HIPAA requirements

Minimum

feature status notes
system login
unique logon per user supported  
access restrictions   An administrator should be able to select what parts of the system that the user will have access to and the type of access. For example a user may have RW access to some parts, R access to other parts and no access to yet other areas.
audit trails
which accounts were used on the system (date and times) supported by PostgreSQL via postgresql.conf parameters log_connections and log_disconnections, GNUmed checks them at client startup and warns if they are not enabled ideally, PostgreSQL would support ON CONNECT triggers, problem: what is a connect ? each technical connect ? that would be a lot of connects per GNUmed "session"
which records were accessed supported "record access" is taken to mean whenever the gmClinicalRecord.py::cClinicalRecord class is instantiated which typically happens once when a patient is activated in a GNUmed client session
which accounts changed what supported see the database auditing system

These are the minimum requirements, since we will not be transmitting information or allowing external (WAN) connections to the system we can leave these other requirements alone for now.

Resources:

Topic revision: 26 Jan 2011, JamesBusser
 
Download.png
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback
Powered by Olark