Mikael Nystr?m wrote: > I know that it is very hard to completely remove (parts of) an electronic > health record, but the law is still the law and we therefore must follow it. > It happens now and then in Sweden that we must remove (parts of) an > electronic health record completely (and not only logically). The removal is > mainly done manually and to a high cost. In Sweden we therefore also need to > record where we send electronic health record data and where we back the > data up. > > /Mikael Nystr?m > even though it can always be done (as per my last past), I think it will become a meaningless act, as systems become more distributed, and more caching occurs; more internet backups are done, patients have their own copies etc. How can anyone be sure the data is ever really deleted?
One thing openEHR does is provides the built in option to have no patient ids whatsoever in the EHR - to connect a person to an EHR, there would have to be a separate index of person_id, ehr_id. It doesn't have to be this way - there are other levels of privacy you can choose. See the "generic" package section of http://svn.openehr.org/specification/BRANCHES/Release-1.1-candidate/publishing/architecture/rm/common_im.pdf for some discussion on this. By the way, we use the feedback in these discussions to improve the documents, so you will find a better description of logical deletion in the next draft to go up. - thomas