Open maina opened 8 years ago
I agree with the general thrust of this. But have we considered that this may mean that people see each other's patients in registers and this could cause confusion? Do we have a specific use case for people sharing a device? Is it, for example, when a health worker is absent/ill and someone is covering for them? Or are we talking people sharing devices for other reasons?
This is something that Mubarak and team brought up and they emphasize that this is a something really of high priority specifically for rural areas (Shikarpur). A usecase for this is Vaccinators work in shifts (or someone going for polio compaign and other vaccinator takes the charge of center) and one should be able to use other person`s device. I can followup with them on listing down all other possible usecases. I think the point "this may mean that people see each other's patients in registers and this could cause confusion" is important for HH register where service is provider centric but for centers it is patient centric so for this case ideally they should be able to see all patients (They can not refuse service to anyone coming to center).
I guess sharing each other patients and using same device by many providers in different time is totally different use case. If in same facility different provider work on shift basis then these patients are actually belong to thats facility and different providers work on that facility may use same credential to log in into device and provide service.
@sohelsarder having to share credentials in a center sounds like it goes against passwords best practices and also makes it hard to do data audit. @maimoonak @sohelsarder Differentiating what data the user should access looks like it's more of a sync and user modules feature in that during sync the server side logic should be able to determine which data is provider centric and which is patient centric. With this distinction there seems to be a couple of options we can explore on the client side that will enable users share the same device.
Currently in the client app, it's not possible for multiple users to share a device because the app db is encrypted using the user login password. Look into a more generic and unpredictable encryption value that's not dependent on the logged in user.