It seems I have been misinformed regarding the level of security offered by the Oacis.
John Mleczko, Director Projects Branch ICT Services, Department of Health, South Australia has informed me of true security status today. I quote from his note.
“In response to statements made in your article "Personal Health Information Privacy - The Elephant in the Room" posted 28 Oct 2006 10:04PM CDT you ask for correction in regards to access to the Oacis system implemented in South Australia's major metropolitan public hospitals.
You suggest “a clinical user at one hospital, once logged on, could access any record of essentially any type for any South Australian”. The security model is facility based hence this is incorrect which means a user at a hospital can access the records of their patients at that hospital. You also suggest that access is “non-individualised and non role based”. Access to Oacis has always been individualised and role based.”
He then goes on to explain, in detail, the various steps taken to ensure the logged on users stay within the correct bounds – including warnings, audit trails etc.
This is good news.
In response I have asked the following questions by e-mail.
“Hi John,
Thanks for that...Just so I am clear this means that the access privileges for a medical registrar who is in charge of a hospital over night has his/her privileges changed according to the time of day (own service versus whole hospital) and that the intern in Emergency only sees results undertaken at that hospital - even if there are results at IMVS etc for the same patient done recently?
When I last chatted to people involved (a year or two back I admit) it was suggested to me that once you had medical or other high level access to the database it was essentially "open slather" - or is that only for those providing information into Oacis who clearly would seem to need to be able to access the whole results data base - for historical comparisons if for no other reason.
As you know audit trails and warnings have hardly been 100% effective at the Tax Office and CentreLink
If it has always been true that there were no group log-ons to Oacis I am happy about that!
I will happily place an edit noting your comments once I am clear.
On a related issue, given Oacis is a shared database just what control does the individual patient have about the recording of data on that database and who can see the data. This becomes an obvious issue as soon as any information is made available in a shared way. Does a patient admitted to an Oacis using facility have the choice of what is shared from say previous admissions (e.g. they may want to suppress a pathology report mentioning products of conception etc)?
Cheers
David.”
One of the Oacis brochures from 2004 has an intern saying how useful it is to be able to access information from previous admissions so clarity is important I believe.
I will keep everyone informed as information becomes available.
David.
0 comments:
Post a Comment