Wiki Spaces


Get Help from Others

Q&A: Ask OpenMRS
Discussion: OpenMRS Talk
Real-Time: IRC Chat | Slack


Page tree
Skip to end of metadata
Go to start of metadata

The aim of this project

OpenMRS is used by a "group" of clinics and medical practices. These clinicis and medical practices are able to share information following an information sharing protocol for purposes of treatment and-or research.

Medical clinician is granted access via a referral letter by an existing medical clinician with access rights, or by being assigned the patient by medical record administrator during registration. Patients may request access be granted to a clinician by asking a clinician with access rights write a referral letter to their nominated clinician.

All patients are identified by universal ID. (Citizen ID)

Clinicians are identified by universal ID. (Provider ID)

Medical and Medical Research institutions are identified by universal ID. (Institution ID)


Patient presents to their General Practitioner (GP).

In the OpenMRS system used by the GP, any GP working in this GP clinic has read-write-edit permissions, on this patient record. All access, including simple viewing, will be logged.

GP uses OpenMRS to write a referral letter to specialist, selects specialist from a list with Ids attached. The creation and transmission of the referral letter allows specialist to view-copy the patient records of the referred patient held on GP System. 

The specialist will not be using the same OpenMRS system as is used by the GP. The specialist was assigned the patient during the patient record creation process on the system used by the specialist. The specialist has full read-write-edit access to records they create, view-copy access to records created by the GP.

The geographic separation of the OpenMRS systems may be substantial.

Specialist may use OpenMRS to write a referral  letter to second specialist. Second specialist may now view first specialist records for this patient and the patient records held in the GP OpenMRS system for this patient. Permissions follow the referral letter "chain" no matter how long the chain becomes. The geographic distance between specialists may be substantial.

Patient may advise GP they allow their records to be used in medical research. A research institution may then follow the referral letter permissions path to collect data in from all contributing clinicians.

Clinicians may flag, should their patient data be used in research, they wish to be provided with a copy of the report of the research findings.

Special Note: To complete the example, and more fully explain the permission path, say the GP refers a patient with a form of cancer to an Oncologist in an Oncology Department of a large Hospital. After accepting the referral the Oncologist realises a Colleague may well be better suited to assist this patient. There is little point in having the GP write a second referral, the Oncologist deemed better suited will simply "take over" patient care. As they have full access on the oncology OpenMRS System they can view the patient information on the GP OpenMRS, as the two OpenMRS sytems "recognise" each other.

Research Clarification: Where patient data is used anonymously then data maybe used at the clinicians discretion. Clinician may flag they wish to ahve a report of findings. Where the patient maybe contacted, ie identified, then a referral will be written with patient consent by the clinician to the Research Institute. Referral permissions then follow.

Research example questions:

  • incidence of cancers; planning of transportation services for cancer patients
  • the geographical distribution of cancers (mine, power line, or occupational proximity)
  • the change in depression measures with economic /political events 
  • change in diabetes control with exercise levels

Documentation / How-To



Release Notes

In design phase.


This module is being developed by a group of students of the University of Wollongong as part of their degree programme.

It is expected the subject will be undertaken in second half 2012, beginning July, 2012.


  1. I would highly recommend having an option for providers to override this when needed – i.e., warn the provider that their action will be audited and then allow them to access the patient's record.  This will allow you to maintain security under most (normal) circumstances, while keeping your security constraints from delaying appropriate care when there are extreme circumstances and there isn't someone available to grant the permissions through the standard mechanism.

    If the patient is terribly ill and their GP is on holiday or cannot access the system for some other reason and there is another doctor needing access to the chart to provide appropriate, emergent care, you do not want your module to contribute to harming the patient by preventing access to data that might save their life.

    1. Unknown User (amaher)

      Thanks for the Comment Burke,

      Please see comments by Andrew Miller below. Andrew is the clinician working with us on this project.

      Kindest Regards,


  2. Unknown User (bwolfe)

    Can you define "locked" some more in the first sentence? Does that just mean only certain people can see patients? (this would require work and should take Burke's above comment into view)

    Can you define "send a letter to another GP"? Does that send the patients information via hl7 as well? Or does it allow the receiving physician to log into the current system?

    1. Unknown User (amaher)

      Thanks for the Comment Ben,

      Please see reply by Andrew Miller below. Andrew is a clinician working with us on this project.

      Kindest Regards,


  3. Unknown User (aam)

    For scenario:

    1. GP is on holidays, has locum tenens, patient comes to clinic sick
      patient will be assigned by GP-admin to replacement doctor (own clinician-ID) who can do referral to specialist.
    2. GP is on holidays, has NO locum tenens, patient comes to clinic sick
      Firstly, why is clinic even open? But then patient goes to another GP or hospital
      patient will be referred to specialist as already described; patient will be referred to own (on holidays) GP so that own GP can get data later.

    The publishing of data to a PCEHR is a later capability that will establish access on a national level.


    The notion of locked is that read-copy-write permissions will be managed in a discrete way particularly remotely. Don't want GP or specialist messing in the specialist's or GP's system, but they may want to see what is there particularly as part of the initial consultation phase.

    I can't see where it says "send a letter to another GP". The notion is to use the identity of the intended recipient as the way to establish a link between systems so that GP & specialist/s can share data.

  4. Unknown User (bwolfe)

    Access logging can be done by a separate module, like the accesslogging module perhaps? (smile) (unless thats been replaced by something else by now)

    There are many units of work inherent in this, such as an admin screen to set up the list of providers and what those providers' systems are. And then how to send data to those systems.

    Typically a provider within one openmrs instance has rights over everyone. The data-level permissions that happen here are just inter-openmrs communications.

    Do you see data being continually streamed? What if GP in openmrs X refers page records over to openmrs Y. The specialist at openmrs Y sees all current data about the patient. When the GP adds another encounter for the patient, does that get sent to openmrs Y automatically? Or does openmrs Y have to re-request it?

    1. Unknown User (amaher)

      Thanks Ben,

      Looking at the modules I found the logging module has been replaced with 

      Usage Statistics Module

      So this has three sections of the over project:


      Current Modules

      Custom Module(s)

      The stats module above is in the current modules category.

      My understanding is the custom modules will be:

      referral handling, including the referral list of clinicians, generation of referral letters, generation of unique ids for referrals, used to identify the remote OpenMRS system connection.

      "linking" the openmrs systems to allow inter openmrs access, this is not expected to be a "live" link. The specialist will need to "return" to view any updated notes. The "remote openmrs" system would be returned in an iframe so the local user can access it and their own system without any "intersystem" issues. 

      I'll get Andrew to comment.

    2. Unknown User (aam)

      "Typically a provider within one openmrs instance has rights over everyone. The data-level permissions that happen here are just inter-openmrs communications."

      The issue of rights locally and distantly should be handled differently. In most multi-clinician centres, all clinicians have access to all data and control is maintained by logging, i.e., the clinician who viewed a record has to justify the viewing rather than ask for it. Failure to justify leads to sanctions. No plans to change this.

      Rights for distant viewing will be controlled by the referred-to Clinican_ID and the Patient_ID. The Clinician accepting the referral is only able to see the referred patient's data. The initial thoughts were that there would be no 'copy in' function put rather a drag & drop type functionality so that the second clinician could put previous data into their own knowledge structure. The Clinician_ID/Patient_ID link will mean that the referrer will be able to see the referred-to clinician data in the same way - available for drag & drop into their record - although copy back is also possible.

      "Do you see data being continually streamed?"

      I may be wrong but I don't see this as an issue where there is a need for the door to be time-locked/opened. The GP/specialist clinical control balance can be fluid - I expect to follow a patient for 5 years after cancer diagnosis. So should the link last that long?

      Some other questions should be asked in reaching a stance.

      • Am I likely to have the time to go and look at old patient data unless they are returning or I am doing some research?
      • Can I undertake research reviews on my own data without ethics approval? Of course, ethics approval can't stop this happening. So can I get data from a GP system for a patient I treated 5 years ago where I am undertaking a quality or outcome review? Yes, they still qualify as MY patient, even if I haven't seen them for years.
      • How can you determine the this duration? Perhaps a field in the OpenMRS of the referred-to clinician could be introduced that states that the patient has been discharged. When Discharge=Y, then the link is cut. But then, the data on patient outcome is still pertinent to my research/outcome discovery efforts.
      • Can you limit the data seen? Personally I am not a fan of restricted viewing. The ability of the patient to restrict medical knowing, must be balanced with the ability of the clinician to refuse medical care on the basis that important issues may be missed making treatment worthless, harmful or inappropriate.
      • At present I have the ability to write to a GP asking for information about patient's I have seen and expect to have it provided. 

      Data will not need to be streamed 'continually'. I will only need to be able to access the link to the GP system when I have the patient's file open in my OpenMRS AND when I wish to look in the GP system. An up-to-date view will be sent. There will be rare data clashes as most contact in OpenMRS will be driven by patient attendance (i.e., the patient is in front of me, so my OpenMRS file is open, but the GP's OpenMRS file for this patient is highly unlikely to be open unless one telephones the other.

      This will be a small data load on either my or the GP's server.

      Am I making sense?

      1. Ok.  I did not properly understand the intention.  In the case that the module is managing the sharing of patient data across separate OpenMRS instances, then it makes more sense – i.e., negotiating the conditions under which a patient's record may be requested by one OpenMRS instance to another.

        So, if a patient had been treated at two different sites (using two different instances of OpenMRS) over time, say by his GP using OpenMRS A and a specialist seen last year using OpenMRS B, and then is referred again to OpenMRS B, I presume doctors using OpenMRS B would see whatever had been loaded for that patient previously and, with the proper permission, any new data from OpenMRS A would be merged into OpenMRS B at the time of the new referral.  Or will patient records be somehow marked as "on loan" so their data is removed from OpenMRS B at some point in time or based on some event (e.g., discharge)?  Is there any plan to coordinate with the CCD module?  The goal of the CCD module is to create a mechanism for importing & exporting a standardized patient summary between systems, so it seems that this module could focus solely on the permissions and then use the CCD module to perform the actual transfer of data.

  5. Unknown User (aam)

    "a specialist seen last year using OpenMRS B, and then is referred again to OpenMRS B"

    If the initial link remains open, there is no need for a second referral except to relate the reason for the return.

    "doctors using OpenMRS B would see whatever had been loaded for that patient previously"

    The plan is not to transfer the patient record permanently into OpenMRS_B, but rather to give a snapshot of the current data in OpenMRS_A. Clinician_B would cherry-pick the links and data that is meaningful. When the patient record in OpenMRS_B is closed, the link is dropped until the patient is re-opened in OpenMRS_B at the next consultation. Then the same process - look at the OpenMRS_A record and pick what you want.

    The knowledge structure of different specialties (GP, orthopedic surgeon, oncologist, psychiatrist) is different enough to make conglomeration of these knowledge structures virtually impossible. Until someone thinks they can do this, the ability to see the GP record and pick what is meaningful to reorganise for another knowledge structure is adequate. At some points clinicians need a PROBLEM-oriented medical record, others situations call for a DIAGNOSIS-oriented medical record. Information is treated differently in each.

    "The goal of the CCD module is to create a mechanism for importing & exporting a standardized patient summary between systems"

    This module does not overlap with the CCD module.