Security/Sensitive Record access ICR (3027)

Name

Value

NUMBER

3027

IA #

3027

DATE CREATED

2000/01/31

CUSTODIAL PACKAGE

REGISTRATION

USAGE

Supported

TYPE

Routine

DBIC APPROVAL STATUS

APPROVED

ROUTINE

DGSEC4

NAME

Security/Sensitive Record access

GENERAL DESCRIPTION

This integration agreement provides 2 entry points in
DGSEC4:

PTSEC^DGSEC4 determines if patient's record is sensitive or if user is
accessing his/her own Patient (#2) file record.

NOTICE^DGSEC4 adds or updated the DG Security Log (#38.1) file and optionally
generates the Sensitive Record Access mail message.

STATUS

Active

DGSEC4

COMPONENT/ENTRY POINT

COMPONENT DESCRIPTION

VARIABLES

PTSEC

This entry point will:
- verify user is not accessing his/her own PATIENT (#2) file record if
Restrict Patient Record Access parameter in the MAS Parameter (#43) file is
yes.
- determine if record is sensitive
- determine if patient's primary eligibility code is Employee.

The following array is returned:

RESULT(1)= -1 API failed
Required variable not defined
0 No display and no action required
Not an employee, not a sensitive record and user is not
accessing his/her own Patient (#2) file record.
1 Display warning message
Sensitive-inpatient or a DG SENSITIVITY key holder
or an Employee and a DG SECURITY OFFICER key holder
2 Display warning message and require OK to continue
Sensitive-not an inpatient and not a DG SENSITIVITY key
holder or not an employee and not a DG SECURITY OFFICER key
holder
3 Access to record denied
Accessing own Patient (#2) file record
4 Access to Patient (#2) file records denied
User's SSN not defined in New Person (#200) file
RESULT(2-10)=error message or warning/Privacy Act message

If RESULT(1)=1, an entry is added or updated to the DG SECURITY LOG (#38.1)
file.

If RESULT(1)=2 and user acknowledges they wish to access the restricted
record, the calling application should call NOTICE^DGSEC4 to update DG
Security Log (#38.1) file and generate the Sensitive Record Access mail
message.

VARIABLES	TYPE	VARIABLES DESCRIPTION
RESULT	Output	The first parameter contains the name of the output array.
DFN	Input	DFN = Patient (#2) file IEN
DGMSG	Input	DGMSG = 1 - if message should be generated when a user's SSN is undefined. 0 - message will not be generated If not defined, defaults to 1.
DGOPT	Input	DGOPT is an optional variable containing the option name ^ menu text. If not defined, OP^XQCHK attempts to identify the option name. UNKNOWN will be entered in the DG Security Log file if option name not passed to call or not identified by OP^XQCHK.

NOTICE

This entry point adds or updates an entry to the DG
SECURITY LOG (#38.1) file and optionally generate the sensitive record access
bulletin depending on the value in the ACTION input parameter.  If ACTION
parameter is not defined, defaults to update DG Security Log file and generate
Sensitive Record Access mail message.

VARIABLES	TYPE	VARIABLES DESCRIPTION
RESULT	Output	RESULT=1 - Added/updated entry and generated sensitive record access msg 0 - unsuccessful
DFN	Input	DFN is a required parameter containing the Patient (#2) file IEN.
DGOPT	Input	DGOPT is an optional parameter containing the Option Name^Menu Text. If not defined, OP^XQCHK attempts to identify the option name. UNKNOWN will be entered in the DG SECURITY LOG file if option name not passed to call or not identified by OP^XQCHK.
ACTION	Input	ACTION = 1 - Set DG Security Log entry 2 - Generate Sensitive Record Access bulletin 3 - Both This is an optional parameter. If not defined, defaults to 3.