If I were writing requirements for a medical record database, I would require that changes be dated, time-stamped, and identified with the party making the change and the location from which the change was made. I would also keep the previous value(s), so the state of the record at any point in time could be recovered. I might also keep a log of queries so that I could tell who was viewing what information at any given point in time.
In today's legal environment, it makes no sense for an institution to allow changes that have no record as to when the change was made, who did it, and what the change was exactly. Some record that the patient (or guardian) approved the change may also be required in some cases.
If your institution has rules in this area, follow them. If you're writing the rules, consult your (liability) insurance company and lawyer.
In today's legal environment, it makes no sense for an institution to allow changes that have no record as to when the change was made, who did it, and what the change was exactly. Some record that the patient (or guardian) approved the change may also be required in some cases.
If your institution has rules in this area, follow them. If you're writing the rules, consult your (liability) insurance company and lawyer.