Virtual Appliance(2.8.3) minor bug patch

bradymiller wrote on Saturday, October 13, 2007:

Please note, this is a bug in the Virtual Appliance, NOT OpenEMR.

This is a minor bug, but can be really annoying for providers. When entering in a new encounter, there is a ‘sensitivity’ setting which can be applied. ‘High’ setting means only physicians can read it, while ‘normal’ means nurses and PA’s can read it also. Default value is ‘normal’ in OpenEMR, however in my Appliance, I mistakenly set default to the ‘high’ value. So if a provider quickly clicks on encounter form without looking at all the options(likely a common occurrence), they will pick ‘high’ sensitivity. I’ve created a quick php script, which fixes the problem.

The instructions and script are available in ‘Appendix A’ of the User Manual at:
http://www.bradymd.com/appliance/manual3/

-brady

drbowen wrote on Thursday, October 18, 2007:

Dear Brady,

First, thanks for your contribution with the Virtual Machine.

In my view of medical practice which includes the flow of information through the office and the need for medical billing. 

In a strict interpretation of medical privacy, information is on a need to know only basis.  For any one office visit the persons "who need to know" about a specific encounter are the creator of the encounter (presumably a physician or mid-level provider),  the nurse or medical assistant who took the chief complaint and vital signs, and the billing staff responsible for getting paid for the specific visit.

Medical privacy means not even other physicians are allowed access to this information unless there is a "need to know".  This usually falls to a physician on call or covering for the creator of the visit.  In the case a physician assistant this would include the supervising physician.

There are a huge number of requests from third parties for copies of specific visits.  These amount to small individual audits of whether or not certain office visits are reimbursable.  This requires the clerical staff to be able to view most of the office visits for normal billing to take place.

Most of the medical practices using OpenEMR are small.  Permissions for small offices are quite different from the requirements for large offices and multispecialty clinics.  While technically it may true that a receptionist who only does appointments does not need to see the encounters.  It takes a pretty large clinic to have a dedicated receptionist. 

The current privacy model being used by OpenEMR uses relatively large classes of employees in the practice where if an employee belongs to a particular group then that employee is allowed access to all of the groups information.

The intent of the current privacy laws (in the US this means HIPPA) actually requires a much more granular control over the information.  In an ideal world, the program should check to see who made the appointment, who did the vital signs, and who created the visit.  The program would then allow only access to these three people.  No one else would be allowed access unless they show a "need to know."

This interpretation of medical privacy is likely not very practical.  However, the current definitions of "normal" privacy and "high" privacy will unnecessarily restrict normal business and cross cover arrangements, especially for small offices that make up the majority of OpenEMR users.  I believe that for the majority of OpenEMR users the default view should be the "low" security setting. 

In my practice privacy falls into two types: 

1) Everybody in the practice has access.  We depend on basic honesty and training of the staff not to release information to inappropriate parties.  Gossiping about patients and ideal discussion are specifically prohibited and rigidly enforced.  This of course works better in small offices and tends to break down in large organizations.

2) only the practitioner who creates the visit has access.   This is usually for some type of intensely personal, and/or emotionally volatile information.  The patient most commonly going to great lengths to conceal information from spouses or employers because of embarrassing or potentially damaging information.

I think the security/privacy level should something than can be set by the practitioner to:

Normal - which allows access to just about everybody in the office including billing access, practitioner access, and medical assistant access.  This would correspond to what is currently the "Low" setting.  In most small offices the receptionist is part of the billing staff.

Medium - only the creating practitioner, medical assistant and group of practitioners who cross cover and are directly responsible for the visit can access.

High - for the eyes of the creating practitioner only.

In my opinion, the privacy settings should set on a per visit basis instead of a per group basis.

Sincerely,

Sam Bowen, MD

bradymiller wrote on Thursday, October 18, 2007:

hey,

Just to clarify, this bug fix is specific to only the OpenEMR Appliance, and is to ensure the ‘normal’ sensitivity is selected by default when making a new encounter (By the way, this has also been the “out of the box” default OpenEMR behavior after installing php-GACL).

At this point, the php-GACL encounter ‘sensitivity’ options(ACO’s) are ‘high’ and ‘normal’, and there is also an option for ‘none’(this is not an ACO). The ‘administrators’ and ‘physicians’ can see ‘high’, the ‘clinicians’(PA and nurses) can see ‘normal’, and the ‘receptionist’ and ‘accountants’ don’t have access to ‘high’ or ‘normal’(so I’m guessing they can only see ‘none’).

I’d consider things such as HIV test results and office/hospital employee medical records as ‘high’, which should be viewable by only physicians. Never seen an option in any of the larger clinic or hospital emr’s I’ve used to make a note for the author’s eyes only. What would be the paper chart analogy to that?(maybe making another chart, and hiding it somewhere?) However, I got no experience in a solo practice, which I agree is the main use of OpenEMR. If you want ‘none’ to be the default in encounter, I think that could be done by simply moving one line of code in the /openemr/interface/forms/newpatient/new.php file.

Not sure how to accomplish your ‘high’ author-only access with phpgacl. Only way I can think of is a bit tedious and consist of making your own sensitivity ACO object and group(make the parent group ‘physicians’) with ACL.

Check out link below on recent phpGACL updates. Goal right now is to ensure all "out-of-box" implementations are standardized and integrating administration of php-GACL from within OpenEMR:
https://sourceforge.net/forum/forum.php?thread_id=1844870&forum_id=202506

-brady

drbowen wrote on Thursday, October 18, 2007:

In my before OpenEMR world, I had a separate password protected folder that only I knew the location.  So I guess if I die, these secrets die with me.

I don’t see office staff or employees.  There is no way I can remain objective and do my job correctly as both employer and physician.

Hospital employees are treated with the same dignity and privacy as all of my patients.

In a small office receptionist = billing clerk = book keeper.

I don’t use the current out of the box phpGACL ACOs because they don’t work in a small office.  I substantially modified the default phpGACL ACOs to get this to work.

Moving one line of code is far beyond the skill of the average OpenEMR user.

I think phpGACL is great for the overall big picture security.  By its nature it controls groups of users.  But I think the OpenEMR code would need to be modified to provide the per visit, granular control that I am discussing.  In fact I think this is a property that should be available with each form.  A simple flag that allows access to the creator of the form would seem to suffice.  The database administrator would also be allowed access in the event the creator of the form was no longer available.

Sam Bowen, MD