Challenge
During the period of the introduction of the GDPR Act, we faced the challenge of integrating a mechanism to monitor changes in medical data into an already operating medical system without loss of efficiency and functionality. It seemed that since the design of the system was already long developed, it was not possible to easily implement such a solution without time-consuming and demanding programming work. We wanted to design a solution that will be scalable and will not be limited to selected data but will enable control of the scope of monitoring and will be possible to use independently of the system module.
Realization
The main assumption we adopted was to minimize programming work and scalability of the solution, i.e. the ability to selectively indicate the data we want to monitor. After analyzing possible solutions to the problem, we decided to use an independent mechanism of the application. The solution was based on the mechanism of historical tables provided by the database used in the system.
We have prepared a set of controllable triggers based on the database for each of the system tables. In a separate table, we included tags that permit enabling or disabling the mechanism of collecting data changes. Thanks to the database design, any change to a data record including data deletion, is automatically stored in the historical table. This table contains information about when and who made changes to the data. Thanks to this solution, we minimized the amount of programming work in the application itself and the solution used is scalable efficient, and reliable because it works independently of the medical system and the running module.