From OpenEMR Project Wiki
VISOLVE>> The purpose of this feature is to make sure that the patient information should not be modified or destroyed because this may lead to some improper medical decisions. For ex, the encounter or the prescription info should not get altered. HIPAA suggests using "checksums" or "digital signatures" to monitor and control these problems.
This applies equally to:
- Encounter data
- Computerized Physician Order Entry (CPOE)
Sam Bowen: "Clearly, our logging needs serious improvement. That is what started the security discussion with Justin Doiel and Fred Trotter. Justin and I were discussing using an md5 digest in the log to prove that encounter had not been tampered with. We wanted to sign the md5sum, and date time stamp with a CACert.org public key which could be verified in court that the record has not been altered. Or conversely, in Justin's case, to prove that the record had been altered intentionally. (Not all of his practitioners are as honest as we all assume). The practitioners are not very good at cheating the system. When audited the entire group receives sever legal attention from their state regulators. He wants a tool to be able to keep his practitioners honest in a proactive way. "