Patient Privacy Module for OpenEMR

From OpenEMR Project Wiki
Revision as of 21:43, 25 October 2024 by Harley Tuck (talk | contribs) (adding initial page content)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Introduction

This Patient Privacy module controls which patient records are accessible to which staff users.

Any user of any ACL role, whether provider or non- clinician, may be 'attached' to a patient so they can see that patient’s record. It is not that the patient is assigned to a staff.

One thing to point out is that this Patient Privacy module can be tricky to configure if you are making relationships more complex than 'Supervisor → Provider(s) → Patient(s)'. However, once properly configured it does provide near- absolute isolation of a patient’s PII from unauthorized viewers.

In this document OpenEMR’s 'Patient Finder' tool is used to show a user's access permissions. In actual use, any display in which patient's PII appears would be regulated by this module. For example, if the logged in user was not attached to a patient that patient's appointment would be visible to the user on the calendar but their record could not be opened.


If used, this module will affect the entire patient roster. It is best to make the configuration of this module part of the setup of a practice, and assigning a provider to a new patient a formal part of the new patient admitting process. However, if this module is being incorporated into an existing practice, once the supervision relationships are created (see below) it might be useful to have a user with Administrator ACL go through the practice calendar’s appointments for the next day and assign providers to each patient. But that’s just one idea how to implement it.


One handy thing: if the Patient Privacy module is ever disabled, it may be re-enabled again, and all the previous user attachment settings will return as they were at last use.


This wiki page is the online version of the user docs that are distributed by MI-Squared when you contact us about installing the module. NOTE: at the time of this writing the Patient Privacy module is not included in the released versions of OpenEMR. Please contact us at helpdesk@mi-squared helpdesk@mi-squared to discuss installing it on your OpenEMR instance.


Activate the Module

Once installed into your OpenEMR an Administrator- privileged user needs to register the module with the system to activate it.

Register Module

1. On the main menu, click 'Modules/ Manage Modules' (cursor arrow below)

  • the module name will be somewhere in the list.


PtPrivWiki01.png



2. Click the 'Register' button at the right

  • the 'registered' tab will open with the module on it (below).


3. Click 'Install' button at right (cursor arrow)


PtPrivWiki02.png


4. 'Install' button changes to 'Enable'; click it.



PtPrivWiki03.png


  • The button changes to 'Disable', which indicates the module is enabled.


PtPrivWiki04.png

5. Log out and back in (not pictured)



The module is registered.


Attach Users

The Patient Privacy module has four different approaches by which to attach a user to a patient:

  • From the patient list
  • From provider pick list
  • From the user/ staff roster
  • From the list of ACL roles


And the user may be attached in one of two relationships:

  • Direct access
  • As supervisor to the attached user


These will be illustrated below.



Note: A staff who is not allowed to view patient records can still select them for tasks that do not expose PII. For example, they can create an appointment for a patient on the calendar. But if they try to open the patient's record, they get a 'Demographics not authorized' message.




PtPrivWiki17.png



To begin:

On the main menu click 'Administration' then the new menu item, 'Patient Privacy'

PtPrivWiki05.png



From Patient List

Under the heading, ‘Patient Privacy Settings’ the 'Patients' tab is active by default.


1. Click on the line containing the Patient’s identifiers


PtPrivWiki06.png






  • The Provider Access panel appears showing default tab: ‘Direct Access’

PtPrivWiki07.png




2. Select user(s) to attach to this patient

  • You may 'Ctrl+ click' to attach multiple users
  • All selected users will be able to see all information in this patient’s record



3. Click 'Save Changes'


PtPrivWiki08.png



OR – if the provider(s) have already been attached to their patients you may optionally assign Supervisor access to the Providers’ patients:


4. Click tab: ‘Access via Supervisor’


  • CAUTION: The Supervisor dropdown list has the complete list of users, still containing all the users that were attached in the previous step. Be careful to not assign a user as their own supervisor!



5. Select the Supervisor


6. Select Provider


7. Click ‘+ Attach Supervisor’


8. Click ‘Save Changes’


9. Repeat from step 6 above to attach the supervisor to each of the providers they supervise.

  • The Supervisor will then be able to access all the patients assigned to any of the providers they supervise.



Be VERY careful when setting supervisors and attaching users to patients.
See final 'Caution!' section of this document for details

As a variation of this, see in this example below that Provider Virginia Apgar has two different supervisors


PtPrivWiki09.png


  • This shows that Dr Apgar has 'Direct Access' as Provider to pt Hornsby's record.
  • However, O’Reilley is Apgar's supervisor over this patient, so he can see Hornsby, in addition to any patients oreilley may be attached to himself.
  • And norman dogsbody is also Apgar's supervisor in regards to Hornsby's treatment, so HE can see Hornsby, too, along with his own.


AND SO-- with this Patient Privacy configuration, when Dr Apgar logs in, Hornsby is the only patient she can see.


PtPrivWiki10.png


From Provider Pick List

A slightly quicker method to attach users to patients is to use the provider pick list found on the initial User Patient Permissions tab. This would be a handy way to attach a provider to all their patients in one sitting.


1. Select a Provider from the list.

PtPrivWiki11.png




  • it will show the provider's current list of patients they're attached to (below).

PtPrivWiki12.png


* Note: this panel shows only the patients that have been added with this panel.
If the user is attached to a patient via the 'User' or 'Roles' tabs that patient will not appear here. But they all will be kept in the provider’s list.


2. Click 'Attach Patient' (oval above)

3. Enter partial patient name and select when full name appears (yes, sorry, this is a confusing demo patient name...).


PtPrivWiki13.png



4. Click 'Save changes' to save changes.

  • Panel now displays the attached provider's list of patients (below)


PtPrivWiki14.png



5. Return to step 2, Click 'Attach Patient' to add another patient.


From the User tab

PtPrivWiki15.png


This tab lists all users (not only providers) with each of the roles they are assigned in their OpenEMR user profile.

It is designed for attaching one user as supervisor to another user in each of their Access Control roles.

  • Use this method only if you are sure it is what you want!



1. Click on the user's name (here, Virginia Apgar)

PtPrivWiki16.png



2. Select the supervisor for her in that role.


3. Click ‘Save Changes’


  • Now, after all that: Bug alert - attaching a user as supervisor of another user in one role will attach them in all roles of the other user
  • In effect it merely attaches one user as Supervisor over another, the same as doing it in the ‘Patient’ tab.



From the Roles tab

The Roles tab allows an Administrator to exclude any one or many ACL roles from the Patient Privacy module's access controls. Which therefore gives members of those roles full access to all patients' records.


PtPrivWiki18.png

Note: by default, the Administrator ACL role sees all patients no matter what Patient Privacy settings a patient has.




1. Click the ‘Roles’ tab

2. Select (or multi-select with Ctrl+click) the ACL roles that will be excluded from Patient Privacy restrictions

3. Click 'Save'

Example:

PtPrivWiki19.png

Let’s say the logged- in user Walter OReilley’s User Profile has him in the ‘Front Office’ ACL role.


PtPrivWiki ACL FrontOffice.png


That ‘Front Office’ role was selected in step 2 above.


That makes him allowed to see all patients.



BUT-- the User Profile of 'htuck' has him as a clinician.


PtPrivWiki ACL Clinician.png

He is not attached to any patients or assigned as a supervisor to any user.

He can't see anything.

PtPrivWiki20.png


Deactivate the Module

The Patient Privacy module may be inactivated at any time without affecting any PII. 1. The EMR Administrator simply goes back to Manage Modules (Main menu: Modules/ Manage Modules) screen 2. Clicks the 'Disable' button...


PtPrivWiki21.png


3...and it will be disabled.




PtPrivWiki22.png

4.Log out of the EMR and back in again to finalize the deactivation and remove the Patient Privacy main menu item.



And... that poor user htuck who couldn't see any patients before, is back to full and complete patient roster viewing permissions.

PtPrivWiki23.png


Caution!

This module works purely with what it is given by the Administrator configuring the attachments. It has no logic checking so it is easy to set up conflicting access relationships.

  • This module will allow making user1 the supervisor to user2 on one patient, then user2 as supervisor to user1 for another patient.
  • It will allow accidentally setting a user as their own supervisor
  • It will allow very complex relationships between attached users, which may defeat the intended access barriers.

Suggestion: diagram the user/ supervisor relationships before configuring them.