Home   Package List   Routine Alphabetical List   Global Alphabetical List   FileMan Files List   FileMan Sub-Files List   Package Component Lists   Package-Namespace Mapping  
Routine: DGSEC4

DGSEC4.m

Go to the documentation of this file. 
  1. DGSEC4 ;ALB/MM,JAP - Utilities for record access & sensitive record processing;10/6/99 ; 10/26/05 12:46pm
  1.  ;;5.3;Registration;**249,281,391,471,684,699,1004,1005,1009,1011,1013,1015**;Aug 13, 1993;Build 21
  1.  ;
  1.  ;IHS/ANMC/LJF  8/31/2001 changed warning message text
  1.  ;              1/04/2002 if in log as non-sensitive, track anyway
  1.  ;IHS/ITSC/WAR  3/17/2005 Fix dealing with calls from other apps/pkgs
  1.  ;IHS/OIT/LJF  11/03/2005 PATCH 1004 moved message code to IHS routine
  1.  ;             01/06/2006 PATCH 1005 accounted for tracking all patients (IHS feature)
  1.  ;             08/31/2007 PATCH 1008 added code for user with restircted access to some patients
  1.  ;Line tags OWNREC & SENS moved from DGSEC in DG*5.3*249 when DGSEC 
  1.  ;reached the maximum routine size.
  1.  ;
  1. PTSEC(RESULT,DFN,DGMSG,DGOPT) ;RPC/API entry point for patient sensitive & record access checks
  1.  ;Output array (Required)
  1.  ;    RESULT(1)= -1-RPC/API failed
  1.  ;                  Required variable not defined
  1.  ;                0-No display/action required
  1.  ;                  Not accessing own, employee, or sensitive record
  1.  ;                1-Display warning message
  1.  ;                  Sensitive and DG SENSITIVITY key holder
  1.  ;                  or Employee and DG SECURITY OFFICER key holder
  1.  ;                2-Display warning message/require OK to continue
  1.  ;                  Sensitive and not a DG SENSITIVITY key holder
  1.  ;                  Employee and not a DG SECURITY OFFICER key holder
  1.  ;                3-Access to record denied
  1.  ;                  Accessing own record
  1.  ;                4-Access to Patient (#2) file records denied
  1.  ;                  SSN not defined
  1.  ;   RESULT(2-10) = error or display messages
  1.  ;
  1.  ;Input parameters: DFN = Patient file entry (Required)
  1.  ;                  DGMSG = If 1, generate message (optional)
  1.  ;                  DGOPT  = Option name^Menu text (Optional)
  1.  ;
  1.  K RESULT
  1.  I $G(DFN)="" D  Q
  1.  .S RESULT(1)=-1
  1.  .S RESULT(2)="Required variable missing."
  1.  ;
  1.  ;IHS/OIT/LJF 08/31/2007 PATCH 1008
  1.  ;S DGMSG=$G(DGMSG)
  1.  S DGMSG=$G(DGMSG,1)
  1.  I $$STATUS^BDGSPT2(DUZ,DFN,1)["RESTRICTED ACCESS" D  Q
  1.  .S RESULT(1)=5 Q:DGMSG'=1
  1.  .S RESULT(2)="Sorry, you are restricted from accessing this patient's record."
  1.  .S RESULT(3)="If you have questions, please contact your HIM department."
  1.  ;end of PATCH 1008 code
  1.  ;
  1.  S DGMSG=$G(DGMSG)
  1.  D OWNREC(.RESULT,DFN,$G(DUZ),DGMSG)
  1.  I RESULT(1)=1 S RESULT(1)=3 Q
  1.  I RESULT(1)=2 S RESULT(1)=4 Q
  1.  K RESULT
  1.  D SENS(.RESULT,DFN,$G(DUZ))
  1.  ;
  1.  ;IHS/OIT/LJF 01/06/2006 PATCH 1005 account for tracking all patients
  1.  ;I RESULT(1)=1 D
  1.  I (RESULT(1)=1)!(RESULT(1)=0) D
  1.  .I (RESULT(1)=0)&($$GET1^DIQ(43,1,9999999.01)'="YES")&('$P($G(^DGSL(38.1,+DFN,0)),U,2)) Q  ;cmi/maw 1/26/2010 PATCH 1011
  1.  .;
  1.  .I $G(DUZ)="" D  Q
  1.  ..;DUZ must be defined to access sensitive record & update DG Security log
  1.  ..S RESULT(1)=-1
  1.  ..S RESULT(2)="Your user code is undefined.  This must be defined to access a restricted patient record."
  1.  .D SETLOG1^DGSEC(DFN,DUZ,,$G(DGOPT))
  1.  Q
  1. NOTICE(RESULT,DFN,DGOPT,ACTION) ;RPC/API entry point for log entry and message generation
  1.  ;Input parameters:  
  1.  ;  DFN    = Patient file DFN
  1.  ;  DGOPT  = Option name^Menu text (Optional)
  1.  ;  ACTION = 1 - Set DG Security Log entry, 2 - Generate mail 
  1.  ;           message, 3 - Both (Optional - Defaults to both)
  1.  ;
  1.  ;Output:  RESULT = 1 - DG Security Log updated and/or Sensitive Record msg sent (Determined by ACTION value)
  1.  ;                  0 - Required variable undefined
  1.  ;
  1.  I $G(DFN)="" S RESULT=0 Q
  1.  I $G(DUZ)="" S RESULT=0 Q
  1.  S DGOPT=$G(DGOPT)
  1.  I $G(ACTION)="" S ACTION=3
  1.  I ACTION'=1 D BULTIN1^DGSEC(DFN,DUZ,DGOPT)
  1.  I ACTION'=2 D SETLOG1^DGSEC(DFN,DUZ,,DGOPT)
  1.  S RESULT=1
  1.  Q
  1.  ;
  1. OWNREC(DGREC,DFN,DGDUZ,DGMSG,DGNEWPT,DGPTSSN) ;Determine if user accessing his/her own Patient file (#2) record
  1.  ;Input:
  1.  ; DGREC - Array name passed by reference
  1.  ; DFN - Patient (#2) file IEN
  1.  ; DGDUZ - New Person (#200) file IEN (Not required. If not sent will return 0.)
  1.  ; DGMSG - If 1, generate message (Optional) Will default to 1
  1.  ; DGNEWPT - Set to 1 when adding a new entry to the Patient file
  1.  ; DGPTSSN - new patient's SSN
  1.  ;   DGNEWPT & DGPTSSN parameters only defined if DPTLK is adding
  1.  ;   a new Patient (#2) file entry  
  1.  ;
  1.  ;Output:
  1.  ; DGREC(1)=0 - Not attempting to access own Patient (#2) file record, 
  1.  ;            DUZ not defined, RESTRICT PATIENT RECORD ACCESS parameter
  1.  ;            in MAS Parameters (#43) file not set to yes, or user holds
  1.  ;            DG RECORD ACCESS security key.
  1.  ;         =1 - Attempting to access own Patient file record
  1.  ;         =2 - SSN undefined
  1.  ;         =-1 - Required variable not defined.
  1.  ; Other nodes in array will contain error message text.
  1.  ;
  1.  ;DFN required
  1.  I '$D(DFN),($G(DGNEWPT)'=1) D  Q
  1.  .S DGREC(1)=-1
  1.  .S DGREC(2)="DFN not defined."
  1.  S DGREC(1)=0
  1.  ;Check if parameter is on
  1.  I +$P($G(^DG(43,1,"REC")),U)=0 Q
  1.  N DGNPSSN
  1.  ;I $D(DUZ)=0 Q
  1.  I (+$G(DGDUZ))<1 Q
  1.  ;Check if user holds security key
  1.  I $D(^XUSEC("DG RECORD ACCESS",DGDUZ)) Q
  1.  I $G(DGMSG)="" S DGMSG=1
  1.  N DGNPERR
  1.  ; quit if user is a proxy user, i.e., not a real person
  1.  I $$ACTIVE^XUSAP(DGDUZ),$$USERTYPE^XUSAP(DGDUZ,"CONNECTOR PROXY")!($$USERTYPE^XUSAP(DGDUZ,"APPLICATION PROXY")) Q
  1.  S DGNPSSN=$$GET1^DIQ(200,DGDUZ_",",9,"I","","DGNPERR")
  1.  I 'DGNPSSN D  Q
  1.  .S DGREC(1)=2
  1.  .S DGREC(2)="Your SSN is missing from the NEW PERSON file.  Contact your ADP Coordinator."
  1.  .;Only send message if parameter set to 1
  1.  .I DGMSG=1 D MSG(DGDUZ)
  1.  I +$G(DGNEWPT)'=1 S DGPTSSN=$P($G(^DPT(DFN,0)),U,9)
  1.  I +$G(DGNEWPT)=1 S DGPTSSN=$TR(DGPTSSN,"-","")
  1.  I DGNPSSN=DGPTSSN D  Q
  1.  .S DGREC(1)=1
  1.  .S DGREC(2)="Security regulations prohibit computer access to your own medical record."
  1.  Q
  1. MSG(DGDUZ) ;Send Missing SSN in New Person file message to mailgroup
  1.  ;Input:  DGDUZ - New Person (#200) file IEN (Required)
  1.  ;
  1.  N DGNPERR,DGNPNAME,DGTEXT,XMCHAN,XMDUZ,XMSUB,XMTEXT,XMY,XMZ
  1.  S DGNPNAME=$$GET1^DIQ(200,DGDUZ_",",.01,"","DGNPERR")
  1.  S XMSUB="MISSING SSN IN NEW PERSON FILE"
  1.  S DGTEXT(1)="The following NEW PERSON record does not contain a Social Security Number."
  1.  S DGTEXT(2)="This is required to access PATIENT file entries."
  1.  S DGTEXT(3)=""
  1.  S DGTEXT(4)=$S(DGNPNAME'="":DGNPNAME,1:"UNKNOWN")
  1.  S DGTEXT(5)="NEW PERSON (#200) File Internal Entry Number (DUZ):  "_+DGDUZ
  1.  S DGTEXT(6)=""
  1.  S DGTEXT(7)="This message has been sent to DG MISSING NEW PERSON SSN mail group."
  1.  S DGTEXT(8)="Please take appropriate action."
  1.  S XMTEXT="DGTEXT("
  1.  S XMDUZ=$S(DGNPNAME'="":DGNPNAME,1:.5)
  1.  S XMY("G.DG MISSING NEW PERSON SSN")=""
  1.  S XMCHAN=1
  1.  D ^XMD
  1.  Q
  1. SENS(DGSENS,DFN,DGDUZ,DDS,DGSENFLG) ;Determine if sensitive record
  1.  ;Input:
  1.  ;  DGSENS - Array name passed by reference
  1.  ;  DFN - Patient (#2) file IEN (Required)
  1.  ;  DGDUZ - New Person (#200) file IEN
  1.  ;  DDS - Screenman variable
  1.  ;  DGSENFLG - If defined, patient record sensitivity not checked
  1.  ;
  1.  ;Output:
  1.  ;  DGSENS(1)=0 - Record is not sensitive or DGSENFLG set
  1.  ;           =1 - Sensitive record and user holds DG SENSITIVITY key
  1.  ;              - Employee and user holds DG SECURITY OFFICER key
  1.  ;           =2 - Sensitive record and user does not hold key
  1.  ;              - Employee and user does not hold key
  1.  ;           =-1 - Required input variable not defined
  1.  ;  If 1, 2 or -1, array will contain error/display message
  1.  ;
  1.  N DGMSG,DGA1,DG1,DGDATE,DGLNE,DGT,DGTIME,DGEMPLEE
  1.  ;Patient file DFN must be defined.
  1.  I '$D(DFN) D  Q 
  1.  .S DGSENS(1)=-1
  1.  .S DGSENS(2)="DFN not defined."
  1.  S DGSENS(1)=0
  1. AUDIT I DFN>0,$$GET^XPAR("ALL","DI AUDIT PATIENT LOOKUPS") D ACCESSED^DIET(2,DFN)  ;ihs/cmi/maw 3/7/2011 added for certification via Medsphere
  1.  I $D(DGSENFLG) Q
  1.  ;Determine if patient is employee
  1.  S DGEMPLEE=$$EMPL(DFN)
  1.  ;Quit if not an employee & not found in DG Security Log file
  1.  I 'DGEMPLEE,('$D(^DGSL(38.1,+DFN,0))) Q
  1.  ;Quit if not an employee and not flagged as sensitive
  1.  I 'DGEMPLEE,($P($G(^DGSL(38.1,+DFN,0)),U,2)'=1) Q
  1.  ;DUZ & user name must be defined
  1.  S DGMSG=$S('$G(DGDUZ):"user code",'$D(^VA(200,DGDUZ,0)):"user name",1:"")
  1.  I DGMSG'="" D  Q
  1.  .S DGSENS(1)=-1
  1.  .S DGSENS(2)="Your "_DGMSG_" is undefined.  This must be defined to access"
  1.  .S DGSENS(3)=" a restricted patient record."
  1.  S DGSENS(1)=1
  1.  ;Inpatient check - no longer used (kept for future reference)
  1.  ;D H^DGUTL S DGT=DGTIME D ^DGPMSTAT
  1.  S DGSENS(2)="***WARNING***"
  1.  I $G(DDS)'="" S DGSENS(2)=DGSENS(2)_"  ***RESTRICTED RECORD***"
  1.  I $G(DDS)="" S DGSENS(3)="***RESTRICTED RECORD***"
  1.  I DGEMPLEE,('$D(^XUSEC("DG SECURITY OFFICER",+$G(DGDUZ)))) D  Q
  1.  .S DGSENS(1)=2
  1.  .D PRIV
  1.  I '$D(^XUSEC("DG SENSITIVITY",+$G(DGDUZ))) D
  1.  .S DGSENS(1)=2
  1.  .D PRIV
  1.  Q
  1. PRIV ;Privacy Act statement for DGSENS array
  1.  S $P(DGLNE,"* ",38)=""
  1.  I $G(DDS)="" S DGSENS(4)=DGLNE
  1.  ;S DGSENS(5)="* This record is protected by the Privacy Act of 1974 and the Health    *"
  1.  ;S DGSENS(6)="* Insurance Portability and Accountability Act of 1996. If you elect    *"
  1.  ;S DGSENS(7)="* to proceed, you will be required to prove you have a need to know.    *"
  1.  ;S DGSENS(8)="* Accessing this patient is tracked, and your station Security Officer  *"
  1.  ;S DGSENS(9)="* will contact you for your justification.                              *"
  1.  ;IHS/OIT/LJF 11/03/2005 PATCH 1004 call IHS rtn to build message array
  1.  D MSG^BDGSECU
  1.  ;S DGSENS(5)="* This record is protected by the Privacy Act of 1974. If you elect     *"
  1.  ;S DGSENS(6)="* to proceed, you will be required to prove you have a need to know.    *"
  1.  ;
  1.  ;IHS/ANMC/LJF 8/31/2001 changed message text         
  1.  ;S DGSENS(7)="* Accessing this patient is tracked, and your station Security Officer  *"
  1.  ;S DGSENS(8)="* will contact you for your justification.                              *"
  1.  ;S DGSENS(7)="* Accessing this patient is tracked.  The assigned Sensitive Patient    *"
  1.  ;S DGSENS(8)="* Tracking monitor will contact you for your justification.             *"
  1.  ;IHS/ANMC/LJF 8/31/2001 end of mods
  1.  ;IHS/OIT/LJF 11/03/2005 end of new mod
  1.  ;
  1.  I $G(DDS)="" S DGSENS(10)=DGLNE
  1.  Q
  1. EMPL(DFN,DGCHELIG) ;Does patient have any eligibility codes equal to
  1.  ;                EMPLOYEE
  1.  ;Input:
  1.  ;       DFN - Patient (#2) file IEN (required).
  1.  ;  DGCHELIG - Flags to determine mode of execution (optional).
  1.  ;             Value of the parameter can contain any combination
  1.  ;             of the following characters:
  1.  ;               "P" - check primary eligibility code
  1.  ;               "S" - check secondary eligibility codes
  1.  ;
  1.  ;             If this parameter is either not defined or set to an
  1.  ;             illegal value, the value of "PS" will be assumed.
  1.  ;Output:
  1.  ;         1 - Patient has EMPLOYEE as an eligibility code
  1.  ;         0 - Patient doesn't have EMPLOYEE as an eligibility code
  1.  ;
  1.  ;Notes: EMPLOYEE is entry 14 in the MAS ELIGIBILITY CODE file (#8.1)
  1.  N DGELIG,DGEMPLEE
  1.  S DGEMPLEE=0
  1.  I $G(DGCHELIG)'["P",$G(DGCHELIG)'["S" S DGCHELIG="PS"
  1.  ;Check primary eligibility
  1.  I DGCHELIG["P" D
  1.  .S DGELIG=+$G(^DPT(DFN,.36))
  1.  .I $D(^DIC(8,"D",14,DGELIG)) S DGEMPLEE=1
  1.  ;Check secondary eligibilities (if needed)
  1.  I DGCHELIG["S",'DGEMPLEE D
  1.  .S DGELIG=0
  1.  .F  S DGELIG=+$O(^DPT("AEL",DFN,DGELIG)) Q:'DGELIG  I $D(^DIC(8,"D",14,DGELIG)) S DGEMPLEE=1 Q
  1.  Q DGEMPLEE