...
- Data Privacy needs are contextual including security options
- Option to enable Consent is likely to be needed as a system feature
OpenIMIS data privacy
The data is saved on the file system of the web server (photo of the insured persons) and in the database, which makes it accessible to users only via openIMIS solutions:
- Applications can download non-personal data (hospital list, etc.) only after identification, and can search for personal information only after authentication. These data are limited by the geographical area to which the user has access
- The web portal allows access and modification of personal and health data only for users the rights for these actions, the rights are configurable by the system administrator.
- APIs allow other systems to access the data, the management of rights is done according to the rights associated with the identifier used by the external system.
Server administrators have access to the data through direct access to the computer system (necessary for problem resolution)
System administrators can export data in order to reload them in an offline instance of openIMIS, these exports are protected by a password chosen when exporting.