When configured to authenticate patient access using an Alternate ID, Ocean uses the EMR fields indicated below:
Privacy and Security Disclaimer
Ocean typically authorizes patients for certain actions using a combination of their health number, name, and date of birth. This authorization is reasonably secure due to the inherent privacy of the patient’s health number.
Since health numbers are not always available in certain clinical environments, your site may opt in to support an alternate identifier, such as a student number or chart number.
These alternate identifiers should be relatively private and difficult to guess for a given patient. Otherwise, unauthorized individuals could potentially masquerade as the patient using this identifier, in combination with the patient’s surname and date of birth.
The unauthorized individual could potentially exploit this access to:
- Obtain the patient’s email address or other contact information as part of a privacy breach.
- Commit unauthorized actions under the guise of the patient, such as booking an appointment.
When configuring Ocean products to support an alternate identifier, you will be prompted to confirm on behalf of your clinic that you understand and accept the risk of using an alternate identifier.