There’s an accountability issue: either staff can globally Edit a thing, or they can’t Edit any of a thing.

What is missing is the ability for a staff to only be able to Edit their own things, or only Edit things that have happened recently.

For example, I add a case note. Then I notice a typo, so I want to fix it. I should be able to edit my own case note within 24/48/72 hours. But 6 months from now I have no reason that I would need to edit this case note. The only possible reason I might have for wanting to edit a case note months or years later is to protect my butt because I’m being subpoena’d. But that’s the time that I really should NOT be allowed to edit my own notes.

Similarly, what reason might a caseworker have for wanting to edit someone else’s case notes? It’s hard to think of a legitimate reason. So 6 months down the line, if a staff is editing somebody else’s case note, it seems suspicious. Maybe they’re trying to make that person look bad for some other unethical reason.

What needs to happen is an authenticate/lock function. There’s a few ways this should happen.

First (recommended): a time-lock setting. After X amount of time has passed, certain records cannot be edited. This is automatic, and possibly with a bypass for an administrator, supervisor, or manager (like Override Service Restriction).

Second: logging a reason for edit.

Third: having a “lock” or “authenticate” button that the user can click to prevent further edits. This might not be necessary with the time-lock setting, but it might be easier to implement.

Now what parts of the software should this occur in?