Hi Gerard, Gerard Freriks wrote:
/snip/ > In other words: the OpenEHR can assume that the Access Control function > operates as if it is a fire wall that executes a set of rules > and that the > Audit trail is the log with violations (Exceptions) the fire wall had to > grant. > > The operation of the 'firewal' and audit trail are outside the scope of Open > EHR. While I support the concept of seperating the access control functionality from the storage / retrieval functionality, I'm afraid I have to disagree, with all due respect, to the segregation of the audit trail and to what I understand your definition of what needs to be contained in the audit trail. The notion that the audit trail only log exceptions will be a non-starter here in the U.S., I think. The "appropriateness" of an access to a record can only be determined ex post facto in many cases. An example may help. Suppose a nurse prints a copy of one of her patient's records during her shift. Is this appropriate access? On it's face, at the time of access, it would appear so. Suppose further, though, that the nurse later sells that copy to a third party who uses it to the patient's disadvantage. Now it's clear that the access was for inappropriate purposes. No system can pre-judge intent. If the access is not logged, there will be no trail to the event that led to the inappropriate disclosure and the system will have contributed to the patient's disadvantage. Further, unless the list of accesses is maintained as part of the EHR, there's no guarantee that the patient will have access to that information. Thus, I believe the audit trail functionality must be "in scope" for openEHR, at least to the extent that the group intends it to be viable here in the U.S.. Best regards, Bill - If you have any questions about using this list, please send a message to d.lloyd at openehr.org