Difference between revisions of "Patient Privacy Module"
Harley Tuck (talk | contribs) m (final tweakage) |
Harley Tuck (talk | contribs) (huh- found I had already created this page so am putting new stuff in it.) |
||
| Line 1: | Line 1: | ||
= Introduction = | = Introduction = | ||
This Patient Privacy module controls which patient records are accessible to which staff users. | This Patient Privacy module controls which patient records are accessible to which staff users. | ||
Any user of any ACL role, whether provider or non- clinician, may be 'attached' to a patient so they | Any user of any ACL role, whether provider or non- clinician, may be 'attached' to a patient so they can see that patient’s record. It is not that the patient is assigned to a staff. | ||
One thing to point out is that this Patient Privacy module can be tricky to configure if you are making relationships more complex than 'Supervisor → Provider(s) → Patient(s)'. However, once properly configured it does provide near- absolute isolation of a patient’s PII from unauthorized viewers. | |||
In this document OpenEMR’s 'Patient Finder' tool is used to show a user's access permissions. In actual use, any display in which patient's PII appears would be regulated by this module. For example, if the logged in user was not attached to a patient that patient's appointment would be visible to the user on the calendar but their record could not be opened. | |||
In this document OpenEMR’s 'Patient Finder' tool is used to show a user's access permissions. In actual use, any display in which patient's PII appears would be regulated by this module. For example, if the logged in user was not attached to a patient that patient's appointment would be visible to the user on the calendar but their record could not be opened. | |||
| Line 20: | Line 17: | ||
This wiki page is the online version of the user docs that are distributed by MI-Squared when you contact us about installing the module. NOTE: at the time of this writing the Patient Privacy module is not included in the released versions of OpenEMR. Please contact us at helpdesk@mi-squared | This wiki page is the online version of the user docs that are distributed by MI-Squared when you contact us about installing the module. NOTE: at the time of this writing the Patient Privacy module is not included in the released versions of OpenEMR. Please contact us at <nowiki>helpdesk@mi-squared helpdesk@mi-squared</nowiki> to discuss installing it on your OpenEMR instance. | ||
| Line 28: | Line 25: | ||
== Register Module == | == Register Module == | ||
1. On the main menu, click 'Modules/ Manage Modules' (cursor arrow below) | |||
* the module name will be somewhere in the list. | |||
| Line 39: | Line 36: | ||
2. Click the 'Register' button at the right | |||
* the 'registered' tab will open with the module on it (below). | |||
3. Click 'Install' button at right (cursor arrow) | |||
| Line 51: | Line 49: | ||
4. 'Install' button changes to 'Enable'; click it. | |||
[[Image:PtPrivWiki03.png]] | |||
* The button changes to 'Disable', which indicates the module is enabled. | |||
[[Image:PtPrivWiki04.png]] | [[Image:PtPrivWiki04.png]] | ||
5. Log out and back in (not pictured) | |||
| Line 77: | Line 74: | ||
The Patient Privacy module has four different approaches by which to attach a user to a patient: | The Patient Privacy module has four different approaches by which to attach a user to a patient: | ||
: | :* From the patient list | ||
: | :* From provider pick list | ||
: | :* From the user/ staff roster | ||
: | :* From the list of ACL roles | ||
And the user may be attached in one of two relationships: | And the user may be attached in one of two relationships: | ||
: | :* Direct access | ||
: | :* As supervisor to the attached user | ||
These will be illustrated below. | |||
'''''Note:''''' A staff who is not allowed to view patient records can still select them for tasks that do not expose PII. For example, they can create an appointment for a patient on the calendar. But if they try to open the patient's record, they get a 'Demographics not authorized' message. | |||
[[Image:PtPrivWiki17.png]] | |||
To begin: | |||
On the main menu click 'Administration' then the new menu item, 'Patient Privacy' | |||
[[Image:PtPrivWiki05.png]] | |||
== From Patient List == | |||
Under the heading, ‘Patient Privacy Settings’ the 'Patients' tab is active by default. | |||
1. Click on the line containing the Patient’s identifiers | |||
[[Image:PtPrivWiki06.png]] | |||
| Line 135: | Line 131: | ||
* The Provider Access panel appears showing default tab: ‘Direct Access’ | |||
[[Image:PtPrivWiki07.png]] | |||
| Line 143: | Line 141: | ||
2. Select user(s) to attach to this patient | |||
* You may 'Ctrl+ click' to attach multiple users | |||
* All selected users will be able to see all information in this patient’s record | |||
3. Click 'Save Changes' | |||
| Line 159: | Line 156: | ||
OR – if the provider(s) have already been attached to their patients you may optionally assign Supervisor access to the Providers’ patients: | |||
4. Click tab: ‘Access via Supervisor’ | |||
The | * CAUTION: The Supervisor dropdown list has '''''the complete list''''' of users, still containing all the users that were attached in the previous step. '''''Be careful to not assign a user as their own supervisor!''''' | ||
5. Select the Supervisor | |||
6. Select Provider | |||
7. Click ‘+ Attach Supervisor’ | |||
8. Click ‘Save Changes’ | |||
9. Repeat from step 6 above to attach the supervisor to each of the providers they supervise. | |||
* '''The Supervisor will then be able to access all the patients assigned to any of the providers they supervise.''' | |||
::'''''Be VERY careful when setting supervisors and attaching users to patients.''''' | |||
::'''''See final 'Caution!' section of this document for details''''' | |||
As a variation of this, see in this example below that Provider Virginia Apgar has two different supervisors | |||
[[Image:PtPrivWiki09.png]] | |||
* This shows that Dr Apgar has 'Direct Access' as Provider to pt Hornsby's record. | |||
* However, O’Reilley is Apgar's supervisor over this patient, so he can see Hornsby, in addition to any patients oreilley may be attached to himself. | |||
* And norman dogsbody is also Apgar's supervisor in regards to Hornsby's treatment, so HE can see Hornsby, too, along with his own. | |||
AND SO-- with this Patient Privacy configuration, when Dr Apgar logs in, Hornsby is the only patient she can see. | |||
AND SO-- when Dr Apgar logs in, Hornsby is the only | |||
| Line 216: | Line 212: | ||
1. Select a Provider from the list. | |||
[[Image:PtPrivWiki11.png | [[Image:PtPrivWiki11.png]] | ||
* it will show the provider's current list of patients they're attached to (below). | |||
[[Image:PtPrivWiki12.png]] | |||
::'''''* Note: this panel shows only the patients that have been added with this panel.''''' | |||
::'''''If the user is attached to a patient via the 'User' or 'Roles' tabs that patient will not appear here. But they all will be kept in the provider’s list.''''' | |||
2. Click 'Attach Patient' (oval above) | |||
3. Enter partial patient name and select when full name appears (yes, sorry, this is a confusing demo patient name...). | |||
[[Image:PtPrivWiki13.png]] | [[Image:PtPrivWiki13.png]] | ||
| Line 250: | Line 242: | ||
4. Click 'Save changes' to save changes. | |||
* Panel now displays the attached provider's list of patients (below) | |||
[[Image:PtPrivWiki14.png]] | |||
5. Return to step 2, Click 'Attach Patient' to add another patient. | |||
== From the User tab == | == From the User tab == | ||
[[Image:PtPrivWiki15.png]] | |||
This tab lists all users (not only providers) with each of the roles they are assigned in their OpenEMR user profile. | |||
It is designed for attaching one user as supervisor to another user in each of their Access Control roles. | |||
* '''Use this method only if you are sure it is what you want!''' | |||
1. Click on the user's name (here, Virginia Apgar) | |||
[[Image:PtPrivWiki16.png]] | [[Image:PtPrivWiki16.png]] | ||
| Line 326: | Line 282: | ||
2. Select the supervisor for her in that role. | |||
3. Click ‘Save Changes’ | |||
:'''''Bug alert - attaching a user as supervisor of another user in one role will attach them in all roles of the other user''''' | :* Now, after all that: '''''Bug alert - attaching a user as supervisor of another user in one role will attach them in all roles of the other user''''' | ||
:* In effect it merely attaches one user as Supervisor over another, the same as doing it in the ‘Patient’ tab. | |||
== From the Roles tab == | |||
The Roles tab allows an Administrator to exclude any one or many ACL roles from the Patient Privacy module's access controls. Which therefore gives members of those roles full access to all patients' records. | |||
[[Image:PtPrivWiki18.png]] | |||
::'''''Note: by default, the Administrator ACL role sees all patients no matter what Patient Privacy settings a patient has.''''' | |||
| Line 347: | Line 307: | ||
1. Click the ‘Roles’ tab | |||
2. Select (or multi-select with Ctrl+click) the ACL roles that will be excluded from Patient Privacy restrictions | |||
3. Click 'Save' | |||
'''Example:''' | |||
[[Image:PtPrivWiki19.png]] | |||
Let’s say the logged- in user Walter OReilley’s User Profile has him in the ‘Front Office’ ACL role. | |||
[[Image: | [[Image:PtPrivWiki_ACL_FrontOffice.png]] | ||
That ‘Front Office’ role was selected in step 2 above. | |||
That makes him allowed to see all patients. | |||
BUT-- the User Profile of 'htuck' has him as a clinician. | |||
[[Image:PtPrivWiki_ACL_Clinician.png]] | |||
He is not attached to any patients or assigned as a supervisor to any user. | |||
He can't see anything. | He can't see anything. | ||
[[Image:PtPrivWiki20.png]] | |||
= Deactivate the Module = | = Deactivate the Module = | ||
The Patient Privacy module may be inactivated at any time without affecting any PII. | The Patient Privacy module may be inactivated at any time without affecting any PII. | ||
1. The EMR Administrator simply goes back to Manage Modules (Main menu: Modules/ Manage Modules) screen | |||
2. Clicks the 'Disable' button... | |||
[[Image:PtPrivWiki21.png | [[Image:PtPrivWiki21.png]] | ||
3...and it will be disabled. | |||
| Line 401: | Line 364: | ||
[[Image:PtPrivWiki22.png]] | [[Image:PtPrivWiki22.png]] | ||
4.Log out of the EMR and back in again to finalize the deactivation and remove the Patient Privacy main menu item. | |||
And... that poor user htuck who couldn't see any patients before, is back to full and complete patient roster viewing permissions. | |||
[[Image:PtPrivWiki23.png]] | |||
= Caution! = | = Caution! = | ||
This module works purely with what it is given by the Administrator configuring the attachments. It has no logic checking so it is easy to set up conflicting access | This module works purely with what it is given by the Administrator configuring the attachments. It has no logic checking so it is easy to set up conflicting access relationships. | ||
* '''''This module will allow making user1 the supervisor to user2 on one patient, then user2 as supervisor to user1 for another patient.''''' | |||
* '''''It will allow accidentally setting a user as their own supervisor''''' | |||
* '''''It will allow very complex relationships between attached users, which may defeat the intended access barriers.''''' | |||
'''''Suggestion: diagram the user/ supervisor relationships before configuring them.''''' | |||
Latest revision as of 21:47, 25 October 2024
Introduction
This Patient Privacy module controls which patient records are accessible to which staff users.
Any user of any ACL role, whether provider or non- clinician, may be 'attached' to a patient so they can see that patient’s record. It is not that the patient is assigned to a staff.
One thing to point out is that this Patient Privacy module can be tricky to configure if you are making relationships more complex than 'Supervisor → Provider(s) → Patient(s)'. However, once properly configured it does provide near- absolute isolation of a patient’s PII from unauthorized viewers.
In this document OpenEMR’s 'Patient Finder' tool is used to show a user's access permissions. In actual use, any display in which patient's PII appears would be regulated by this module. For example, if the logged in user was not attached to a patient that patient's appointment would be visible to the user on the calendar but their record could not be opened.
If used, this module will affect the entire patient roster. It is best to make the configuration of this module part of the setup of a practice, and assigning a provider to a new patient a formal part of the new patient admitting process. However, if this module is being incorporated into an existing practice, once the supervision relationships are created (see below) it might be useful to have a user with Administrator ACL go through the practice calendar’s appointments for the next day and assign providers to each patient. But that’s just one idea how to implement it.
One handy thing: if the Patient Privacy module is ever disabled, it may be re-enabled again, and all the previous user attachment settings will return as they were at last use.
This wiki page is the online version of the user docs that are distributed by MI-Squared when you contact us about installing the module. NOTE: at the time of this writing the Patient Privacy module is not included in the released versions of OpenEMR. Please contact us at helpdesk@mi-squared helpdesk@mi-squared to discuss installing it on your OpenEMR instance.
Activate the Module
Once installed into your OpenEMR an Administrator- privileged user needs to register the module with the system to activate it.
Register Module
1. On the main menu, click 'Modules/ Manage Modules' (cursor arrow below)
- the module name will be somewhere in the list.
2. Click the 'Register' button at the right
- the 'registered' tab will open with the module on it (below).
3. Click 'Install' button at right (cursor arrow)
4. 'Install' button changes to 'Enable'; click it.
- The button changes to 'Disable', which indicates the module is enabled.
5. Log out and back in (not pictured)
The module is registered.
Attach Users
The Patient Privacy module has four different approaches by which to attach a user to a patient:
- From the patient list
- From provider pick list
- From the user/ staff roster
- From the list of ACL roles
And the user may be attached in one of two relationships:
- Direct access
- As supervisor to the attached user
These will be illustrated below.
Note: A staff who is not allowed to view patient records can still select them for tasks that do not expose PII. For example, they can create an appointment for a patient on the calendar. But if they try to open the patient's record, they get a 'Demographics not authorized' message.
To begin:
On the main menu click 'Administration' then the new menu item, 'Patient Privacy'
From Patient List
Under the heading, ‘Patient Privacy Settings’ the 'Patients' tab is active by default.
1. Click on the line containing the Patient’s identifiers
- The Provider Access panel appears showing default tab: ‘Direct Access’
2. Select user(s) to attach to this patient
- You may 'Ctrl+ click' to attach multiple users
- All selected users will be able to see all information in this patient’s record
3. Click 'Save Changes'
OR – if the provider(s) have already been attached to their patients you may optionally assign Supervisor access to the Providers’ patients:
4. Click tab: ‘Access via Supervisor’
- CAUTION: The Supervisor dropdown list has the complete list of users, still containing all the users that were attached in the previous step. Be careful to not assign a user as their own supervisor!
5. Select the Supervisor
6. Select Provider
7. Click ‘+ Attach Supervisor’
8. Click ‘Save Changes’
9. Repeat from step 6 above to attach the supervisor to each of the providers they supervise.
- The Supervisor will then be able to access all the patients assigned to any of the providers they supervise.
- Be VERY careful when setting supervisors and attaching users to patients.
- See final 'Caution!' section of this document for details
As a variation of this, see in this example below that Provider Virginia Apgar has two different supervisors
- This shows that Dr Apgar has 'Direct Access' as Provider to pt Hornsby's record.
- However, O’Reilley is Apgar's supervisor over this patient, so he can see Hornsby, in addition to any patients oreilley may be attached to himself.
- And norman dogsbody is also Apgar's supervisor in regards to Hornsby's treatment, so HE can see Hornsby, too, along with his own.
AND SO-- with this Patient Privacy configuration, when Dr Apgar logs in, Hornsby is the only patient she can see.
From Provider Pick List
A slightly quicker method to attach users to patients is to use the provider pick list found on the initial User Patient Permissions tab. This would be a handy way to attach a provider to all their patients in one sitting.
1. Select a Provider from the list.
- it will show the provider's current list of patients they're attached to (below).
- * Note: this panel shows only the patients that have been added with this panel.
- If the user is attached to a patient via the 'User' or 'Roles' tabs that patient will not appear here. But they all will be kept in the provider’s list.
2. Click 'Attach Patient' (oval above)
3. Enter partial patient name and select when full name appears (yes, sorry, this is a confusing demo patient name...).
4. Click 'Save changes' to save changes.
- Panel now displays the attached provider's list of patients (below)
5. Return to step 2, Click 'Attach Patient' to add another patient.
From the User tab
This tab lists all users (not only providers) with each of the roles they are assigned in their OpenEMR user profile.
It is designed for attaching one user as supervisor to another user in each of their Access Control roles.
- Use this method only if you are sure it is what you want!
1. Click on the user's name (here, Virginia Apgar)
2. Select the supervisor for her in that role.
3. Click ‘Save Changes’
- Now, after all that: Bug alert - attaching a user as supervisor of another user in one role will attach them in all roles of the other user
- In effect it merely attaches one user as Supervisor over another, the same as doing it in the ‘Patient’ tab.
From the Roles tab
The Roles tab allows an Administrator to exclude any one or many ACL roles from the Patient Privacy module's access controls. Which therefore gives members of those roles full access to all patients' records.
- Note: by default, the Administrator ACL role sees all patients no matter what Patient Privacy settings a patient has.
1. Click the ‘Roles’ tab
2. Select (or multi-select with Ctrl+click) the ACL roles that will be excluded from Patient Privacy restrictions
3. Click 'Save'
Example:
Let’s say the logged- in user Walter OReilley’s User Profile has him in the ‘Front Office’ ACL role.
That ‘Front Office’ role was selected in step 2 above.
That makes him allowed to see all patients.
BUT-- the User Profile of 'htuck' has him as a clinician.
He is not attached to any patients or assigned as a supervisor to any user.
He can't see anything.
Deactivate the Module
The Patient Privacy module may be inactivated at any time without affecting any PII. 1. The EMR Administrator simply goes back to Manage Modules (Main menu: Modules/ Manage Modules) screen 2. Clicks the 'Disable' button...
3...and it will be disabled.
4.Log out of the EMR and back in again to finalize the deactivation and remove the Patient Privacy main menu item.
And... that poor user htuck who couldn't see any patients before, is back to full and complete patient roster viewing permissions.
Caution!
This module works purely with what it is given by the Administrator configuring the attachments. It has no logic checking so it is easy to set up conflicting access relationships.
- This module will allow making user1 the supervisor to user2 on one patient, then user2 as supervisor to user1 for another patient.
- It will allow accidentally setting a user as their own supervisor
- It will allow very complex relationships between attached users, which may defeat the intended access barriers.
Suggestion: diagram the user/ supervisor relationships before configuring them.
