Exchanging Patient Records: 2

Permissions and Access Control

Suppose for a moment we have the medical record of the whole practice held as a single table, with each successive line in the table containing a field with the patient's unique identifier, then a field with an element of medical history (examination/results/hypothesis or conjecture/prescription or whatever), how do we handle the marking of this with permissions for people to view it?

Seriously, I would like some references or even better a private if you like e-mail from those who know what has worked well thus far.

As a first approximation, perhaps we add another field to each line which holds a reference to a line in a dictionary of permissions.

The dictionary of permissions is a table with an arbitrarily large number of lines, and which can have more lines added by any user.
Each line contains either within itself or by referring to yet another table, a list of an arbitrarily large number of people, destinations and entities.

As each line is added to the history table, (semi-automatically) a set of permissions is selected from the dictionary and the reference added to the line of history.

• What does this protect against, or rather, how far can we easily go in adding security of individual records to a patient's notes?
• And what are the consequences given the things we do with the notes?

What does this protect against, or rather, how far can we easily go in adding security of individual records to a patient's notes?

Another is that most of the people who have physical access to the machinery are willing to cooperate with the privacy restrictions - not that they are not nosy, rapid upside-down skim-readers, interested in trivia etc, but that they won't make a determined effort to defeat the precautions.

The contrary one is that most of the people we are really trying to protect hard against are ones who are external to the Practice, and don't have easy, legitimate physical access to the equipment, so physical security is our main protection there.

Encryption may not be necessary in an early version of this (and given it has to run on 386s this is just as well)

And what are the consequences given the things we do with the notes?

So when I run the notes to produce a personal medical adviser report for an insurance company, the privacy marked entries don't appear. And I don't know them so my answers are honest.

How about if the notes are sub-poenaed? Same applies unless the patient's permissions are applied against the records (assuming nothing has been marked private from them) or unless Big Brother has persuaded us that BB is first on every line of the permissions dictionary.

It is OK as far as I am concerned, because the records are the only records I possess.
The lawyer or insurance company of course might get a different subset of records if they apply the access to records for £10 law to another holder of records - my assistant, or the nurse, or the receptionists, or the Physio (thats £50 already and some of you have partners)
Thinking on a little further - supposing a lawyer wanted the records of a patient who had been treated in a practice, and two hospitals. Would they argue that these were one set of records? Sooner we split up our records the better.