Hi Gerard, There has to be medical/Patient/healthcare records and related documents but they must be linked. Storage must be provided for the above, permanent, temporary and intermediary (e.g., dialog between practitioners). Event-based entries into medical/Patient/healthcare records would be structured and most likely result in modifications of permanent records.
'related documents' may become part of a permanent record, e.g., commentary on the Patient (object). They may, however, contain information transitory information useless in a permanent healthcare record, e.g., scheduling, but significant during a course of treatment. There is another type of information related to administrative activities that would be attached to the permanent record. Billing, insurance, etc has to be accommodated. This would be little interest to practitioners and can reside in a separate database (e.g., relational). Must be linked. Both the medical/Patient/healthcare records and documents are subject to the same security requirements and both can be transmitted using the same network services. For example, both can be served from a secure, XML-based application server. The secure transmission of a 'record' can be discussed separately from the content of other records that are encapsulated within it. The naming might be confusing here. The 'record' is likely to be a sequence of 'blocks' of information of whatever structure and format, e.g., FibreChannel protocol (frame-based transmission of blocks of information). Looking at the content of the information received that structure could include healthcare records of any defined type. An advantage of this approach is the simplicity of appending additional record-based information to the end of the received file. Two disadvantages: 1)it has to be stored someplace 2)multiple users would require additional structure and processing to keep things in order Neither of these are major. To this point it is mechanistic and transparent to a Practitioner. One should be able to access the received data and all additions. Whether the Practitioner can edit the appended data is a separate issue. This 'interface' can be common; beyond this things get more involved since other factors are operative. > > Record Level Data Security has little to do with legal, social control and > > organizational aspects These aspects change things. Everything from a facility security policy to what the staff does regarding record operations can change between facilities. Importantly different facilities can interact uniquely with the information available for inclusion and modification. Related problems have to be resolved between Practitioners, legal jurisdictions and human organizations. Apart and separate from the records-based issues, there can be a significant need for systems that support communications between practitioners, e.g., secure Chat and document transmission. Something of value arising from this type communication could be included in the permanent record by a practitioner. Solving the 'social control and organizational' problems will take considerably more time and is likely to require continual attention thereafter. -Thomas Clark ----- Original Message ----- From: "Gerard Freriks" <gf...@luna.nl> To: <lakewood at copper.net>; <openehr-technical at openehr.org> Sent: Sunday, May 11, 2003 4:31 AM Subject: Re: Record Level Data Security; storage plus fixed andmobiletransmission > Dear Thomas, > > At OpenEHR there is an emphasis on the exchange of documents but also on > storage of objects in systems. > > What you are referring to is the first topic (messages). > > Gerard > > > > On 2003-05-03 19:52, "lakewood at copper.net" <lakewood at copper.net> wrote: > > > Hi Gerard, > > > > Record Level Data Security has little to do with legal, social control and > > organizational aspects. > > > > I agree that these are important, and in many cases more important, than > > record level data security. They are more complex issues that are dependent > > upon factors varying from culture to informal/private business arrangements. > > To be complete others would have to be added. > > > > The approach taken was to start at a level where secure global electronic > > data interchange of healthcare records is possible, a possible model being > > the "Association For Payment Clearing Services". > > > > http //www.apacs.org.uk/downloads/List%20of%20Standards5.pdf > > > > The perceived need is secure, standard record formats so that information > > can be accessed even though it was created under a system using a different > > record format. > > > > -Thomas Clark > > > > ----- Original Message ----- > > From: "Gerard Freriks" <gfrer at luna.nl> > > To: <lakewood at copper.net>; <openehr-technical at openehr.org> > > Sent: Saturday, May 03, 2003 2:40 AM > > Subject: Re: Record Level Data Security; storage plus fixed and > > mobiletransmission > > > > > >> On 2003-05-02 22:43, "lakewood at copper.net" <lakewood at copper.net> > >> wrote: > >> > >>> Security begins at the data storage level. Unless it can be protected at > >>> this level more sophisticated techniques applied to transmission and > > content > >>> will not be as effective as desired. > >>> > >>> Three common approaches are: > >>> 1)Data security > >>> 2)Data management and > >>> 3)Access to storage media-resident data, e.g., somebody's disk drive > >>> > >>>>> > >> > >> You leave out completely the legal, social control and organisational > >> aspects. > >> Technology isn't a silver bullet. > >> > >> Gerard > >> > >> -- <private> -- > >> Gerard Freriks, arts > >> Huigsloterdijk 378 > >> 2158 LR Buitenkaag > >> The Netherlands > >> > >> +31 252 544896 > >> +31 654 792800 > >> > >> > > > > -- <private> -- > Gerard Freriks, arts > Huigsloterdijk 378 > 2158 LR Buitenkaag > The Netherlands > > +31 252 544896 > +31 654 792800 > > - If you have any questions about using this list, please send a message to d.lloyd at openehr.org