Patient Information Access
From OpenEMR Project Wiki
Patient Individual Access and Correction
Sam Bowen: This is a discussion that I had previously with Sena Palanasami of Visolve a few weeks ago. HIPAA requires that patients can review and correct ask that errors in the health record be fixed. We have discussed making a "patient" level ACL so that individual patient can access their personal records to review for errors. This will require providing secure ssl login and at least two and better three levels of identification to prove patient identity to access their private data.
This access should be logged in the way that all release of private information is logged. In a perfect world only the patient will be able to this. Unfortunately this will not be the case. Patients will share their private passwords with other family members. Other family members may access the data inappropriately. It will be necessary to log access to this data like all the rest.
Requests, to modify the record will need to have the reason of the request logged. It will be necessary to keep the old versions of the encounters since some of these requests for modification will be intentional for secondary gain on the part of the patient.