For_Dummies_HCM

CHAPTER 8 Let’s Do It: How to Implement Your HCM Project 81 A concept for access authorizations should always be developed in consultation with your institution’s data protection expert. This ensures that you do not unwittingly violate your institution’s existing policies, or even laws. The most important component of a concept for access authorization is the interaction of the HCM system with the patient management system, the HIS. You can integrate this into the concept in three steps that build upon each other. ✔✔Step 1: creation of the treatment context by invocation from the HIS. The HIS already creates the treatment context from users to patients and their cases systematically. Users who are allowed to view patients and their cases in the HIS are thus also allowed to view their data. If the multi-format viewer is invoked from within the HIS in a patient or case context, access to data in the HCM system is considered authorized and the data is displayed. This procedure also applies to accessing patients with special status. Check whether your HIS can control a multi-format viewer in a patient or case context and whether it displays the data in the correct context. ✔✔Step 1 (alternatively): use of information provided by the HIS. A good HCM system can use the information provided by the HIS for access authorization. The HCM system typically receives all information on patients, cases and visits in various departments and functional units via HL7 ADT messages. Ideally, the messages also contain information indicating patients’ special status. Based on this information, the HCM system can determine which user groups are or were involved in the examination and treatment of the patient. Check whether your HIS transmits all required HL7 ADT messages with complete information to the HCM system. Also test whether the HCM system can create the treatment context for user groups and derive an access authorization. ✔✔Step 2: access authorization for specific data. In order to selectively grant access to individual data of a patient, it is necessary to identify this data. This is where the classification of data helps: If, for example, a document is classified as a »psychiatric assessment«, a good HCM system can use this information for access verification and make the document available only to psychiatrists. Check whether your HCM system supports permissions on individual files of a patient.