forum.coppermine-gallery.net

No Support => Feature requests => Topic started by: chlee on October 30, 2003, 04:22:39 pm

Title: [feature request]Permission on Custom Fields
Post by: chlee on October 30, 2003, 04:22:39 pm
Is it possible to set permission on custom fields and hide them from unauthorized users. I need these fields to store patients' id and names (something might violet patients' privacy) and reserve it for search by power users only.
Title: [feature request]Permission on Custom Fields
Post by: hyperion on October 30, 2003, 05:21:52 pm
Is this on an intranet or internet?
Title: [feature request]Permission on Custom Fields
Post by: chlee on October 30, 2003, 11:10:39 pm
It is on internet. We got several hospitals using the same image database.
Title: [feature request]Permission on Custom Fields
Post by: Joachim Müller on October 31, 2003, 05:17:33 am
hm, I don't know where you're located and what laws apply in your country on confidential patient's data, but I doubt this would be a good idea, even if the custom fields where somehow protected. If you're using coppermine for this purpose only, I recommend "triple security" using
Title: [feature request]Permission on Custom Fields
Post by: chlee on November 01, 2003, 08:36:02 am
Thanks for advice. Alreadly in https and set all albums to be private. Registeration by admin only.
I am setting up mod_auth_mysql and mod_perl for CPAN; also considering to use mod_access to limit IP access.
Title: [feature request]Permission on Custom Fields
Post by: gtroll on November 01, 2003, 09:27:31 am
Who would get access to the names etc of the patients in the custom fields? It might be better to enter the "names and addresses" as a number, store that number as the key to another db that the public does not have access to, with the names and addresses.
You could then write an custom admin app that could query both db's for reports....

I dont think anything in the same db is foolproof, and not for Medical Privacy standards.
Title: [feature request]Permission on Custom Fields
Post by: chlee on November 01, 2003, 11:45:25 am
Actually, there is no privacy information on it except the chart number (with slight transformation from original chart number) I want to hide in one custom field for these images. These images are teaching materials for our training fellow doctors, not for business usage.

However, I think gaugau is right, sometimes we might failed to erase all the id information on a chest film if the image provider is not careful enough. And we might get in trouble with such things. A more solid secuirity should be a better policy.