EHR & Patient Management Master Data & Configuration
Home / Clinical Modules / EHR & Patient Management / Master Data

EHR & Patient Management Master Data & Configuration

Master Data Inventory

ID Data Set Source Approx. Records Owner Update Frequency
MD-EHR-001 Nationality Codes ISO 3166-1 alpha-2/alpha-3 (localised) ~250 System Administrator Annually or as ISO updates
MD-EHR-002 Emirates & Cities UAE administrative divisions ~50 System Administrator Rarely (on gov. change)
MD-EHR-003 Document Types Facility-defined ~30 HIM Supervisor As needed (quarterly review)
MD-EHR-004 Note Templates Facility-defined per specialty ~100 Clinical Informatics Lead As needed; biannual review
MD-EHR-005 Consent Form Templates Legal / Compliance ~15 Legal Counsel / Privacy Officer On regulation/policy change; annual review
MD-EHR-006 Insurance Payer Codes DHA/DOH payer registry, MOH ~200 RCM Manager Quarterly or on payer change
MD-EHR-007 Provider Specialty Codes DOH/DHA specialty classification ~80 Credentialing Office As regulators update lists
MD-EHR-008 Facility Master Organizational design, DOH/DHA/MOH licensing 1–20 per org System Administrator On facility org change
MD-EHR-009 Department Master Organizational design 50–200 System Administrator / Operations On org restructuring
MD-EHR-010 Location Master (Rooms/Beds) Facility engineering / nursing admin 500–5,000 System Administrator On physical layout change
MD-EHR-011 User Role Definitions IT security / compliance ~20 IT Security Officer As needed; annual review
MD-EHR-012 Permission Catalogue System design 100–300 IT Security Officer As needed; annual review
MD-EHR-013 Allergen Reference List RxNorm (drugs), SNOMED CT (non-drug) ~5,000 Pharmacy Informatics With terminology releases
MD-EHR-014 ICD-10-AM Diagnosis Codes ACCD ~72,000 HIM Manager With official releases
MD-EHR-015 SNOMED CT Clinical Terms Subset SNOMED International ~350,000 (subset) Clinical Informatics Biannually
MD-EHR-016 Religion Codes Facility-defined; UAE context 10–20 HIM Supervisor Rarely
MD-EHR-017 Marital Status Codes Facility-defined 5–10 HIM Supervisor Rarely
MD-EHR-018 Occupation Codes Facility-defined / UAE labour categories 100–500 HIM Supervisor / HR As needed
MD-EHR-019 Language Codes ISO 639-1 subset 10–20 System Administrator Rarely
MD-EHR-020 Consent Types & Scopes Legal / Privacy 10–20 Privacy Officer On PDPL / policy change
MD-EHR-021 Audit Action Types System-defined 20–50 System Administrator Rarely
MD-EHR-022 Break-the-Glass Reasons Privacy policy 5–10 Privacy Officer Rarely
MD-EHR-023 Patient Category / Type Facility-defined (VIP, staff, etc.) 10–30 Senior Registration Clerk As needed
MD-EHR-024 Relationship Types (Next-of-kin) Facility-defined 10–20 HIM Supervisor Rarely
MD-EHR-025 Consent Signature Methods Legal / IT 5–10 Privacy Officer Rarely
MD-EHR-026 NABIDH/Malaffi Facility & Department IDs DHA/DOH registration 1–10 per facility Integration Lead On HIE registration/change

Note: Large terminologies (ICD-10-AM, SNOMED CT, Allergen list) are usually loaded via dedicated terminology services; here we define their role and key fields, not the full code sets.

Setup Sequence

Dependency Diagram

flowchart TD A["Step 1: MD-EHR-001 Nationality Codes"] --> B["Step 2: MD-EHR-002 Emirates & Cities"] A --> C["Step 3: MD-EHR-019 Language Codes"] A --> D["Step 4: MD-EHR-016 Religion Codes"] A --> E["Step 5: MD-EHR-017 Marital Status Codes"] A --> F["Step 6: MD-EHR-018 Occupation Codes"] B --> G["Step 7: MD-EHR-008 Facility Master"] G --> H["Step 8: MD-EHR-009 Department Master"] H --> I["Step 9: MD-EHR-010 Location Master"] G --> Z["Step 10: MD-EHR-026 NABIDH/Malaffi IDs"] J["Step 11: MD-EHR-011 User Role Definitions"] --> K["Step 12: MD-EHR-012 Permission Catalogue"] K --> L["Step 13: User-Role Assignment (operational)"] M["Step 14: MD-EHR-007 Provider Specialty Codes"] --> N["Step 15: Provider Master (operational)"] O["Step 16: MD-EHR-006 Insurance Payer Codes"] --> P["Step 17: Patient Insurance (operational)"] Q["Step 18: MD-EHR-023 Patient Category / Type"] --> P R["Step 19: MD-EHR-013 Allergen Reference List"] --> S["Step 20: Allergy Management"] T["Step 21: MD-EHR-014 ICD-10-AM Codes"] --> U["Step 22: Problem List"] V["Step 23: MD-EHR-015 SNOMED CT Subset"] --> S V --> U W["Step 24: MD-EHR-003 Document Types"] --> X["Step 25: Document Management"] Y["Step 26: MD-EHR-020 Consent Types & Scopes"] --> AA["Step 27: MD-EHR-005 Consent Form Templates"] AA --> AB["Step 28: Consent Management"] AC["Step 29: MD-EHR-021 Audit Action Types"] --> AD["Step 30: MD-EHR-022 BTG Reasons"] AD --> AE["Step 31: Audit & BTG Monitoring"] AE --> AF["System Go-Live"] AB --> AF X --> AF S --> AF U --> AF L --> AF I --> AF Z --> AF P --> AF N --> AF

Load Sequence (Narrative)

  1. Core demographic reference: Nationality, Emirates & Cities, Languages, Religion, Marital Status, Occupation.
  2. Organizational structure: Facilities → Departments → Locations; then NABIDH/Malaffi IDs.
  3. Security model: User Roles → Permission Catalogue → assign to users (operational, not master data).
  4. Clinical coding: Provider Specialty Codes; ICD-10-AM; SNOMED CT subset; Allergen reference list.
  5. Financial/registration: Insurance Payer Codes; Patient Category/Type.
  6. Documentation & consent: Document Types; Consent Types & Scopes → Consent Form Templates.
  7. Audit & privacy: Audit Action Types; Break-the-Glass Reasons.
  8. Validation & go-live: After all above are loaded and tested, enable registration, charting, and portal access.

Master Data Specifications

Below are detailed specs for the most critical data sets used directly in this module. Others follow the same pattern.

MD-EHR-001: Nationality Codes

a. Purpose

Standardised list of patient nationalities used in registration, reporting, and regulatory submissions (e.g., MOH, DOH, DHA). Supports bilingual display and mapping to ISO 3166-1 codes.

b. Schema

Table: ref_nationalities

Field Type Required Description
nationality_code VARCHAR(3) YES Primary key; ISO 3166-1 alpha-3 (e.g., ARE, IND)
iso_alpha2 CHAR(2) YES ISO 3166-1 alpha-2 code (e.g., AE, IN)
display_name_en VARCHAR(100) YES English nationality name
display_name_ar VARCHAR(100) YES Arabic nationality name
is_active BOOLEAN YES Whether selectable in UI
sort_order SMALLINT NO Optional ordering for UI lists
created_at TIMESTAMP YES Creation timestamp
updated_at TIMESTAMP YES Last update timestamp

c. Sample Data

nationality_code iso_alpha2 display_name_en display_name_ar is_active
ARE AE United Arab Emirates الإمارات العربية المتحدة TRUE
IND IN India الهند TRUE
PAK PK Pakistan باكستان TRUE
EGY EG Egypt مصر TRUE
PHL PH Philippines الفلبين TRUE
GBR GB United Kingdom المملكة المتحدة TRUE
USA US United States of America الولايات المتحدة الأمريكية TRUE

d. Data Governance

  • Owner: System Administrator
  • Approval: HIM Supervisor + Compliance for any non-ISO additions
  • Update frequency: Annually or when ISO list changes
  • Change process: 1. Admin reviews ISO updates. 2. Propose additions/retirements. 3. HIM Supervisor approves. 4. Changes applied in test, then production. 5. Notify registration staff via release notes.

e. Validation Rules

  • nationality_code must be unique, 3 uppercase letters.
  • iso_alpha2 must be unique, 2 uppercase letters.
  • display_name_en and display_name_ar must be non-empty when is_active = TRUE.
  • Cannot deactivate a nationality if referenced by active patients without HIM approval (soft check with warning).

MD-EHR-002: Emirates & Cities

a. Purpose

Standard list of UAE emirates and commonly used cities/areas for address capture and reporting.

b. Schema

Table: ref_emirates_cities

Field Type Required Description
emirate_code VARCHAR(10) YES Primary key for emirate (e.g., DXB, AUH)
city_code VARCHAR(20) YES Primary key within emirate (e.g., DXB-DXB)
display_name_en VARCHAR(100) YES City/area name in English
display_name_ar VARCHAR(100) YES City/area name in Arabic
emirate_name_en VARCHAR(100) YES Emirate name in English
emirate_name_ar VARCHAR(100) YES Emirate name in Arabic
is_default_city BOOLEAN YES Marks main city per emirate
is_active BOOLEAN YES Active flag
sort_order SMALLINT NO UI ordering

Composite primary key: (emirate_code, city_code).

c. Sample Data

emirate_code city_code emirate_name_en emirate_name_ar display_name_en display_name_ar is_default_city
DXB DXB-DXB Dubai دبي Dubai دبي TRUE
DXB DXB-JVC Dubai دبي Jumeirah Village Circle قرية جميرا الدائرية FALSE
AUH AUH-AUH Abu Dhabi أبوظبي Abu Dhabi أبوظبي TRUE
SHJ SHJ-SHJ Sharjah الشارقة Sharjah الشارقة TRUE
AJM AJM-AJM Ajman عجمان Ajman عجمان TRUE

d. Data Governance

  • Owner: System Administrator
  • Approval: Operations Director for new areas; HIM for naming conventions
  • Update frequency: Rare; as new developments/areas are added
  • Change process:
  • Request from registration/operations.
  • Verify against municipal naming.
  • Add in test; validate with sample addresses.
  • Deploy to production; notify registration team.

e. Validation Rules

  • emirate_code must be one of a predefined set (DXB, AUH, SHJ, AJM, RAK, UAQ, FUJ).
  • city_code must be unique within emirate.
  • At least one is_default_city = TRUE per emirate.
  • Cannot delete cities referenced in patient_demographics; only inactivate.

MD-EHR-003: Document Types

a. Purpose

Defines the types of documents that can be scanned or uploaded (e.g., Emirates ID, insurance card, external reports) for consistent indexing and retention policies.

b. Schema

Table: ref_document_types

Field Type Required Description
document_type_code VARCHAR(30) YES Primary key (e.g., EMIRATES_ID, INS_CARD)
display_name_en VARCHAR(100) YES English name
display_name_ar VARCHAR(100) YES Arabic name
category VARCHAR(50) YES e.g., Identity, Clinical, Legal, Financial
is_clinical BOOLEAN YES Whether clinically relevant
default_retention_years SMALLINT YES Retention period in years
requires_patient_link BOOLEAN YES Must be linked to patient_id
requires_encounter_link BOOLEAN YES Must be linked to encounter_id
is_active BOOLEAN YES Active flag

c. Sample Data

document_type_code display_name_en display_name_ar category is_clinical default_retention_years
EMIRATES_ID Emirates ID Copy نسخة بطاقة الهوية الإماراتية Identity FALSE 10
PASSPORT Passport Copy نسخة جواز السفر Identity FALSE 10
INS_CARD Insurance Card بطاقة التأمين Financial FALSE 10
EXT_LAB External Lab Report تقرير مختبر خارجي Clinical TRUE 25
EXT_RAD External Radiology Report تقرير أشعة خارجي Clinical TRUE 25
CONSENT_FORM Signed Consent Form نموذج موافقة موقع Legal TRUE 25
REFERRAL_LETTER Referral Letter خطاب تحويل Clinical TRUE 25

d. Data Governance

  • Owner: HIM Supervisor
  • Approval: HIM Committee + Legal for legal/consent types
  • Update frequency: As needed; formal review annually
  • Change process: 1. Request from clinical/registration department. 2. HIM analyses impact on workflows and retention. 3. Legal reviews if legal/consent category. 4. New type configured and tested. 5. Communicate to scanning staff with examples.

e. Validation Rules

  • document_type_code must be unique, uppercase, alphanumeric + underscore.
  • default_retention_years must meet or exceed UAE legal minimums for medical records (per MOH/DOH/DHA).
  • Clinical documents (is_clinical = TRUE) must have requires_patient_link = TRUE.
  • Consent-related types must be mapped to a consent type (MD-EHR-020) in configuration.

MD-EHR-004: Note Templates

a. Purpose

Structured templates for clinical notes (H&P, progress notes, discharge summaries, nursing assessments) to standardise documentation and support bilingual headings.

b. Schema

Table: ref_note_templates

Field Type Required Description
template_id VARCHAR(50) YES Primary key
note_type VARCHAR(50) YES e.g., H&P, PROGRESS, DISCHARGE, NURSING_ASSESSMENT
specialty_code VARCHAR(20) NO FK to provider specialty (MD-EHR-007) or NULL for generic
title_en VARCHAR(200) YES Template title in English
title_ar VARCHAR(200) YES Template title in Arabic
content_structure_json TEXT YES JSON schema describing sections/fields
is_active BOOLEAN YES Active flag
version INTEGER YES Template version
effective_from DATE YES Start date
effective_to DATE NO End date (for retired templates)

c. Sample Data

template_id note_type specialty_code title_en title_ar version
HNP-GEN-ADULT-V1 H&P INT_MED Adult General History & Physical التاريخ المرضي والفحص السريري للبالغين 1
PROG-GEN-DAILY-V1 PROGRESS NULL Daily Progress Note ملاحظة تقدم يومية 1
DISCH-GEN-ADULT-V1 DISCHARGE INT_MED Adult Discharge Summary تقرير خروج للبالغين 1
NURS-ADM-ADULT-V1 NURSING_ASSESSMENT NURS Adult Admission Nursing Assessment تقييم تمريضي أولي للبالغين 1
PED-HNP-V1 H&P PED Paediatric History & Physical التاريخ المرضي والفحص السريري للأطفال 1

content_structure_json example (simplified):

JSON
{
  "sections": [
    {"id": "chief_complaint", "label_en": "Chief Complaint", "label_ar": "الشكوى الرئيسية", "type": "text"},
    {"id": "history_present_illness", "label_en": "History of Present Illness", "label_ar": "التاريخ المرضي الحالي", "type": "textarea"}
  ]
}

d. Data Governance

  • Owner: Clinical Informatics Lead
  • Approval: Relevant Department Chair + HIM Supervisor
  • Update frequency: As needed; formal review at least every 2 years
  • Change process:
  • Clinician submits request with clinical rationale.
  • Clinical Informatics drafts template.
  • Department Chair and HIM review for completeness and medico-legal requirements.
  • Pilot in test environment.
  • Approve and deploy; version previous template (set effective_to).

e. Validation Rules

  • note_type must be from a controlled list (H&P, PROGRESS, DISCHARGE, CONSULT, NURSING_ASSESSMENT, etc.).
  • Only one active template per (note_type, specialty_code, version) combination.
  • effective_from must be <= current date for active templates.
  • effective_to must be NULL for active templates.

a. Purpose

Defines the content and metadata of consent forms used for treatment, procedures, data processing (UAE PDPL), and HIE data sharing (NABIDH/Malaffi).

b. Schema

Table: ref_consent_templates

Field Type Required Description
consent_template_id VARCHAR(50) YES Primary key
consent_type_code VARCHAR(30) YES FK to MD-EHR-020 (e.g., GENERAL_TREATMENT, PDPL_DATA_PROCESSING)
title_en VARCHAR(200) YES English title
title_ar VARCHAR(200) YES Arabic title
body_html_en TEXT YES HTML content in English
body_html_ar TEXT YES HTML content in Arabic
requires_witness BOOLEAN YES Whether witness signature required
is_mandatory BOOLEAN YES Required for care in specific contexts
default_expiry_days INTEGER NO Default validity period (NULL = no expiry)
version INTEGER YES Template version
is_active BOOLEAN YES Active flag

c. Sample Data

consent_template_id consent_type_code title_en title_ar requires_witness is_mandatory default_expiry_days
CONS-GEN-TREAT-V1 GENERAL_TREATMENT General Treatment Consent موافقة عامة على العلاج FALSE TRUE NULL
CONS-PDPL-DATA-V1 PDPL_DATA_PROCESSING Consent for Processing of Personal Health Data موافقة على معالجة البيانات الصحية الشخصية FALSE TRUE 365
CONS-HIE-NABIDH-V1 HIE_DATA_SHARING_NABIDH Consent for Sharing Data with NABIDH موافقة على مشاركة البيانات مع نظام نبض FALSE FALSE 365
CONS-HIE-MALAFFI-V1 HIE_DATA_SHARING_MALAFFI Consent for Sharing Data with Malaffi موافقة على مشاركة البيانات مع نظام ملفي FALSE FALSE 365
CONS-PROC-SURGERY-V1 PROCEDURE_SPECIFIC Surgical Procedure Consent موافقة على إجراء جراحي TRUE TRUE NULL

d. Data Governance

  • Owner: Legal Counsel / Privacy Officer
  • Approval: Executive Medical Committee + Compliance
  • Update frequency: On regulatory change (e.g., UAE PDPL updates) or policy change; annual review
  • Change process:
  • Legal drafts or updates text.
  • Privacy Officer reviews for PDPL compliance (consent, rights, withdrawal).
  • Clinical leadership reviews for clinical clarity.
  • New version created; old version retired (but preserved for historical records).
  • Training and communication to registration and clinical staff.

e. Validation Rules

  • consent_type_code must exist in MD-EHR-020.
  • Only one active template per (consent_type_code, version) combination.
  • Mandatory consents must be presented before certain workflows (e.g., PDPL consent before portal activation).
  • HTML must be well-formed and free of external scripts.

MD-EHR-006: Insurance Payer Codes

a. Purpose

Standardised list of insurance payers used for registration, eligibility checks (eClaimLink / DOH eClaims), and billing.

b. Schema

Table: ref_payers

Note: Canonical payer entities are owned by policy-contract-mgmt; this reference table defines the subset and local codes used by EHR registration. It should map 1:1 to payers.payer_id.

Field Type Required Description
payer_id BIGINT YES FK to payers (from policy-contract-mgmt)
payer_code VARCHAR(20) YES Local payer code (e.g., DAMAN, THIQA)
display_name_en VARCHAR(200) YES English payer name
display_name_ar VARCHAR(200) YES Arabic payer name
dha_payer_code VARCHAR(20) NO DHA eClaimLink payer code
doh_payer_code VARCHAR(20) NO DOH eClaims payer code
is_active BOOLEAN YES Active flag
is_government_scheme BOOLEAN YES THIQA, etc.
default_eligibility_endpoint VARCHAR(255) NO URL or code for eligibility API

c. Sample Data

payer_code display_name_en display_name_ar dha_payer_code doh_payer_code is_government_scheme
THIQA THIQA (Abu Dhabi Government) ثقة (حكومة أبوظبي) NULL THIQA TRUE
DAMAN Daman National Health Insurance ضمان للتأمين الصحي DAMAN DAMAN FALSE
OMAN Oman Insurance شركة عُمان للتأمين OMAN OMAN FALSE
ADNIC Abu Dhabi National Insurance Company شركة أبوظبي الوطنية للتأمين ADNIC ADNIC FALSE
SAICO Saudi Arabian Insurance Company الشركة السعودية للتأمين SAICO SAICO FALSE

d. Data Governance

  • Owner: RCM Manager
  • Approval: Finance Director
  • Update frequency: Quarterly or when new payers/contracts are added
  • Change process:
  • RCM receives payer registry updates from DHA/DOH.
  • Validate mapping to payers master in policy-contract-mgmt.
  • Update codes and endpoints in test; run eligibility tests.
  • Deploy to production; inform registration and billing teams.

e. Validation Rules

  • payer_code must be unique and non-null for active payers.
  • dha_payer_code and doh_payer_code must match official registries when provided.
  • Cannot deactivate payer if active insurance policies exist without RCM override.

MD-EHR-007: Provider Specialty Codes

a. Purpose

Standard list of provider specialties aligned with DOH/DHA classifications, used in provider profiles, note templates, and access control.

b. Schema

Table: ref_provider_specialties

Field Type Required Description
specialty_code VARCHAR(20) YES Primary key (e.g., INT_MED, PED, SURG_GEN)
doh_code VARCHAR(20) NO DOH specialty code
dha_code VARCHAR(20) NO DHA specialty code
display_name_en VARCHAR(150) YES English name
display_name_ar VARCHAR(150) YES Arabic name
is_clinical BOOLEAN YES Clinical vs administrative
is_active BOOLEAN YES Active flag

c. Sample Data

specialty_code doh_code dha_code display_name_en display_name_ar is_clinical
INT_MED IM01 IM01 Internal Medicine الطب الباطني TRUE
PED PD01 PD01 Paediatrics طب الأطفال TRUE
SURG_GEN GS01 GS01 General Surgery الجراحة العامة TRUE
OBS_GYN OG01 OG01 Obstetrics & Gynaecology أمراض النساء والتوليد TRUE
FAM_MED FM01 FM01 Family Medicine طب الأسرة TRUE
NURS NULL NULL Nursing التمريض TRUE
ADMIN NULL NULL Administration الإدارة FALSE

d. Data Governance

  • Owner: Credentialing Office
  • Approval: Medical Director
  • Update frequency: As DOH/DHA update specialty lists
  • Change process:
  • Monitor DOH/DHA circulars.
  • Map new/changed specialties.
  • Update reference table; adjust provider records as needed.
  • Communicate changes to HR and department heads.

e. Validation Rules

  • specialty_code must be unique and stable (avoid renaming; create new code instead).
  • doh_code/dha_code must match regulator lists when present.
  • Cannot deactivate specialty if active providers are mapped without migration plan.

MD-EHR-008: Facility Master

a. Purpose

Defines all facilities (hospitals, clinics) within Gates Group, including licensing and emirate, used across all modules.

b. Schema

Table: facilities (owned by this module)

Field Type Required Description
facility_id BIGINT YES PK
facility_code VARCHAR(20) YES Short code (e.g., GG-DXB-HOSP)
facility_name_en VARCHAR(200) YES English name
facility_name_ar VARCHAR(200) YES Arabic name
facility_type VARCHAR(50) YES Hospital, Clinic, Day Surgery, etc.
license_number VARCHAR(50) YES DOH/DHA/MOH license number
licensing_authority VARCHAR(20) YES DOH, DHA, MOH
emirate_code VARCHAR(10) YES FK to MD-EHR-002
address_en VARCHAR(255) YES Address in English
address_ar VARCHAR(255) YES Address in Arabic
phone VARCHAR(30) YES Main contact number
is_active BOOLEAN YES Active flag

c. Sample Data

facility_code facility_name_en facility_name_ar facility_type licensing_authority emirate_code
GG-DXB-HOSP Gates Group Hospital Dubai مستشفى جيتس جروب دبي Hospital DHA DXB
GG-AUH-CLIN Gates Group Clinic Abu Dhabi عيادة جيتس جروب أبوظبي Clinic DOH AUH

d. Data Governance

  • Owner: System Administrator
  • Approval: COO + Compliance
  • Update frequency: On facility opening/closing or licensing change
  • Change process:
  • Facility management submits request with license documents.
  • IT updates facility master; integration team updates NABIDH/Malaffi IDs (MD-EHR-026).
  • Validate routing rules for HIE and billing.

e. Validation Rules

  • facility_code must be unique.
  • licensing_authority must be one of (DOH, DHA, MOH).
  • emirate_code must exist in MD-EHR-002.
  • Cannot deactivate facility if active encounters exist; requires migration plan.

MD-EHR-011: User Role Definitions

a. Purpose

Defines RBAC roles used for access control (Registration Clerk, Physician, Nurse, etc.), as listed in the module brief.

b. Schema

Table: roles (owned by this module)

Field Type Required Description
role_id BIGINT YES PK
role_name VARCHAR(100) YES System role name (e.g., Physician)
role_code VARCHAR(50) YES Unique code (e.g., ROLE_PHYSICIAN)
role_description VARCHAR(255) NO Description
is_system_role BOOLEAN YES Protected role flag
created_at TIMESTAMP YES Creation timestamp
updated_at TIMESTAMP YES Last update timestamp

c. Sample Data

role_code role_name role_description is_system_role
ROLE_REG_CLERK Registration Clerk Performs patient registration and demographics updates TRUE
ROLE_REG_SR_CLERK Senior Registration Clerk Approves critical demographic changes TRUE
ROLE_MRO Medical Records Officer Manages documents and merges TRUE
ROLE_HIM_SUP HIM Supervisor Oversees HIM functions and privacy TRUE
ROLE_PHYSICIAN Physician Full clinical access and documentation TRUE
ROLE_NURSE Nurse Nursing documentation and care plans TRUE
ROLE_ALLIED Allied Health Professional Specialty documentation TRUE
ROLE_SYS_ADMIN System Administrator Manages system configuration TRUE
ROLE_PRIVACY Privacy Officer Audits access and BTG TRUE
ROLE_PATIENT Patient (Portal) Access to own record via portal TRUE

d. Data Governance

  • Owner: IT Security Officer
  • Approval: Information Security Committee
  • Update frequency: Rare; when new job functions are introduced
  • Change process:
  • Security analysis of new role requirements.
  • Map to permissions (MD-EHR-012).
  • Test in non-production environment.
  • Document role capabilities and train admins.

e. Validation Rules

  • role_code must be unique and immutable once assigned.
  • System roles (is_system_role = TRUE) cannot be deleted; only disabled via configuration.
  • At least one active System Administrator and Privacy Officer role must exist.

MD-EHR-012: Permission Catalogue

a. Purpose

Granular permissions used to build roles (e.g., register_patient, merge_records, view_full_record).

b. Schema

Table: permissions (owned by this module)

Field Type Required Description
permission_id BIGINT YES PK
permission_code VARCHAR(100) YES Unique code (e.g., register_patient)
permission_name VARCHAR(200) YES Human-readable name
module VARCHAR(50) YES Module identifier (ehr-patient-mgmt, etc.)
resource VARCHAR(100) YES Resource (patients, clinical_notes, etc.)
action VARCHAR(50) YES Action (view, create, update, delete, approve, audit)
description VARCHAR(255) NO Description

c. Sample Data

permission_code permission_name module resource action
register_patient Register Patient ehr-patient-mgmt patients create
update_demographics Update Demographics ehr-patient-mgmt patient_demographics update
verify_insurance Verify Insurance ehr-patient-mgmt insurance update
merge_records Merge Patient Records ehr-patient-mgmt patients merge
manage_documents Manage Documents ehr-patient-mgmt patient_documents manage
audit_access_logs Audit Access Logs ehr-patient-mgmt audit_log view
manage_retention Manage Retention Policies ehr-patient-mgmt patient_documents configure
view_full_record View Full Patient Record ehr-patient-mgmt patients view
sign_notes Sign Clinical Notes ehr-patient-mgmt clinical_notes sign
break_the_glass Break-the-Glass Access ehr-patient-mgmt patients btg

d. Data Governance

  • Owner: IT Security Officer
  • Approval: Information Security Committee
  • Update frequency: As new features are added
  • Change process:
  • New feature triggers permission design.
  • Security review to ensure least-privilege.
  • Map permissions to roles; update documentation.
  • Deploy with feature release.

e. Validation Rules

  • permission_code must be unique and stable.
  • Combination (module, resource, action) should be unique.
  • Permissions used in code must exist in this table (enforced via deployment checks).

MD-EHR-013: Allergen Reference List

a. Purpose

Master list of allergens (drug and non-drug) used in Allergy Management (WF-EHR-004), sourced from RxNorm and SNOMED CT.

b. Schema

Table: ref_allergens

Field Type Required Description
allergen_code VARCHAR(50) YES Primary key (RxNorm or SNOMED code)
allergen_system VARCHAR(20) YES RXNORM or SNOMEDCT
display_name_en VARCHAR(200) YES English name
display_name_ar VARCHAR(200) YES Arabic name
category VARCHAR(50) YES Drug, Food, Environmental, Other
is_active BOOLEAN YES Active flag
is_common BOOLEAN YES For quick-pick lists

c. Sample Data

allergen_code allergen_system display_name_en display_name_ar category is_common
7980 RXNORM Penicillin البنسلين Drug TRUE
2670 RXNORM Aspirin الأسبرين Drug TRUE
91936005 SNOMEDCT Peanut الفول السوداني Food TRUE
256349002 SNOMEDCT House dust mite عثة غبار المنزل Environmental TRUE
300916003 SNOMEDCT Latex اللاتكس Environmental TRUE

d. Data Governance

  • Owner: Pharmacy Informatics (drug allergens) + Clinical Informatics (non-drug)
  • Approval: Pharmacy & Therapeutics Committee for drug list; Allergy Committee (if exists) for non-drug
  • Update frequency: With RxNorm/SNOMED releases (typically quarterly/biannually)
  • Change process:
  • Import updated subsets from terminology services.
  • Maintain local list of “common” allergens for UI.
  • Validate mappings to CDS rules in CPOE.

e. Validation Rules

  • allergen_code + allergen_system must be unique.
  • Only codes from approved RxNorm/SNOMED releases.
  • Cannot delete allergens referenced in patient_allergies; only inactivate.

MD-EHR-014: ICD-10-AM Diagnosis Codes

a. Purpose

Standard diagnosis codes used in problem list, encounters, and billing, aligned with ICD-10-AM (Australian Modification) adopted in UAE.

b. Schema

Table: ref_icd10am_codes

Field Type Required Description
icd10am_code VARCHAR(10) YES Primary key (e.g., E11.9)
short_description_en VARCHAR(200) YES Short English description
short_description_ar VARCHAR(200) YES Short Arabic description
chapter VARCHAR(10) YES ICD-10-AM chapter code
is_billable BOOLEAN YES Billable code flag
is_active BOOLEAN YES Active flag

c. Sample Data

icd10am_code short_description_en short_description_ar chapter is_billable
E11.9 Type 2 diabetes mellitus without complications داء السكري من النوع الثاني بدون مضاعفات E TRUE
I10 Essential (primary) hypertension ارتفاع ضغط الدم الأساسي (الأولي) I TRUE
J45.9 Asthma, unspecified ربو غير محدد J TRUE
N18.3 Chronic kidney disease, stage 3 (moderate) مرض الكلى المزمن، المرحلة 3 (متوسطة) N TRUE
Z00.0 General adult medical examination without abnormal findings فحص طبي عام للبالغين بدون نتائج غير طبيعية Z TRUE

d. Data Governance

  • Owner: HIM Manager
  • Approval: Coding Committee
  • Update frequency: With ACCD ICD-10-AM releases
  • Change process:
  • Import new version into terminology service.
  • Run regression tests on coding tools.
  • Train coders on changes.

e. Validation Rules

  • icd10am_code must conform to ICD-10-AM format.
  • Only is_billable = TRUE codes can be used for final billing diagnoses.
  • Historical codes remain for legacy data; not reused.

MD-EHR-015: SNOMED CT Clinical Terms Subset

a. Purpose

SNOMED CT subset used for problem list descriptions, allergy manifestations, and other coded clinical concepts.

b. Schema

Table: ref_snomed_terms

Field Type Required Description
snomed_code VARCHAR(20) YES Primary key
display_name_en VARCHAR(255) YES English term
display_name_ar VARCHAR(255) YES Arabic term
category VARCHAR(50) YES Problem, Manifestation, Procedure, etc.
is_active BOOLEAN YES Active flag

c. Sample Data

snomed_code display_name_en display_name_ar category
44054006 Diabetes mellitus type 2 داء السكري من النوع الثاني Problem
38341003 Hypertensive disorder, systemic arterial اضطراب ارتفاع ضغط الدم الشرياني الجهازي Problem
271807003 Rash طفح جلدي Manifestation
39579001 Anaphylaxis صدمة تأقية Manifestation
195967001 Asthma ربو Problem

d. Data Governance

  • Owner: Clinical Informatics
  • Approval: Clinical Coding Committee
  • Update frequency: Biannually
  • Change process:
  • Import updated SNOMED release.
  • Maintain local subsets for each use case.
  • Validate mappings to ICD-10-AM and CDS rules.

e. Validation Rules

  • snomed_code must exist in licensed SNOMED CT release.
  • Category must be from controlled list.
  • Inactivation must follow SNOMED historical association rules (map to replacement concepts where possible).

a. Purpose

Defines high-level consent types and scopes used to classify consent records and templates, aligned with UAE PDPL and HIE policies.

b. Schema

Table: ref_consent_types

Field Type Required Description
consent_type_code VARCHAR(30) YES PK (e.g., GENERAL_TREATMENT)
display_name_en VARCHAR(150) YES English name
display_name_ar VARCHAR(150) YES Arabic name
scope_description_en VARCHAR(255) YES English scope description
scope_description_ar VARCHAR(255) YES Arabic scope description
is_pdpl_required BOOLEAN YES Required under UAE PDPL
is_hie_related BOOLEAN YES For NABIDH/Malaffi data sharing
is_active BOOLEAN YES Active flag

c. Sample Data

consent_type_code display_name_en display_name_ar is_pdpl_required is_hie_related
GENERAL_TREATMENT General Treatment Consent موافقة عامة على العلاج FALSE FALSE
PDPL_DATA_PROCESSING Personal Health Data Processing Consent موافقة على معالجة البيانات الصحية الشخصية TRUE FALSE
HIE_DATA_SHARING_NABIDH NABIDH Data Sharing Consent موافقة على مشاركة البيانات مع نظام نبض TRUE TRUE
HIE_DATA_SHARING_MALAFFI Malaffi Data Sharing Consent موافقة على مشاركة البيانات مع نظام ملفي TRUE TRUE
PROCEDURE_SPECIFIC Procedure-Specific Consent موافقة خاصة بإجراء معين FALSE FALSE

d. Data Governance

  • Owner: Privacy Officer
  • Approval: Legal Counsel + Executive Committee
  • Update frequency: On PDPL or HIE policy changes
  • Change process:
  • Legal/Privacy review regulatory updates.
  • Adjust consent types and scopes accordingly.
  • Update mapping to consent templates and workflows.

e. Validation Rules

  • consent_type_code must be unique.
  • PDPL-related consents must be presented before processing personal health data beyond legal bases.
  • HIE-related consents must be checked before sending data to NABIDH/Malaffi.

MD-EHR-021: Audit Action Types

a. Purpose

Standardised action codes used in audit_log to classify user activities (view, update, BTG, export, etc.).

b. Schema

Table: ref_audit_actions

Field Type Required Description
action_code VARCHAR(50) YES PK (e.g., VIEW_PATIENT, UPDATE_DEMOGRAPHICS)
display_name_en VARCHAR(150) YES English name
display_name_ar VARCHAR(150) YES Arabic name
severity_level VARCHAR(20) YES Info, Warning, HighRisk
is_btg_related BOOLEAN YES Whether action is BTG-related
is_export BOOLEAN YES Whether action involves data export

c. Sample Data

action_code display_name_en display_name_ar severity_level is_btg_related
VIEW_PATIENT View Patient Record عرض ملف المريض Info FALSE
UPDATE_DEMOGRAPHICS Update Demographics تحديث البيانات الديموغرافية Info FALSE
MERGE_PATIENT Merge Patient Records دمج سجلات المرضى HighRisk FALSE
BTG_ACCESS Break-the-Glass Access كسر الحاجز للوصول HighRisk TRUE
EXPORT_RECORD Export Patient Record تصدير ملف المريض HighRisk FALSE

d. Data Governance

  • Owner: Privacy Officer
  • Approval: Information Security Committee
  • Update frequency: As new audited actions are introduced
  • Change process:
  • Security identifies new action types.
  • Add to reference table and map in application logging.
  • Update privacy monitoring dashboards.

e. Validation Rules

  • action_code must be unique.
  • High-risk actions must have severity_level = 'HighRisk'.
  • BTG-related actions must set is_btg_related = TRUE.

MD-EHR-022: Break-the-Glass Reasons

a. Purpose

Controlled list of reasons that clinicians must select when invoking Break-the-Glass (BTG) access, supporting PDPL accountability.

b. Schema

Table: ref_btg_reasons

Field Type Required Description
btg_reason_code VARCHAR(30) YES PK
display_name_en VARCHAR(200) YES English reason
display_name_ar VARCHAR(200) YES Arabic reason
is_active BOOLEAN YES Active flag
requires_free_text BOOLEAN YES Whether additional explanation is required

c. Sample Data

btg_reason_code display_name_en display_name_ar requires_free_text
EMERGENCY_CARE Emergency care – patient unable to consent حالة طارئة - المريض غير قادر على إعطاء الموافقة FALSE
ON_CALL_COVER On-call coverage for colleague تغطية مناوبة لزميل TRUE
CONSULT_REQUEST Formal consult request طلب استشارة رسمي TRUE
PATIENT_REQUEST Patient explicitly requested access طلب المريض صراحة الوصول TRUE
SYSTEM_ERROR Access required due to system error الوصول مطلوب بسبب خطأ في النظام TRUE

d. Data Governance

  • Owner: Privacy Officer
  • Approval: Information Security Committee
  • Update frequency: Rare; on privacy policy change
  • Change process:
  • Privacy Officer proposes changes.
  • Committee approves.
  • Update reference table; adjust BTG training materials.

e. Validation Rules

  • btg_reason_code must be unique.
  • At least one active reason must exist for BTG to be enabled.
  • BTG events must store both btg_reason_code and free-text explanation when requires_free_text = TRUE.

Configuration Parameters

Core Configuration Matrix

Parameter Type Default Description Governance
max_results_per_search Integer 50 Maximum patient search results returned to avoid information overload and protect privacy System Administrator
enable_phonetic_search Boolean true Enable phonetic/approximate matching for Arabic and English names System Administrator
require_emirates_id_for_uae_residents Boolean true Enforce Emirates ID capture for UAE residents at registration HIM Supervisor + Compliance
allow_duplicate_mrn_creation Boolean false If false, system blocks registration when high duplicate probability is detected HIM Supervisor
duplicate_match_threshold Decimal(5,2) 0.85 Threshold (0–1) for MPI duplicate suspect generation HIM Supervisor
critical_demographic_fields String (CSV) "name_en,name_ar,dob,emirates_id" Fields requiring supervisor approval for change HIM Supervisor
btg_enabled Boolean true Enable Break-the-Glass functionality Privacy Officer
btg_auto_notify_privacy_officer Boolean true Send automatic notification on BTG events Privacy Officer
btg_notification_email String [email protected] Email for BTG alerts Privacy Officer
default_language String "en" Default UI language System Administrator
supported_languages String (CSV) "en,ar" Supported UI languages System Administrator
consent_pdpl_required_for_portal Boolean true Require PDPL data processing consent before enabling portal access Privacy Officer
consent_renewal_reminder_days Integer 30 Days before consent expiry to trigger renewal reminder Privacy Officer
document_max_upload_size_mb Integer 25 Maximum size per uploaded document System Administrator
document_allowed_mime_types String (CSV) "application/pdf,image/jpeg,image/png" Allowed MIME types for uploads System Administrator
audit_log_retention_years Integer 15 Retention period for audit logs (align with UAE requirements) Privacy Officer
patient_record_retention_years Integer 25 Default retention for patient records (per MOH/DOH/DHA) HIM Supervisor
portal_enable_demographics_edit Boolean true Allow patients to edit selected demographics via portal Privacy Officer + HIM
portal_editable_fields String (CSV) "mobile_phone,email,address" Fields patients can update themselves Privacy Officer + HIM

Data Load Procedures

1. Initial Load

Sources:

  • National/international standards:
  • ISO 3166-1 (nationalities)
  • ISO 639-1 (languages)
  • ICD-10-AM (ACCD)
  • SNOMED CT (SNOMED International)
  • RxNorm (for allergens)
  • UAE-specific:
  • DOH/DHA specialty lists
  • DHA eClaimLink / DOH eClaims payer registries
  • DOH/DHA/MOH facility licenses
  • Internal:
  • Organizational charts (facilities, departments, locations)
  • Security design (roles, permissions)
  • Legal-approved consent texts
  • HIM-defined document types, marital status, religion, occupation

Process:

  1. Extract standard code sets from official sources (CSV/XML/JSON).
  2. Transform to HIS schema (field mapping, bilingual names).
  3. Load into staging tables.
  4. Run validation scripts (see below).
  5. Promote to production reference tables after sign-off.

2. Ongoing Synchronization

  • Terminologies (ICD-10-AM, SNOMED CT, RxNorm):
  • Use terminology service or scheduled imports.
  • Maintain version metadata.

  • Allow coexistence of old and new codes for historical data.

  • Payers & Specialties:

  • Quarterly sync from DOH/DHA registries.
  • Compare with current data; generate change report.

  • Apply adds/updates/inactivations with RCM/Credentialing approval.

  • Facilities & HIE IDs:

  • On any facility licensing change, update facility master and NABIDH/Malaffi IDs (MD-EHR-026).

  • Coordinate with integration team to update routing rules.

  • Roles & Permissions:

  • Managed via change control process tied to software releases.

3. Import/Export Formats

  • Supported formats:
  • CSV: For bulk master data imports (nationalities, emirates, document types, etc.).
  • JSON: For terminology subsets and configuration bundles.
  • API: For real-time sync with external registries (e.g., payer eligibility endpoints).

Example CSV layout – Nationality Codes:

CSV
nationality_code,iso_alpha2,display_name_en,display_name_ar,is_active
ARE,AE,United Arab Emirates,الإمارات العربية المتحدة,1
IND,IN,India,الهند,1
PAK,PK,Pakistan,باكستان,1

Example JSON layout – Consent Types:

JSON
[
  {
    "consent_type_code": "PDPL_DATA_PROCESSING",
    "display_name_en": "Personal Health Data Processing Consent",
    "display_name_ar": "موافقة على معالجة البيانات الصحية الشخصية",
    "scope_description_en": "Consent to process personal health data in accordance with UAE PDPL.",
    "scope_description_ar": "موافقة على معالجة البيانات الصحية الشخصية وفقًا لقانون حماية البيانات الشخصية في الإمارات.",
    "is_pdpl_required": true,
    "is_hie_related": false
  }
]

4. Validation on Import

For each import job:

  1. Schema validation: - Check required columns present. - Validate data types and lengths.

  2. Referential integrity: - Emirates codes must exist when loading facilities. - Consent types must exist before consent templates.

  3. Business rules: - No duplicate codes. - Bilingual fields must not be empty for active records. - Retention periods must meet UAE regulatory minimums.

  4. Audit & Logging: - Log import file name, user, timestamp, record counts, errors. - Store import files securely for traceability.

  5. Approval & Rollback: - Changes to high-impact data (consent types, roles, permissions, payer codes) require dual approval (business owner + IT). - Support rollback to previous snapshot if validation fails post-deployment.

This master data and configuration specification provides the foundation for implementing the EHR & Patient Management module in a UAE-compliant, paperless manner, ensuring consistent demographics, coding, consent, and access control across all integrated systems.

← Previous EHR & Patient Management Integration Specifications Next → EHR & Patient Management KPIs & Reporting
content/clinical/ehr-patient-mgmt/06-master-data.md Generated 2026-02-20 22:54