Now that OpenEMR has both a formal care plan model and patient related persons, I’d like to explore adding first-class support for giving a related person (e.g., caregiver, parent, spouse, legal proxy) access to the patient portal.
The idea is that a provider (or authorized staff) could, from within the chart, select an existing Related Person record (or create one), designate their role (caregiver, parent, guardian, etc.), and grant them portal access with clearly defined permissions. This would be stored in a structured way so it can be surfaced in the care plan, used in reporting, and aligned with FHIR/USCDI “RelatedPerson” / proxy access concepts.
Why this is useful
Supports real-world caregiving
Many patients rely on a spouse, adult child, or other caregiver to help manage appointments, messages, medications, and care plans. Proxy portal access lets those people actually participate in care without awkward workarounds.
Improves patient safety & coordination
Caregivers with appropriate access can see care plans, instructions, and medications directly, which reduces miscommunication, missed follow-ups, and duplicate phone calls.
Respects roles and boundaries
Tying portal access to the structured “Related Person” list lets us differentiate between patient vs. caregiver vs. legal guardian and potentially control what each can see or do (view-only, message-only, full access, etc.).
Aligns with standards & future-proofing
Modeling this through Related Person + care plan participation aligns with modern interoperability expectations (FHIR RelatedPerson / CareTeam / USCDI) and positions OpenEMR better for future regulatory and integration requirements.
I’m looking for feedback from the community on:
Typical proxy/guardian/caregiver use cases in your clinics
Minimum set of permissions that a related person should have by default
Any privacy / consent concerns or workflows we should account for
Instead of assigning username and password the plan is to use my one-time token feature where the time allowed access, features allowed and renewal is given.
Comments, objections, and real-world examples are very welcome before I start shaping an implementation proposal.
See what documents the pt has signed or needs signed.
Communications from dr/ care team? Unless we can make them an actual addressee for direct messaging
Haven’t looked at the care plan feature (another good future project!) but seems if a family member is formally involved in the care plan they need to see the plans they’re involved in.
Is this going to be tied into or refer to in some way the existing ‘sensitivity’ classification? I.e., is there a sensitivity level that a ‘related person’ would automatically be locked out of?
Just to begin the feature creep , the first thing I thought of reading the initial description above was to have some display of Related Person (‘RP’) statuses on the pt’s EMR record dashboard. That way when some random person comes to the Front Desk whoever is sitting there can use it to determine what/ if to tell them about the pt.
But we’re talking about PORTAL access here. So I wonder, what ID confirmation of the RP can be put in place? As it is, the pt can simply give their portal login to their Related Person who can then access EVERYthing.
But I suppose what an RP would need might be-
read/ write access to the parts of the care plan they’re involved in
ability to exchange messages with the care team (cc: the pt)
can upload docs to the care team and download items sent specifically to the RP
But if the RP has complete Power of Atty/ Guardianship of the pt, they’d need full and complete access to everything with their activities logged just as the pt’s are.
Typical proxy/guardian/caregiver use cases in your clinics
My use case is multi-disciplinary pediatric therapy clinics (Think multiple parents/caregivers/related persons bringing in multiple patients (siblings) who often each are scheduled for multiple different services with different providers with occasional groups and/or co-treats)
Minimum set of permissions that a related person should have by default
No minimum relevant to my use-case since the caregivers themselves would be the only ones using the portal typically
Any privacy / consent concerns or workflows we should account for
Main edge-case in my word here would be divorce situation but no immediate portal-related problems come to mind except for maybe just the ability for different related persons to have different perms set (one parent with full perms, the other with read-only for example)
THANKS A MILLION for all the work you’ve done for this feature, many other code-changes, and many forum contributions!
, the first thing I thought of reading the initial description above was to have some display of Related Person (‘RP’) statuses on the pt’s EMR record dashboard. That way when some random person comes to the Front Desk whoever is sitting there can use it to determine what/ if to tell them about the pt.