Difference between revisions of "Patient Privacy Module"
Harley Tuck (talk | contribs) (initial page post) |
Harley Tuck (talk | contribs) m (final tweakage) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
= Introduction = | = Introduction = | ||
'''''>> all the content's here, am just tweaking the layout. <<''''' | |||
This Patient Privacy module controls which patient records are accessible to which staff users. | This Patient Privacy module controls which patient records are accessible to which staff users. | ||
| Line 51: | Line 52: | ||
:4. 'Install' button changes to 'Enable'; click it. | :4. 'Install' button changes to 'Enable'; click it. | ||
[[Image:PtPrivWiki03.png|top]] | [[Image:PtPrivWiki03.png|top]] | ||
| Line 65: | Line 60: | ||
:* The button changes to 'Disable', which indicates the module is enabled. | :* The button changes to 'Disable', which indicates the module is enabled. | ||
| Line 88: | Line 82: | ||
:4. From the list of ACL roles | :4. From the list of ACL roles | ||
And the user may be attached in one of two relationships: | And the user may be attached in one of two relationships: | ||
:1. Direct access | :1. Direct access | ||
| Line 96: | Line 87: | ||
These will be illustrated below. | These will be illustrated below. | ||
On the main menu click 'Administration' then the new menu item, 'Patient Privacy' | On the main menu click 'Administration' then the new menu item, 'Patient Privacy' | ||
[[Image:PtPrivWiki05.png]] | |||
| Line 134: | Line 108: | ||
:* The Provider Access panel appears showing default tab: Direct Access | :* The Provider Access panel appears showing default tab: Direct Access | ||
[[Image:PtPrivWiki07.png|right]] | |||
| Line 175: | Line 151: | ||
::OR -- instead of Direct Access click tab: Access via Supervisor | |||
::OR -- click tab: Access via Supervisor | |||
[[Image:PtPrivWiki08.png]] | [[Image:PtPrivWiki08.png]] | ||
| Line 208: | Line 167: | ||
The Supervisor dropdown list has '''''the complete list''''' of users. | The Supervisor dropdown list has '''''the complete list''''' of users. | ||
| Line 217: | Line 175: | ||
'''''See final 'Caution!' section of this document for details''''' | '''''See final 'Caution!' section of this document for details''''' | ||
| Line 228: | Line 184: | ||
[[Image:PtPrivWiki09.png|right|top]] | [[Image:PtPrivWiki09.png|right|top]] | ||
:* This shows that Dr Apgar has 'Direct Access' to Hornsby's record as Provider. | :* This shows that Dr Apgar has 'Direct Access' to Hornsby's record as Provider. | ||
:* However, oreilley is Apgar's supervisor over this patient, so he can see Hornsby, in addition to any patients oreilley may be attached to himself. | :* However, oreilley is Apgar's supervisor over this patient, so he can see Hornsby, in addition to any patients oreilley may be attached to himself. | ||
:* And norman dogsbody is also Apgar's supervisor in regards to Hornsby's treatment, so HE can see Hornsby, too, along with his own. | :* And norman dogsbody is also Apgar's supervisor in regards to Hornsby's treatment, so HE can see Hornsby, too, along with his own. | ||
| Line 280: | Line 221: | ||
:1. Select a user from the list. | :1. Select a user from the list. | ||
| Line 326: | Line 252: | ||
:2. Click 'Attach Patient' (oval above) | :2. Click 'Attach Patient' (oval above) | ||
:3. Enter partial patient name and select when full name appears ( | :3. Enter partial patient name and select when full name appears (sorry, this is a confusingly unusual demo patient name...). | ||
| Line 334: | Line 260: | ||
::* Panel now displays the attached provider's list of patients (below) | ::* Panel now displays the attached provider's list of patients (below) | ||
[[Image:PtPrivWiki14.png|top]] | |||
:5. Click 'Attach Patient' again to add another patient. | |||
== From the User tab == | |||
[[Image:PtPrivWiki15.png|right|top]] | [[Image:PtPrivWiki15.png|right|top]] | ||
| Line 406: | Line 332: | ||
:'''''Bug alert - attaching a user as supervisor of another user in one role will attach them in all roles of the other user''''' | :'''''Bug alert - attaching a user as supervisor of another user in one role will attach them in all roles of the other user''''' | ||
:Note: A staff who is not allowed to view patient records can still select them for such tasks as do not expose PII. For e.g., they can create an appointment for a patient on the calendar. But if they try to open the patient's record, they get a 'Demographics not authorized' message. | :Note: A staff who is not allowed to view patient records can still select them for such tasks as do not expose PII. For e.g., they can create an appointment for a patient on the calendar. But if they try to open the patient's record, they get a 'Demographics not authorized' message. | ||
[[Image:PtPrivWiki17.png|top]] | [[Image:PtPrivWiki17.png|top]] | ||
| Line 460: | Line 353: | ||
::'''''Note: by default, the Administrator ACL role sees all patients no matter what Patient Privacy settings a patient has.''''' | ::'''''Note: by default, the Administrator ACL role sees all patients no matter what Patient Privacy settings a patient has.''''' | ||
| Line 468: | Line 359: | ||
[[Image:PtPrivWiki18.png]] | [[Image:PtPrivWiki18.png]] | ||
| Line 475: | Line 365: | ||
Click 'Save' | Click 'Save' | ||
| Line 518: | Line 372: | ||
That allows him to see all patients. | That allows him to see all patients. | ||
| Line 549: | Line 378: | ||
He can't see anything. | He can't see anything. | ||
| Line 575: | Line 402: | ||
[[Image:PtPrivWiki22.png]] | [[Image:PtPrivWiki22.png]] | ||
:4. Log out of the EMR and back in again to finalize the deactivation and remove the Patient Privacy main menu item. | :4. Log out of the EMR and back in again to finalize the deactivation and remove the Patient Privacy main menu item. | ||
| Line 598: | Line 407: | ||
And... that poor user htuck who couldn't see any patients before, is back to full patient roster viewing capabilities. | And... that poor user htuck who couldn't see any patients before, is back to full patient roster viewing capabilities. | ||
[[Image:PtPrivWiki23.png|top]] | |||
= Caution! = | = Caution! = | ||
Latest revision as of 19:45, 5 September 2024
Introduction
>> all the content's here, am just tweaking the layout. <<
This Patient Privacy module controls which patient records are accessible to which staff users.
Any user of any ACL role, whether provider or non- clinician, may be 'attached' to a patient so they may view and edit their record. Users who are not attached to a patient may not.
Keep in mind the direction of the relationship: the staff/ user is attached to the patient so they can see that patient’s record. It is not that the patient is assigned to a staff.
In this document OpenEMR’s 'Patient Finder' tool is used to show a user's access permissions. In actual use, any display in which patient's PII appears would be regulated by this module. For example, if the logged in user was not attached to a patient that patient's appointment would be visible to the user on the calendar but their record could not be opened.
If used, this module will affect the entire patient roster. It is best to make the configuration of this module part of the setup of a practice, and assigning a provider to a new patient a formal part of the new patient admitting process. However, if this module is being incorporated into an existing practice, once the supervision relationships are created (see below) it might be useful to have a user with Administrator ACL go through the practice calendar’s appointments for the next day and assign providers to each patient. But that’s just one idea how to implement it.
One handy thing: if the Patient Privacy module is ever disabled, it may be re-enabled again, and all the previous user attachment settings will return as they were at last use.
This wiki page is the online version of the user docs that are distributed by MI-Squared when you contact us about installing the module. NOTE: at the time of this writing the Patient Privacy module is not included in the released versions of OpenEMR. Please contact us at helpdesk@mi-squared.com to discuss installing it on your OpenEMR instance.
Activate the Module
Once installed into your OpenEMR an Administrator- privileged user needs to register the module with the system to activate it.
Register Module
- 1. On the main menu, click 'Modules/ Manage Modules' (cursor arrow below)
- the module name will be somewhere in the list.
- 2. Click the 'Register' button at the right
- the 'registered' tab will open with the module on it (below).
- 3. Click 'Install' button at right (cursor arrow)
- 4. 'Install' button changes to 'Enable'; click it.
- The button changes to 'Disable', which indicates the module is enabled.
- Log out and back in (not pictured)
The module is registered.
Attach Users
The Patient Privacy module has four different approaches by which to attach a user to a patient:
- 1. From the patient list
- 2. From provider pick list
- 3. From the user/ staff roster
- 4. From the list of ACL roles
And the user may be attached in one of two relationships:
- 1. Direct access
- 2. As supervisor to the attached user
These will be illustrated below.
On the main menu click 'Administration' then the new menu item, 'Patient Privacy'
From Patient List
The 'Patients' tab is active by default.
- 1. Select a patient
- The Provider Access panel appears showing default tab: Direct Access
- 2. Select user(s) to attach to this patient* You may 'Ctrl+ click' to attach multiple users
- 3. Click 'Save Changes'
- OR -- instead of Direct Access click tab: Access via Supervisor
The Provider dropdown list will contain all the users that were attached in the previous step.
The Supervisor dropdown list has the complete list of users.
Be VERY careful when setting supervisors and attaching users to patients.
See final 'Caution!' section of this document for details
Note in this example below that Provider Virginia Apgar has two different supervisors
- This shows that Dr Apgar has 'Direct Access' to Hornsby's record as Provider.
- However, oreilley is Apgar's supervisor over this patient, so he can see Hornsby, in addition to any patients oreilley may be attached to himself.
- And norman dogsbody is also Apgar's supervisor in regards to Hornsby's treatment, so HE can see Hornsby, too, along with his own.
AND SO-- when Dr Apgar logs in, Hornsby is the only pt she can see.
From Provider Pick List
A slightly quicker method to attach users to patients is to use the provider pick list found on the initial User Patient Permissions tab. This would be a handy way to attach a provider to all their patients in one sitting.
- 1. Select a user from the list.
- it will show the provider's current list of patients they're attached to (below).
- * Note: this panel shows only the patients that have been added with this panel.
- If the user is attached to a patient via the 'User' or 'Roles' tabs that patient will not appear here.
- 2. Click 'Attach Patient' (oval above)
- 3. Enter partial patient name and select when full name appears (sorry, this is a confusingly unusual demo patient name...).
- 4. Click 'Save changes' to save changes.
- Panel now displays the attached provider's list of patients (below)
- 5. Click 'Attach Patient' again to add another patient.
From the User tab
This tab lists all users (not only providers) in all the roles they are assigned in their OpemEMR user profile.
It allows attaching one user as supervisor to another user in each of their roles.
Click on the user's name (here, Virginia Apgar, listed in the previous panel) then select the supervisor for them in that role.
- Bug alert - attaching a user as supervisor of another user in one role will attach them in all roles of the other user
- Note: A staff who is not allowed to view patient records can still select them for such tasks as do not expose PII. For e.g., they can create an appointment for a patient on the calendar. But if they try to open the patient's record, they get a 'Demographics not authorized' message.
From the Roles tab
The Roles tab allows an Administrator to exclude any one or many ACL roles from the module's access controls. Which therefore gives members of those roles full access to all patients' records.
- Note: by default, the Administrator ACL role sees all patients no matter what Patient Privacy settings a patient has.
Select (or multi-select with Ctrl+click) the ACL roles which will be excluded from Patient Privacy restrictions.
Click 'Save'
Walter OReilley is in the Front Office ACL role, selected in the previous picture.
That allows him to see all patients.
User 'htuck' is a clinician who is not attached to any patients or assigned as a supervisor to any user.
He can't see anything.
Deactivate the Module
The Patient Privacy module may be inactivated at any time without affecting any PII.
- 1. The EMR Administrator simply goes back to Manage Modules (Main menu: Modules/ Manage Modules) screen
- 2. Clicks the 'Disable' button
- 3. and it will be disabled.
- 4. Log out of the EMR and back in again to finalize the deactivation and remove the Patient Privacy main menu item.
And... that poor user htuck who couldn't see any patients before, is back to full patient roster viewing capabilities.
Caution!
This module works purely with what it is given by the Administrator configuring the attachments. It has no logic checking so it is easy to set up conflicting access permissions.
- This module will allow having user1 as supervisor to user2 on one patient, then user2 as supervisor to user1 for another patient.
- It will allow accidentally setting a user as their own supervisor
- It will allow very complex relationships between attached users, which may defeat the intended access barriers.
- Suggestion: diagram the user/ supervisor relationships before configuring them.
