In the case of a distributed system like Andaman7, data items are either "owned" or at least "authored" by various individuals. In addition to that, changes are potentially transferred to other people (eg: your doctor, your family...) or to hospitals. The deletion of data could break the trust people put in those systems, and potentially create significant data consistency problems.
Therefore, in Andaman7, no data can be deleted.
However, in rare cases, it becomes obvious, later on, that previously entered data was entered erroneously. For this case, data can be marked as "invalid" (and hidden or not, it's the choice of the user). With this approach, there are no risks in losing trust or wrongfully modifying data, because all the data is still visible in the history of the data element (traceability). It becomes clear to everyone that no data is lost, and that some user marked the data as invalid. Indeed, this "invalidation" is passed on to peers with the identification of who invalidated and when.
This may be surprising at first, but it is due to the very innovative approach of Andaman7: probably one of the first completely distributed collaborative health records systems. It is actually similar to banking systems where the rules for modification and deletion are also very strict.
When data is invalidated, it will no longer be visible in the record, unless the option “Display invalidated data” is selected. To avoid seeing invalidated data you can, from your record, open the top right menu and select "Hide invalidated data".
There is however two exceptions to the "no deletion" rule:
- The first concerns documents. This exception was made to address the issue of files taking up to much memory space on smartphones with a low storage capacity. See How can I remove a document in Andaman7?
- The second concerns the entirety of a health record. See "How to delete one of my records?" However, if this record was shared, it will not be deleted from others.
Comments
0 comments
Please sign in to leave a comment.