[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Resend: [CPR security policies at BHS]
Konstantin,
The document you mailed out was indeed interesting - here are a few comments
as you people
refine and complete this important work -
Section 2.2 Persistence
How is appropriate time defined?
2.3 Access Control
This section as currently written appears more an implementation hint
rather than a policy statement. Access control lists are implementation
tool. This could be better stated in terms of what is desired - patient
record access will be only to named individuals and it should be possible to
determine any time who exactly had access to the specific record, etc.
2.3.1 Psychotherapist-patient privilge - probably should also include that
such an encounter took place - meaning it should not be possible to find
out whether someone sought such therapy or counseling irregardless of the
outcome of such consults.
Also, noticed that there is lot of information related to HIV treatment.
Maybe it will be useful to organize
separte chapters on general treatment, mental/psycotherapic issues, and
another on HIV related issues.
Also, has any of you taken a look at pending legislation on patient
confidentiality and what they are
thinking about in terms of protection?
- regards
- juggy
----------------
Broadcast message to hrac-rfp from "V. Juggy Jagannathan" <juggy@careflow.com>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.