[feature request]Permission on Custom Fields [feature request]Permission on Custom Fields
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

[feature request]Permission on Custom Fields

Started by chlee, October 30, 2003, 04:22:39 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

chlee

Is it possible to set permission on custom fields and hide them from unauthorized users. I need these fields to store patients' id and names (something might violet patients' privacy) and reserve it for search by power users only.

hyperion

"Then, Fletch," that bright creature said to him, and the voice was very kind, "let's begin with level flight . . . ."

-Richard Bach, Jonathan Livingston Seagull

(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Fwww.mozilla.org%2Fproducts%2Ffirefox%2Fbuttons%2Fgetfirefox_small.png&hash=9f6d645801cbc882a52f0ee76cfeda02625fc537)

chlee

It is on internet. We got several hospitals using the same image database.

Joachim Müller

hm, I don't know where you're located and what laws apply in your country on confidential patient's data, but I doubt this would be a good idea, even if the custom fields where somehow protected. If you're using coppermine for this purpose only, I recommend "triple security" using
  • the built-in security of coppermine (album not visible to the public at all, no user registration, only admin can register new users)
  • password protection of the whole coppermine install by the webserver authentification tools (password protection with .htaccess)
  • transport on a more secure channel (https)[/list:u]GauGau

chlee

Thanks for advice. Alreadly in https and set all albums to be private. Registeration by admin only.
I am setting up mod_auth_mysql and mod_perl for CPAN; also considering to use mod_access to limit IP access.

gtroll

Who would get access to the names etc of the patients in the custom fields? It might be better to enter the "names and addresses" as a number, store that number as the key to another db that the public does not have access to, with the names and addresses.
You could then write an custom admin app that could query both db's for reports....

I dont think anything in the same db is foolproof, and not for Medical Privacy standards.

chlee

Actually, there is no privacy information on it except the chart number (with slight transformation from original chart number) I want to hide in one custom field for these images. These images are teaching materials for our training fellow doctors, not for business usage.

However, I think gaugau is right, sometimes we might failed to erase all the id information on a chest film if the image provider is not careful enough. And we might get in trouble with such things. A more solid secuirity should be a better policy.