Hmmm. Yes, we tried read only and it did not work. This still seems like a huge security gap. Any of my employees could copy the whole AC folder onto an external hard drive, take it home or to another office, and they would have the complete EMR, and there is no way I can prevent this? Would they at least need the administrator password to open the files/recreate the EMR from a backup???
David Lee, MD
IM
Dallas, TX
I'm pretty sure you need the admin password to do a restore from a back up file. They wouldn't be able to copy the databases live without first disabling the SQL server. However, imported items aren't really protected. It'd be up to AC to make their program work with read permissions only. (likely increasing server load as a result). But there comes a line where you can't do much more. If you give the staff documents read only permissions, then every time they need to delete or rename a file, you'd have to do it being the Admin and it just creates way too much work. Let's assume you block copy permissions, they can just print it out and take it with them using paper or even a virtual PDF printer like Bullzip or CutePDF. (That's with just read permissions).
.png "ACUF Donor I")
