1 Reply Latest reply: May 28, 2010 1:11 PM by Jerry Somsen RSS

    HIPPA Requirements

       

      We know that Qlikview is a great means for people to have what they need when they need it to perform their work. Part of the ability to perform their work is investigation on specific data points which may be patient specific information. In our report structure in QlikView, we do have the ability for a report user to see patient names and drill down on specific details for the report.

      In keeping with the HIPAA requirements for minimal necessary disclosure and job related need to know appropriate access, have any of the health care users on this list serve found a mechanism to secure or limit access to only the patient names they should see for their part of the business vs. all patients in the service area (ie all floors of the hospital) ?. As well, how do you track access to patient specific information within the product?

      We have looked into Section Access which will not work for us.



        • HIPPA Requirements
          Jerry Somsen

          There are many ways in which to accomplish this task, but we use loop and reduce through the QV publisher. As we are a payor, we create a Security Group field in Qlikview that authorizes people to see certain clients. A unique document is created for each group and we us AD permissions to allow individuals to look at the limited data.

          The only con to this is that you need a seperate analytic for each Security Group on your accesspoint. Depending on the number of "Security Groups" you have and your server size, this may be a limiting factor.

          We also scramble certain fields based on the Security Group with a marco.

          All in all, we are very happy with QlikViews ability to deal with HIPAA requirements in our organization.

          JS