Comprehensive management of the access to the electronic patient record: towards trans-institutional networks.

BACKGROUND: A system ensuring tight control access is used since 5 years at the University Geneva Hospitals (HUG) over a four campuses health care system with ambulatory care settings behaving like a small community care network. Access to identified clinical information is limited to care providers that have a therapeutic relationship with the patient and to those data needed for that relation. The same policy applies to administrative or scientific research accesses. This paper presents how the HUG met the challenging goal of protecting patient privacy within regulatory limits while keeping the system operational in terms of use and management. SOLUTION: The main characteristics of the system are: (a) an institution-wide policy for access rights to the computerized patient record; (b) an institutional management of the contracts of the collaborators; (c) access profiles based on application-independent, fine-grained access rights; (d) a decentralized attribution of profession-specific access profiles; (e) a complete, centralized log of all accesses to the clinical information system; and (f) a decentralized verification of the accesses. Many of these characteristics can be maintained when evolving towards a trans-institutional computerized patient record, but new constraints need to be taken into account.