As far as I understand, legal regulations are not concerned about the software but the hospital operations. The physician are still responsible for the treatment. The software vendor needs to earn their trust, but they remain liable. This liability might be shifted to the vendor by contract terms. For this project the Apache 2 license is being used which keeps the legal liability in the hospital and its parent organization. Certifications for Electronic Health Record (EHR) systems (e.g. The ONC Health IT Certification Program) seem to be optional and only serve the purpose of gaining trust in the software vendor. Also for example the Electronic Heath Record (EHR) Standard for India seems to be a set of recommendations instead of enforced laws. Still it's probably a good idea to consult a specialized lawyer before going live.
However, there may be hard rules regarding privacy and data security. For example in the United States EHRs are regulated under the HIPAA and HITECH act. In Europe data security is generally covered by the GDPR. For India there are probably similar regulations.
So this topic indeed imposes a number of functional requirements. The book Electronic Health Records For Dummies gives a few examples for security features supported by ONC-ATCB–certified EHRs: role based access control, automatic log-off, audit logs, data integrity checks, authenticated access for health records, data encryption, and accounting of disclosures.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
As far as I understand, legal regulations are not concerned about the software but the hospital operations. The physician are still responsible for the treatment. The software vendor needs to earn their trust, but they remain liable. This liability might be shifted to the vendor by contract terms. For this project the Apache 2 license is being used which keeps the legal liability in the hospital and its parent organization. Certifications for Electronic Health Record (EHR) systems (e.g. The ONC Health IT Certification Program) seem to be optional and only serve the purpose of gaining trust in the software vendor. Also for example the Electronic Heath Record (EHR) Standard for India seems to be a set of recommendations instead of enforced laws. Still it's probably a good idea to consult a specialized lawyer before going live.
However, there may be hard rules regarding privacy and data security. For example in the United States EHRs are regulated under the HIPAA and HITECH act. In Europe data security is generally covered by the GDPR. For India there are probably similar regulations.
Beside ticking off checkboxes in an audit form its also worthwhile to go one step back and think about the purpose behind it. People are coming into the hospital for getting help, any retradations in their body system are removed by operations and medication. So the information systems supporting its processes should work correctly, lest people are being harmed. They are exposing personal details which are required for the treatment and hence their privacy needs to be protected. Etc. So EHR systems should be maintained with high ethical standards in mind. The book Ethical Health Informatics seems to collect lots of good ideas around this. Also health care community organizations and government research might provide further self-motivated guidelines, e.g. the Agency for Healthcare Research and Quality (AHRQ), National Resource Center for Health Information Technology, Recommended Requirements for Enhancing Data Quality in Electronic Health Records, Health Level Seven (HL7), and Certification Commission for Healthcare Information Technology (CCHIT).
So this topic indeed imposes a number of functional requirements. The book Electronic Health Records For Dummies gives a few examples for security features supported by ONC-ATCB–certified EHRs: role based access control, automatic log-off, audit logs, data integrity checks, authenticated access for health records, data encryption, and accounting of disclosures.