Ngai-E
commented
5 years ago Ok. I will be waiting
Open aethelwulffe opened 5 years ago
Ngai-E
commented
5 years ago Ok. I will be waiting
aethelwulffe
commented
5 years ago OK. First. Look for $GLOBALS['facility_acl']. This will find most implementations. modules/calendar/includes/get_provider_events is one implementation. You can find the functions at interface/tags_filters/start.php.
History: There is/was a feature called "Tags/Filters". It was implemented as a "plugin" for a "plugin system" by Ken Chappel. Unfortunately, it never caught on. The code was essentially drawn from WordPress. It was also scattered around the code base in a very sloppy fashion, with all kinds of bloat and useless stuff. Worse, the Tags/Filters implementation performs so badly that it drags any large database system to a halt. Stupidly, I tried to implement a Facility Based Access Control within this system.
Goals:
*This item can be done by a collaborator as a simultaneous project.
What the Facility ACL component is:
Definitions: Facility = a physical location, a separate treatment program, a department or other distinctive grouping within a single medical business entity that indicates a separate patient population. Patients may be seen at multiple facilities. Facilities are defined by combinations of the following: Name Address Group National Provider Identifier (Group NPI). Place of Service Code.
Example of a clinic with multiple facilities: Mega Medical has a big building. In that building they have two main clinics; Primary Care where they see patients with an appointment, and Urgent Care where they take walk-ins and minor emergencies. Primary Care uses a Place of Service (POS) code of 11, meaning "Office". Urgent Care has a POS code of 20. They are really the same business (same Tax ID), but they have two different Group NPI's. Within the Primary Care portion of the building, they also have Psychiatric Services. This falls under the same Group NPI as Primary Care, and is also a POS code 11, and shares the same address. Despite this, to separate the psychiatric treatment program, it is given a separate "Facility" listing in the EHR. This is helpful for reporting, billing and any number of items.
The Mega Medical providers sometimes go to a assisted living facility to treat patients there. The patients here will never go to any of their other facilities. Also, there are nurses there that need access to these patients, and will never need to see any other records.
So, Mega Medical has FIVE facilities.
OK. Now, some providers (the boss for one) has access to ALL patients. Dr. Big needs to see all records, so all Facilities are selected in Dr. Big's User Administration screen. Dr. Big's husband is her business manager, so the user Mr_Big is also assigned to all facilities.
The Front Desk people at the Urgent Care facility sometimes get people in that are already patients of the Primary Care facility. They are supposed to ask patients if they have been seen at the Primary Care or Psychiatric Facility. If they have, they ask the supervisor to assign the patient to both Urgent Care as well as their original facility. Otherwise, when they do a patient search, look at the calendar or anything else, they should only ever see patients that are assigned to Urgent Care. Some of the providers ONLY do Urgent Care. They should only be able to see those patients.
Primary Care providers and staff can see only primary care patients unless they also work at one of the other facilities regularly.
Psychiatric Services Facility can only see Psychiatric patients.
Assisted Living Facility nurses can ONLY see their patients.
On assigning patients to Facilities: Currently there is only one field for facility in demographics. This should be expanded, probably with JSON or some other explode type storage feature or a vertical touch table. Another issue is for "orphaned" patients. If a patient is created and not assigned a facility, then they can get "lost". That means that they should always get assigned a facility by default. In the above case, they should get assigned to Facility 1, even though this is not a treatment facility.
Duplicate patients are a risk here. Adding a new patient should result in a check that can find a possible duplicate in a facility that the user does not have access to, and respond with a warning. This could allow them to get supervisor help, though usually anyone with the ability to add a patient will have access to a lot already. If need be, they can create a new patient anyway, but the system should mark the patient as "Possible Duplicate" and send a Reminder to a designated user to check things out and do a patient record merge if necessary.
So, please ask any questions you may have. Know that the intended users of this access control utility have as many as 100 facilities (scattered rural Assisted Living Facilities, other institutions) and they share patients and a record system with other businesses. Lack of this control is keeping our EHR from being implemented there.
Trodrige
commented
5 years ago @aethelwulffe let me drop what I've gotten from this description. Basically, we want to revise all that shows up in Adminstration-->Users screen and the necessary control on the information that is being displayed.
Remove the tag_filters folder which holds the current(old) implementation of showing users and their access to facilities and patients related data.
Let Admin-->User page show i. all facilities the current user is associated with (pop-up) ii. all necessary patient info (same as in address book)
write new functions to show data for the Admin--> User screen, to filter the data etc (Replacing functions in interface/tag_filters/start.php)... with all the access level stuff handled.
A patient can belong to more than 1 facility. e.g (patient care and urgent care). Demographics->facility field should show this
do_action() calls in modulels/calendar/includes/get_provider_events.php should be replaced with the names of the new functions for Fac ACL.
Is this what we're talking about here?
aethelwulffe
commented
5 years ago On 2.ii above: "all necessary patient info" should mean "all necessary user info".
is a little hard to follow, but the User admin screen has two elements for Default Facility and, at least when the global is turned on for restrict user's facilities, a multi-select that lists all facility record row names. When the Facility based access control feature is also turned on, this selection list also controls what patients the user can see based on the rows in the users_facility table. I think you get that, but just wanted to state it so we are clear. Mostly we are just making the interface in the user admin screen a little more clear than a scrolling list of highlighted items. That part can be left alone for the moment, or assigned to Mua assuming that it works. It does have issues (changes are finicky).
Yeah, basically the patients need a multiselect. Maybe they should always have an "administrative" facility we can hard code into the system so that if they are not assigned any other facility, they can still be found.
That call, as well as all the other do_action calls for the calendar, patient search and other places it has been implemented.
-and, when all is said and done, the whole plugin system it killed (with the Tags/Filters plugin code as well) from the whole system. If you want to add your own similar set of hooks, that is fine, but it must be contained to /modules, and the Facility Based Access Control system needs to be pretty well hardened and have a single on/off toggle in globals. Currently, you must turn on both "restrict users to facilities" as well as "restrict access by facility"
muarachmann
commented
5 years ago Okay this is pretty long :) and i will update on what i have understood so far here
aethelwulffe
commented
5 years ago Actually, this just needs updating...I already did the majority of the work. I removed the TAGS/Filters module, plugin system and all the associated junk. I moved the actual functions (tiny handful) to /modules/ACL. I have not updated the globals much, except to remove the TAGS/Filters stuff. -I will link the merged PR.
aethelwulffe
commented
5 years ago muarachmann
commented
5 years ago Hi @aethelwulffe spoke with Eliz who is doing pretty fine now and has finished with outreachy stuffs. We will be tackling this in the days ahead
muarachmann
commented
5 years ago @aethelwulffe , just spoke with @Ngai-E wrt this issue. Can we have a zoom tomorrow?
aethelwulffe
commented
5 years ago Sure!
Channel should be ready, but I will send out an invite.
On 2019-08-20 15:23, muarachmann wrote:
@aethelwulffe https://github.com/aethelwulffe , just spoke with @Ngai-E https://github.com/Ngai-E wrt this issue. Can we have a zoom tomorrow?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/SunCoastConnection/TheRealLibreEHR/issues/446?email_source=notifications&email_token=AAEHGF7T3FR2P4QDHZDA4ZTQFRADDA5CNFSM4H4TQNCKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4XMNIA#issuecomment-523159200, or mute the thread https://github.com/notifications/unsubscribe-auth/AAEHGF3OWCYIBKSRORXAXFLQFRADDANCNFSM4H4TQNCA.
muarachmann
commented
5 years ago Cool
On Tue, Aug 20, 2019 at 8:34 PM Art Eaton notifications@github.com wrote:
Sure!
Channel should be ready, but I will send out an invite.
On 2019-08-20 15:23, muarachmann wrote:
@aethelwulffe https://github.com/aethelwulffe , just spoke with @Ngai-E https://github.com/Ngai-E wrt this issue. Can we have a zoom tomorrow?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub < https://github.com/SunCoastConnection/TheRealLibreEHR/issues/446?email_source=notifications&email_token=AAEHGF7T3FR2P4QDHZDA4ZTQFRADDA5CNFSM4H4TQNCKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4XMNIA#issuecomment-523159200 , or mute the thread < https://github.com/notifications/unsubscribe-auth/AAEHGF3OWCYIBKSRORXAXFLQFRADDANCNFSM4H4TQNCA .
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/SunCoastConnection/TheRealLibreEHR/issues/446?email_source=notifications&email_token=AD4X4XRBYE4X7O2LNE3COTDQFRBKZA5CNFSM4H4TQNCKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4XNIGI#issuecomment-523162649, or mute the thread https://github.com/notifications/unsubscribe-auth/AD4X4XVUSBH6A73VWDWRSQLQFRBKZANCNFSM4H4TQNCA .
muarachmann
commented
5 years ago Please for a zoom tonight 10pm (GMT + 1) @aethelwulffe
aethelwulffe
commented
5 years ago Sure thing. I will send out the invite via email. We had a dead server this morning, and I have just got it up and running again.
muarachmann
commented
5 years ago Cool thanks
On Mon, Sep 16, 2019 at 6:35 PM Art Eaton notifications@github.com wrote:
Sure thing. I will send out the invite via email. We had a dead server this morning, and I have just got it up and running again.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/SunCoastConnection/TheRealLibreEHR/issues/446?email_source=notifications&email_token=AD4X4XWD65T42ISCNKPCNULQJ67XRA5CNFSM4H4TQNCKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6Z5MDQ#issuecomment-531879438, or mute the thread https://github.com/notifications/unsubscribe-auth/AD4X4XUUDAEL2TMCZMJW4ELQJ67XRANCNFSM4H4TQNCA .
aethelwulffe
commented
5 years ago Note: This feature basically works...it just needs usability in terms of cleaner admin. Frankly, that is the case with a lot of the features controlled by globals. I feel that the globals admin would be better controlled by a feature configuration page in most cases, and only update their related globals. On some systems, updating globals can take a loooong time.
aethelwulffe
commented
5 years ago OK, I will be on at 10PM Camaroon time GMT+1. Basically in one hour. Art Eaton is inviting you to a scheduled Zoom meeting.
Topic: SunCoast Connection Scrum Time: This is a recurring meeting Meet anytime
Join Zoom Meeting https://zoom.us/j/6633109468?pwd=UUlaRkZxbnJwbVdxVjV5bm5ZdmdVZz09
Password: Affinity
One tap mobile +19292056099,,6633109468# US (New York) +16699006833,,6633109468# US (San Jose)
Dial by your location +1 929 205 6099 US (New York) +1 669 900 6833 US (San Jose) Meeting ID: 663 310 9468 Find your local number: https://zoom.us/u/aRO56EPuD
aethelwulffe
commented
5 years ago OK, standing by on the meeting above.
aethelwulffe
commented
5 years ago I will hang until 2130 GMT
Trodrige
commented
5 years ago Seeing this now.
😥
[image: Mailtrack] https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5& Sender notified by Mailtrack https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5& 09/16/19, 10:46:30 PM
On Mon, Sep 16, 2019 at 10:17 PM Art Eaton notifications@github.com wrote:
I will hang until 2130 GMT
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/SunCoastConnection/TheRealLibreEHR/issues/446?email_source=notifications&email_token=AD3GHW7A5Q2X2WZ355XF7CTQJ7ZXRA5CNFSM4H4TQNCKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD62RR7Y#issuecomment-531962111, or mute the thread https://github.com/notifications/unsubscribe-auth/AD3GHWYYUN5SB4OADQCX53DQJ7ZXRANCNFSM4H4TQNCA .
aethelwulffe
commented
5 years ago Time 4 U go sleepy/party. We should do this stuff earlier anyways.
On 9/16/2019 5:47 PM, Tigpezeghe Rodrige wrote:
Seeing this now.
😥
[image: Mailtrack] https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5& Sender notified by Mailtrack https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5& 09/16/19, 10:46:30 PM
On Mon, Sep 16, 2019 at 10:17 PM Art Eaton notifications@github.com wrote:
I will hang until 2130 GMT
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub
https://github.com/notifications/unsubscribe-auth/AD3GHWYYUN5SB4OADQCX53DQJ7ZXRANCNFSM4H4TQNCA .
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/SunCoastConnection/TheRealLibreEHR/issues/446?email_source=notifications&email_token=AAEHGF3H454MCRQTQVZAYLLQJ75FVA5CNFSM4H4TQNCKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD62TYGI#issuecomment-531971097, or mute the thread https://github.com/notifications/unsubscribe-auth/AAEHGF2YRZMTUDHZTE6KBMLQJ75FVANCNFSM4H4TQNCA.
Ngai-E
commented
5 years ago I was out of network coverage
On Mon, Sep 16, 2019, 11:11 PM Art Eaton <notifications@github.com wrote:
Time 4 U go sleepy/party. We should do this stuff earlier anyways.
On 9/16/2019 5:47 PM, Tigpezeghe Rodrige wrote:
Seeing this now.
😥
[image: Mailtrack] < https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5&
Sender notified by Mailtrack < https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5&
09/16/19, 10:46:30 PM
On Mon, Sep 16, 2019 at 10:17 PM Art Eaton notifications@github.com wrote:
I will hang until 2130 GMT
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub
< https://github.com/notifications/unsubscribe-auth/AD3GHWYYUN5SB4OADQCX53DQJ7ZXRANCNFSM4H4TQNCA
.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub < https://github.com/SunCoastConnection/TheRealLibreEHR/issues/446?email_source=notifications&email_token=AAEHGF3H454MCRQTQVZAYLLQJ75FVA5CNFSM4H4TQNCKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD62TYGI#issuecomment-531971097 , or mute the thread < https://github.com/notifications/unsubscribe-auth/AAEHGF2YRZMTUDHZTE6KBMLQJ75FVANCNFSM4H4TQNCA .
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/SunCoastConnection/TheRealLibreEHR/issues/446?email_source=notifications&email_token=AFLXIJ56WVK4AY7PEXZWIATQKAAALA5CNFSM4H4TQNCKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD62VPMY#issuecomment-531978163, or mute the thread https://github.com/notifications/unsubscribe-auth/AFLXIJ6AQAN6APNVO6OKJCLQKAAALANCNFSM4H4TQNCA .
I will update this with a project description soon. This is nonetheless a priority project to be touched immediately after fixing the user admin and facility modal errors.