Record opening

Rather than trying to deal with objects having multiple access control lists, we will assume that there are multiple records. A patient might for example have:

• a general record open to all the clinicians in the practice;
• a highly sensitive record of a treatment for depression which is only open to his GP;
• a record of heart disease open to all casualty staff, a summary of which might be carried on an emergency medical card.

This is logically equivalent to having a record with three different fields each with its own access control list. However is much simpler for us to deal with.

So the clinician may open a new record when an existing patient wishes to discuss something highly sensitive, or when a new patient registers with her, or when a patient is referred from elsewhere. The access control list on a new record is as follows:

Principle 2: A clinician may open a record with herself and the patient on the access control list. Where a patient has been referred, she may open a record with herself, the patient and the referring clinician(s) on the access control list.