I am writing a small discussion paper around existing barriers, e.g. policy, that is limiting ‘every’ member of the MDT access to health information. Do you have experience of a policy that restricts a group of health staff from accessing health information within a tool/system/software/APP/Webform. Was it because of RBACs? What workarounds have you done? The paper discusses the role of Kaiāwhina, and the task-focus (not role-based) of HIPC. Flick me a message, if you have relevant research papers or experience of similar in the health sector. Ngā mihi nui.
Which areas of application are you interested in this area? We have several applications associated and not associated with My Health Account Workforce that handles this, but limited to national cloud based platforms, and not yet available at LDAP-related controls.
Hi Cheryl,
One of the best decisions Qld Health did in regard to the design of their state-wide EMR was to make it an 'open access". This means that all staff had access to all clinical records.
They were trained to only access the records that they needed to access to be able to do their job. Stringent auditing was in place to detect potential breaches.
Although all episodes of care could be accessed by all staff, some functionality still required electronic signature, (e.g. prescribing), to meet regulatory standards.
Role based ‘views’ were also setup in the system to make it easier for staff to see the information that was relevant to their role.
Having an open system enabled staff to efficiently and effectively do their job, reduced system administration and ultimately improved the patient experience.
The main downside was mental health, sexual health and prisoner records were excluded from the system.