search

jacobcuison / pe

0 stars 0 forks source link

Able to add non-standard file types to records #10

Open jacobcuison opened 9 months ago

jacobcuison commented 9 months ago

I was able to add .exe files to a patient's medical records. I believe this could be limited in the future to standard file types, such as .pdf, .docx etc.

soc-se-bot commented 9 months ago

Team's Response

We did not limit the file type as they are many variations to patient documents. While adding the .exe file may not be typical, the attaching file feature only serves as a form of organising files relevant to patients and what the user decides to attach is up to them. Furthermore, attaching the .exe file does not break the app nor cause any inconvenience to the user and hence we do not feel that it is an issue or a bug.

Items for the Tester to Verify

:question: Issue response

Team chose [response.Rejected]

Reason for disagreement: Thank you for your response team! However, I still believe that this is a feature flaw.

I agree that attaching .exe file does not break the app. However, it is very unlikely that a medical record is stored in a .exe file. I believe that MedBook should thus take the onus of supporting its users by watching out for such occurences. This could be in the form of a simple prompt (e.g. "You have selected a .exe file. Do you wish to proceed?") to ensure that users did not misclick, and selecting the .exe file was indeed their intended action.

Without this guard of user behaviour, I believe that this could cause some inconvenience down the road, albeit in rare occurences. For example, let us consider the following case:

  1. Doctor accidentally selects a .exe file to medical records.
  2. MedBook allows for this attachment without a warning/prompt.
  3. A few weeks later, the patient has the same medical issue.
  4. Doctor wants to refer to the previous medical record.
  5. Doctor opens the attached file, but realises it was attached wrongly.

In this case, the doctor will then have to search through his files to find the correct record again, causing a minor inconvenience to him, especially since this could be an urgent medical issue. As a streamlined patient management system, I believe that MedBook should thus take the responsibility of watching out for these potentially accidental user behaviours, and nudge users to correct them. Hence, I believe this feature could be improved, although perhaps it would not be within the scope of v1.4.