== Next Set of Requirements for the Hospital Management System with Request Management System == Based on 270110T0100Z meeting with US SOUTHCOM * For RMS - additional fields needed: * Tick-box - "For Further Review" - this will tag a request as needing review by SOUTHCOM - based on current set of daily priorities - they will want to see a list of those items marked "For Further Review" and will manually want to validate the information as actionable. * Tick-box - "Validated" - once a request marked "For further review" has been validated, this will be used to identify validated actionable requests for immediate tasking by SOUTHCOM Discussion: [https://bugs.launchpad.net/sahana/+bug/513648] * For HMS - Locations: * We need to manage additional "medical facilities" beyond hospitals. I think we can do this now without further modification as one is not prohibited from entering something that is not a hospital after you select "add hospital". * Other feature classes that we can expect will be added to the HMS are: "field hospitals", "clinics", "pharmacies", and "helipads". While it is easy to add these are locations and give them a different feature class and marker, there is no category within the HMS record itself, unless we pull it from the location feature class... Can we do that? * Of course, this may mean that we may need to be prepared change labeling from "hospital" to "medical facility" or "medical" (and HMS becomes relabeled as MMS). Be prepared. Discussion: [https://bugs.launchpad.net/sahana/+bug/513649] * For HMS - additional fields needed for hospital data: * Road Status (comment field to describe road access to the facility). * Ability to attach multiple meta-data tagged files (e.g. photos of the facility, scanned maps of the area and surrounding roads). Discussion: [https://bugs.launchpad.net/sahana/+bug/513651] These requirements were shared with us after review of the system's current functionality (on current vita branch currently being pushed eventually up to the EC2 instance). SOUTHCOM was explicitly told that we would NOT be adding these features on/by 27 January - but that we would get them into the queue of things to work on for the next release. If you have time to begin to work on these on dev and get them in the queue for the next prod push, that would be good, but this is nothing to lose any sleep over. == Additional Requirements based on 280110T0400Z review of notes from the day: == * '''Security''' - enable role management - this is an urgent requirement assigned to sysadmin team: Praneeth (lead), Tim & Dan. Need written recommendation sent to mark by e-mail by 1600Z on 28 January 2010; meeting in #sahana-py at 1700Z on 28 January. Background: security for personnel on ground makes it inadvisable to publish publicly the needs and fulfillment information that might be embedded in the HMS - i.e. publishing that medical supplies are to be delivered to this place at this time might put the shipment and relief workers lives at risk. We need a plan to implement role-based access to different Sahana libraries. I need the sysadmin team to advise which of the following requirements is possible to do through front-end configuration of SahanaPy security settings (preferred) and which will require coding changes (not preferred). Alternatives are welcome. The team should also evaluate and advise on the impact shutting down read-only public access to parts of sahana will have on our feeds of data on hospital locations and hospital management data. Requirements: * Public/anonymous access: Read only access to OR, RMS Twitter and 4636 Messages. * Option to make HMS hospitals feed with location and general information - but not the shortages table - publicly available * Can we hide individual fields (like beds available, security status, facility status) from public view without code changes? * Registered users: Read only access to entire system (adding PR and HMS / HMS shortages) * Entry users: Registered users who are given add/edit/update/delete access to OR, PR, HMS * Options to create additional groups that have add/edit/update/delete access to each individual registry - and bundle people that way. e.g. Tim has write privileges to OR and PR but not HMS or RMS; Praneeth has write privileges to RMS but nothing else; Dan has write privileges to RMS, OR, and PR but not HMS. [[BR]] ---- '''Notes from dzubey''' Need to establish who are our user groups? Then based on that what rights should they NOT have. If the main concern is keeping certain data away from the general public, and we are time crunched, then a generic anonymous / read-only / read-write structure is fine...but this makes it very hard to change in the future. There is an more optimal method of assigning flags to users, which indicate what capabilities they are allowed, as opposed to role-based. we've already leaked a good quantity of data to various search engines and blogs and whatnot. I imagine this current push is to secure future data we capture. [[BR]] * '''Provenance of data''' - without adding any fields (at this time), we need to display the last time data records were updated and by whom - we should be able to pull from the last modified column and the registered user who made the modification. This is especially important to allow for evaluation of how old data is and how often it is being updated. Maybe a big bold splash on upper right when viewing a hospital record would say "Last modified on DDMMYY at HH:MM UTC by ". Or just show the data as additional field in form view or column in table view. [[BR]] [[BR]] * '''Operating Room Status''' - add to list of services on Hospital entry/edit form - similar to Emergency Room, Clinical, Facility, Security fields now.[[BR]] [[BR]] * Add Link to Bed Capacity, Services, Shortages, Contacts to main ADD Hospital form @ /hms/hospital/create[[BR]] [[BR]] * Add Register for new account and Login Links prominent on home/splash page