<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://ohcnwiki.tellmey.fyi/index.php?action=history&amp;feed=atom&amp;title=Deployment%2FSecurity%2FPrivacy_and_data_protection</id>
	<title>Deployment/Security/Privacy and data protection - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://ohcnwiki.tellmey.fyi/index.php?action=history&amp;feed=atom&amp;title=Deployment%2FSecurity%2FPrivacy_and_data_protection"/>
	<link rel="alternate" type="text/html" href="https://ohcnwiki.tellmey.fyi/index.php?title=Deployment/Security/Privacy_and_data_protection&amp;action=history"/>
	<updated>2026-07-06T05:20:11Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.45.4</generator>
	<entry>
		<id>https://ohcnwiki.tellmey.fyi/index.php?title=Deployment/Security/Privacy_and_data_protection&amp;diff=415&amp;oldid=prev</id>
		<title>Admin: Add Navbox deployment template before Related (via update-page on MediaWiki MCP Server)</title>
		<link rel="alternate" type="text/html" href="https://ohcnwiki.tellmey.fyi/index.php?title=Deployment/Security/Privacy_and_data_protection&amp;diff=415&amp;oldid=prev"/>
		<updated>2026-07-06T04:04:20Z</updated>

		<summary type="html">&lt;p&gt;Add Navbox deployment template before Related (via update-page on MediaWiki MCP Server)&lt;/p&gt;
&lt;table style=&quot;background-color: #fff; color: #202122;&quot; data-mw=&quot;interface&quot;&gt;
				&lt;col class=&quot;diff-marker&quot; /&gt;
				&lt;col class=&quot;diff-content&quot; /&gt;
				&lt;col class=&quot;diff-marker&quot; /&gt;
				&lt;col class=&quot;diff-content&quot; /&gt;
				&lt;tr class=&quot;diff-title&quot; lang=&quot;en&quot;&gt;
				&lt;td colspan=&quot;2&quot; style=&quot;background-color: #fff; color: #202122; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan=&quot;2&quot; style=&quot;background-color: #fff; color: #202122; text-align: center;&quot;&gt;Revision as of 09:34, 6 July 2026&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;
  &lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 76:&lt;/td&gt;
  &lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 76:&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &#039;&#039;&#039;Have a breach-response plan&#039;&#039;&#039; before you need it: how an incident is detected, contained, assessed, and communicated.&lt;/div&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &#039;&#039;&#039;Have a breach-response plan&#039;&#039;&#039; before you need it: how an incident is detected, contained, assessed, and communicated.&lt;/div&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &#039;&#039;&#039;Know your notification obligations&#039;&#039;&#039; — most regimes require notifying the authority and affected individuals within a defined window. Build the contacts and timelines into the plan in advance.&lt;/div&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &#039;&#039;&#039;Know your notification obligations&#039;&#039;&#039; — most regimes require notifying the authority and affected individuals within a defined window. Build the contacts and timelines into the plan in advance.&lt;/div&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot; data-marker=&quot;−&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br /&gt;&lt;/td&gt;
  &lt;td colspan=&quot;2&quot; class=&quot;diff-empty diff-side-added&quot;&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot; data-marker=&quot;−&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;== Next steps ==&lt;/div&gt;&lt;/td&gt;
  &lt;td colspan=&quot;2&quot; class=&quot;diff-empty diff-side-added&quot;&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br /&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br /&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;Pair these practices with the technical controls in [[Deployment/Security/Data security|Data security]], and revisit both whenever your deployment, your data flows, or your regulatory environment changes.&lt;/div&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;Pair these practices with the technical controls in [[Deployment/Security/Data security|Data security]], and revisit both whenever your deployment, your data flows, or your regulatory environment changes.&lt;/div&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td colspan=&quot;2&quot; class=&quot;diff-empty diff-side-deleted&quot;&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot; data-marker=&quot;+&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br /&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td colspan=&quot;2&quot; class=&quot;diff-empty diff-side-deleted&quot;&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot; data-marker=&quot;+&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{Navbox deployment}}&lt;/div&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br /&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br /&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{Related}}&lt;/div&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{Related}}&lt;/div&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;</summary>
		<author><name>Admin</name></author>
	</entry>
	<entry>
		<id>https://ohcnwiki.tellmey.fyi/index.php?title=Deployment/Security/Privacy_and_data_protection&amp;diff=215&amp;oldid=prev</id>
		<title>Admin: OHC identity seed</title>
		<link rel="alternate" type="text/html" href="https://ohcnwiki.tellmey.fyi/index.php?title=Deployment/Security/Privacy_and_data_protection&amp;diff=215&amp;oldid=prev"/>
		<updated>2026-07-04T23:08:36Z</updated>

		<summary type="html">&lt;p&gt;OHC identity seed&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;{{Doc header&lt;br /&gt;
|type=guide&lt;br /&gt;
|domain=deployment&lt;br /&gt;
|title=Privacy and data protection&lt;br /&gt;
|order=2&lt;br /&gt;
}}&lt;br /&gt;
&lt;br /&gt;
The records Care holds — identities, diagnoses, medications, encounters — are among the most sensitive personal data there is. [[Deployment/Security/Data security|Data security]] keeps that data safe from attackers; &amp;#039;&amp;#039;&amp;#039;privacy and data protection&amp;#039;&amp;#039;&amp;#039; govern how you collect, use, share, retain, and give people control over it. Both are required to run an EMR responsibly.&lt;br /&gt;
&lt;br /&gt;
This page is a set of recommendations for operators deploying Care. They are practices, not a compliance certification.&lt;br /&gt;
&lt;br /&gt;
{{Warning|title=Not legal advice|1=The right requirements depend on where you operate and whom you serve. Treat this as a starting point and confirm your specific obligations with qualified legal counsel and your data-protection authority.}}&lt;br /&gt;
&lt;br /&gt;
== 1. Know which regulations apply ==&lt;br /&gt;
&lt;br /&gt;
Before anything else, map the rules that govern your deployment. Health data is specially protected almost everywhere. Common frameworks include:&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;India — [&amp;lt;nowiki/&amp;gt;https://www.meity.gov.in/data-protection-framework Digital Personal Data Protection (DPDP) Act, 2023]&amp;#039;&amp;#039;&amp;#039;, alongside sector rules for health information.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;United States — [&amp;lt;nowiki/&amp;gt;https://www.hhs.gov/hipaa/index.html HIPAA]&amp;#039;&amp;#039;&amp;#039; for protected health information (PHI).&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;EU / EEA — [&amp;lt;nowiki/&amp;gt;https://gdpr.eu/ GDPR]&amp;#039;&amp;#039;&amp;#039;, which treats health data as a special category requiring extra safeguards.&lt;br /&gt;
&lt;br /&gt;
Identify which apply, who the data controller and processors are, and what each regime requires for consent, retention, breach notification, and the rights of the people whose data you hold.&lt;br /&gt;
&lt;br /&gt;
== 2. Establish a lawful basis and capture consent ==&lt;br /&gt;
&lt;br /&gt;
* Process patient data only on a &amp;#039;&amp;#039;&amp;#039;lawful basis&amp;#039;&amp;#039;&amp;#039; (consent, care delivery, legal obligation), and apply &amp;#039;&amp;#039;&amp;#039;purpose limitation&amp;#039;&amp;#039;&amp;#039; — use data only for what it was collected for.&lt;br /&gt;
* Record patient &amp;#039;&amp;#039;&amp;#039;consent&amp;#039;&amp;#039;&amp;#039; explicitly, and make it auditable and revocable. Care models consent as a first-class clinical record — see the [[Consent|Consent concept]] for what it captures and how it is represented.&lt;br /&gt;
* Be transparent: tell patients what is collected, why, who can see it, and how long it is kept.&lt;br /&gt;
&lt;br /&gt;
== 3. Minimize and retain deliberately ==&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Collect only what you need.&amp;#039;&amp;#039;&amp;#039; Every extra field is extra risk; avoid capturing data you have no clear use for.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Define retention and deletion policies.&amp;#039;&amp;#039;&amp;#039; Decide how long each class of data is kept and on what basis, then enforce it — archive or purge data that is past its retention window rather than keeping it indefinitely.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Plan for deletion requests&amp;#039;&amp;#039;&amp;#039; so a record can be removed or anonymized when a patient withdraws consent or the law requires it.&lt;br /&gt;
&lt;br /&gt;
== 4. Control and govern access ==&lt;br /&gt;
&lt;br /&gt;
Privacy depends on the right people — and only the right people — seeing each record.&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Enforce role-based access control and least privilege.&amp;#039;&amp;#039;&amp;#039; Grant each user the narrowest role that lets them do their job. Care&amp;#039;s roles and permissions are described under [[Concepts/Access control|Access control]].&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Scope access to the right boundary.&amp;#039;&amp;#039;&amp;#039; Care structures access around [[Organization|organizations]] and [[Concepts/Facility organization|facility organizations]]; use them so users only reach the patients and facilities they are responsible for.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Review access regularly&amp;#039;&amp;#039;&amp;#039; and revoke it promptly when roles change or people leave.&lt;br /&gt;
&lt;br /&gt;
== 5. Make access auditable and accountable ==&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Log access to patient data&amp;#039;&amp;#039;&amp;#039; — who viewed or changed which record, and when — and retain those logs so access can be reviewed and investigated.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Name an accountable owner&amp;#039;&amp;#039;&amp;#039; (a data protection officer or equivalent) responsible for privacy in your deployment.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Keep records of processing&amp;#039;&amp;#039;&amp;#039;: what data you hold, why, where it lives, and who it is shared with.&lt;br /&gt;
&lt;br /&gt;
== 6. Honor patient rights ==&lt;br /&gt;
&lt;br /&gt;
Most data-protection regimes give people rights over their own data. Have a documented process to service requests for:&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Access&amp;#039;&amp;#039;&amp;#039; — a copy of the data you hold about them.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Correction&amp;#039;&amp;#039;&amp;#039; — fixing inaccurate records.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Erasure&amp;#039;&amp;#039;&amp;#039; — deletion or anonymization where applicable.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Portability&amp;#039;&amp;#039;&amp;#039; — their data in a usable, machine-readable form.&lt;br /&gt;
&lt;br /&gt;
Define who handles these requests, how identity is verified, and the timeline you commit to.&lt;br /&gt;
&lt;br /&gt;
== 7. De-identify data for secondary use ==&lt;br /&gt;
&lt;br /&gt;
Analytics, dashboards, research, and model training rarely need identifiable patient data.&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Anonymize or pseudonymize&amp;#039;&amp;#039;&amp;#039; data before it leaves the clinical system for reporting or analytics (for example, dashboards built on Metabase).&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Separate duties&amp;#039;&amp;#039;&amp;#039; so that analytics access does not become a back door to identifiable records.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Minimize exposure&amp;#039;&amp;#039;&amp;#039; — aggregate where possible, and never surface direct identifiers in a context that does not strictly require them.&lt;br /&gt;
&lt;br /&gt;
== 8. Secure the data and the supply chain ==&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Apply the technical controls&amp;#039;&amp;#039;&amp;#039; in [[Deployment/Security/Data security|Data security]] — encryption in transit and at rest, network isolation, encrypted backups, and hardened access paths underpin every privacy commitment here.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Vet third parties.&amp;#039;&amp;#039;&amp;#039; Cloud providers, hosting partners, and any [[Contributing/Plugin system|Care plugins]] that touch patient data are processors — put data-processing agreements in place and do due diligence before trusting them with data.&lt;br /&gt;
&lt;br /&gt;
== 9. Prepare for incidents ==&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Have a breach-response plan&amp;#039;&amp;#039;&amp;#039; before you need it: how an incident is detected, contained, assessed, and communicated.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Know your notification obligations&amp;#039;&amp;#039;&amp;#039; — most regimes require notifying the authority and affected individuals within a defined window. Build the contacts and timelines into the plan in advance.&lt;br /&gt;
&lt;br /&gt;
== Next steps ==&lt;br /&gt;
&lt;br /&gt;
Pair these practices with the technical controls in [[Deployment/Security/Data security|Data security]], and revisit both whenever your deployment, your data flows, or your regulatory environment changes.&lt;br /&gt;
&lt;br /&gt;
{{Related}}&lt;/div&gt;</summary>
		<author><name>Admin</name></author>
	</entry>
</feed>