient demographics is not addressed by HIPAA.
Changing patient demographic information is a required capability. Keeping a historical log of all changes might not be a bad idea, but is a different matter.
I could see a couple of ways to handle keeping history if required - one would be to add versioning to any editable data and configure queries/procedures to return the most current record; I suspect that this would add significant complication and load.
Another approach might be to have Audit Notes, with details of changes noted as they happen. This could make it easier for different sites to have auditing at different levels or in different areas, and could even include access logging.
Any of this could be handled behind the scenes with stored procedures.
Just INSERT into the patient_data table instead of UPDATE, as cfapress intended to do. Then you have to change whatever function returns this data to select max(id) and only look at the most recent inserted data. Then you can worry later about if you want to make previous entries accessible.