Print Page as PDF
Security/Sensitive Record access ICR (3027)

Security/Sensitive Record access    ICR (3027)

Name Value
NUMBER 3027
IA # 3027
DATE CREATED 2000/01/31
CUSTODIAL PACKAGE REGISTRATION
USAGE Supported
TYPE Routine
DBIC APPROVAL STATUS APPROVED
ROUTINE DGSEC4
NAME Security/Sensitive Record access
GENERAL DESCRIPTION 
This integration agreement provides 2 entry points in
DGSEC4:

PTSEC^DGSEC4 determines if patient's record is sensitive or if user is
accessing his/her own Patient (#2) file record.

NOTICE^DGSEC4 adds or updated the DG Security Log (#38.1) file and optionally
generates the Sensitive Record Access mail message.
STATUS Active
ID DGSEC4
COMPONENT/ENTRY POINT
COMPONENT/ENTRY POINT COMPONENT DESCRIPTION VARIABLES
PTSEC 
This entry point will:
- verify user is not accessing his/her own PATIENT (#2) file record if
Restrict Patient Record Access parameter in the MAS Parameter (#43) file is
yes.
- determine if record is sensitive
- determine if patient's primary eligibility code is Employee.

The following array is returned:

RESULT(1)= -1 API failed
Required variable not defined
0 No display and no action required
Not an employee, not a sensitive record and user is not
accessing his/her own Patient (#2) file record.
1 Display warning message
Sensitive-inpatient or a DG SENSITIVITY key holder
or an Employee and a DG SECURITY OFFICER key holder
2 Display warning message and require OK to continue
Sensitive-not an inpatient and not a DG SENSITIVITY key
holder or not an employee and not a DG SECURITY OFFICER key
holder
3 Access to record denied
Accessing own Patient (#2) file record
4 Access to Patient (#2) file records denied
User's SSN not defined in New Person (#200) file
RESULT(2-10)=error message or warning/Privacy Act message

If RESULT(1)=1, an entry is added or updated to the DG SECURITY LOG (#38.1)
file.

If RESULT(1)=2 and user acknowledges they wish to access the restricted
record, the calling application should call NOTICE^DGSEC4 to update DG
Security Log (#38.1) file and generate the Sensitive Record Access mail
message.
VARIABLES TYPE VARIABLES DESCRIPTION
RESULT Output 
The first parameter contains the name of the output
array.
DFN Input 
DFN = Patient (#2) file IEN
DGMSG Input 
DGMSG = 1 - if message should be generated when a
user's SSN is undefined.
0 - message will not be generated

If not defined, defaults to 1.
DGOPT Input 
DGOPT is an optional variable containing the option
name ^ menu text.  If not defined, OP^XQCHK attempts to identify the option
name.  UNKNOWN will be entered in the DG Security Log file if option name not
passed to call or not identified by OP^XQCHK.
NOTICE 
This entry point adds or updates an entry to the DG
SECURITY LOG (#38.1) file and optionally generate the sensitive record access
bulletin depending on the value in the ACTION input parameter.  If ACTION
parameter is not defined, defaults to update DG Security Log file and generate
Sensitive Record Access mail message.
VARIABLES TYPE VARIABLES DESCRIPTION
RESULT Output 
RESULT=1 - Added/updated entry and generated
sensitive record access msg
0 - unsuccessful
DFN Input 
DFN is a required parameter containing the Patient
(#2) file IEN.
DGOPT Input 
DGOPT is an optional parameter containing the Option
Name^Menu Text.  If not defined, OP^XQCHK attempts to identify the option
name.  UNKNOWN will be entered in the DG SECURITY LOG file if option name not
passed to call or not identified by OP^XQCHK.
ACTION Input 
ACTION = 1 - Set DG Security Log entry
2 - Generate Sensitive Record Access bulletin
3 - Both

This is an optional parameter.  If not defined, defaults to 3.