Bahmni

Open Source Comprehensive Electronic Medical Record System built on top of OpenMRS, OpenELIS and OpenERP

Website: https://www.bahmni.org

Type of Digital Public Good

  • Open content
  • Open data
  • ✅  Open software
  • Open standard
  • Open AI model

1. Is it relevant to one of the Sustainable Development Goals?

  • 3. Good Health and Well-being

    Evidence: Over 500 implementations across 50 countries - predominantly in Africa and Asia. Millions of patients across the world have benefited from Bahmni as their stretched doctors and caregivers have used the system to track and monitor patient health and records. The endTB project that tested the latest anti-biotics (Bedqualine and Delamanid) was run on Bahmni.

  • 10. Reduced Inequality

    Evidence: Over 500 implementations across 50 countries - predominantly in Africa and Asia. Millions of patients across the world have benefited from Bahmni as their stretched doctors and caregivers have used the system to track and monitor patient health and records. The endTB project that tested the latest anti-biotics (Bedqualine and Delamanid) was run on Bahmni.

  • 17. Partnerships to achieve the Goal

    Evidence: Over 500 implementations across 50 countries - predominantly in Africa and Asia. Millions of patients across the world have benefited from Bahmni as their stretched doctors and caregivers have used the system to track and monitor patient health and records. The endTB project that tested the latest anti-biotics (Bedqualine and Delamanid) was run on Bahmni.

2. Does it use an appropriate open license?

Yes, this project is licensed under the following license(s):

3. Is ownership clearly defined?

Is the ownership of the project and everything that the project produces clearly defined and documented?

Yes

If yes - please link to the relevant copyright, trademarks, or ownership documentation for the project.

1. Bahmni IP is owned by OpenMRS, which also acts as its Fiscal sponsor. All Bahmni trademarks are owned by OpenMRS. Policies around “Bahmni” trademark are governed by similar policies as adopted by OpenMRS (https://wiki.openmrs.org/display/RES/OpenMRS+Trademark+Policy)
2. Bahmni is an OpenMRS distribution and a product initiative supported by Bahmni coalition which manages its evolution. https://www.bahmni.org/bahmni-coalition

4. Does the license of libraries/dependencies undermine the openess of the project?

Does this open project have mandatory dependencies (i.e. libraries, hardware) that create more restrictions than the original license?

No

If yes - are the open source components able to demonstrate independence from the closed component(s) and/or are there functional, open alternatives?

Not Applicable

If yes - please describe how the open source components are independent and/or list the open alternatives for the closed component:

Not Applicable

5. Is there documentation?

Does some documentation exist of the source code, use cases, and/or functional requirements. For software projects, this should be present as technical documentation that would allow a technical person unfamiliar with the project to launch and run the software. For datasets and data projects, this should be present as documentation that describes all the fields in the set, and provides context on how the data was collected and how it should be interpreted. For content collections, this should indicate any relevant compatible apps, software, hardware required to access the content and any instructions about how to use it.

Yes

If yes - please link to the relevant documentation:

6. Is non PII data and/or content accessible?

Does this project collect or use non-personally identifiable information (non-PII) data and/or content?

Yes

If yes - is there a mechanism for extracting or importing non-personally identifiable information (non-PII) from the system in a non-proprietary format?

Yes

If yes - describe the mechanism for extracting or importing non-personally identifiable information from the system in a non-proprietary format:

Data can be extracted in the form of reports (PDF, Excel, HTML, CSV) from Bahmni by writing custom SQL or Bahmni Mart can be integrated with BI tools like Metabase, R, PowerBI which enables us to filter content or restrict access to PII info.
Data can also be extracted by calling authenticated REST APIs.

7. Does the project adhere to privacy and other applicable international and domestic laws?

Has this project taken steps to ensure adherence with relevant privacy, domestic, and international laws? For example, the General Data Protection Regulation (GDPR) in the European Union or the Supplementary Act A/SA.1/01/10 on Personal Data Protection for the Economic Community of West African States (ECOWAS) (yes/no)

Yes

If yes, please list some of relevant laws that the project complies with:

  • GDPR
  • HIPAA
  • N.B: BAHMNI is implemented across the globe in different usage contexts, where the implementation organization evaluates the required privacy regulations applicable in their country or usage context for the product and takes the decision on compliance and conformity.

If yes, please describe the steps this project has taken to ensure adherence (include links to terms of service, privacy policy, or other relevant documentation):

  • - Bahmni has features like Audit Log to protect and record who has accessed, recorded or modified what health records and also authentication/authorisation features to only allow approved users to access patient data. The Bahmni development team does not have any access to real production data/systems, and those are owned by the organisation that deploys/supports Bahmni, as Bahmni is an on-site deployed product. More documentation on this topic here: https://bahmni.atlassian.net/wiki/spaces/BAH/pages/41713684/Security+Roles+and+Privileges
  • - Typically Hospital/Center that use Bahmni are deemed as data controllers, with the implementer may not have access to data, unless for authorised access functions like support or maintenance. In hosted models, the agency hosting would be required to fulfil compliance requirements and adopt data protection strategy so applicable in a country.
  • - Since Bahmni is built on other FOSS products like OpenMRS and Odoo, the related GDPR/Privacy centric steps are provided by them. Reference: https://www.odoo.com/gdpr, and https://talk.openmrs.org/t/gdpr-and-openmrs/18205
  • - We continue to evaluate features and development practices to adhere to GDPR, HIPAA and Data Protection/Privacy laws to protect citizen data.

8. Does the project adhere to standards and best practices?

Does this project support standards? (i.e. Web Content Accessibility Guidelines (WCAG) 2.1 or other standards such as those listed on W3C)

Yes

Which standards does this project support (please list)

  • Technical & Interoperability Standards Supported: Http/Https, CSS, JSON, REST, ATOM, HL7/FHIR, DICOM
  • Medical Standards Supported: SNOMED, LOINC, ICD-10, CIEL
  • Standards - HTML/CSS/JS based frontends talk over RESTful APIs. In addition Bahmni also provides HL7 FHIR R4 APIs. Communication/Notifications use W3 ATOM syndication standard.

Can you point to evidence of your support? (i.e. please link to your validator, open test suite, etc.)

Not Applicable

Was this project built and developed according to or in adherence with any design, technical and/or sector best practices or principles? i.e. the Principles for Digital Development?

Yes

Which principles and best practices does this project support (please list)

  • Principles for digital development
  • Open source principles, that is, peer production with products such as source code, blueprints, and documentation freely available to the public.
  • AGPL guidelines
  • Standard Application Security Best Practices.

9. Does the project do no harm by design?

Has this project taken steps to anticipate, prevent and do no harm by design?

On the whole, does this project take steps to ensure that it anticipates, prevents and does no harm by design?

Yes

Is there any additional information you would like to share about the mechanisms, processes or policies that this project uses to avoid doing harm by design?

The use cases in which this product is implemented has not indicated any harmful intentions thus far.

9.a. Data Privacy & Security

Does this project collect or store personally identifiable information (PII) data and/or content?

Yes

If yes - please list the types of data and/or content collected and/or stored by the project:

  • Name
  • Address
  • Date of birth
  • Contact details
  • Other unique identifiers.

If yes - does this project share this data and/or content with third parties?

Yes

Please describe the circumstances with which this project shares data and/or content with third parties. Please add links as relevant.

  • Integration of product with 3rd party is optional and configurable; which provides users of the product to define what they wish to share.

If yes - does the project ensure the privacy, security and integrity of this data and/or content collection and has it taken steps to prevent adverse impacts resulting from its collection, storage and distribution.

Yes

If yes - please describe the steps, and include a link to the privacy policy and/or terms of service:

Bahmni has features like Audit Log to protect and record who has accessed, recorded or modified what health records and also authentication/authorisation features to only allow approved users to access patient data. The Bahmni development team does not have any access to real production data/systems, and those are owned by the organisation that deploys/supports Bahmni, as Bahmni is an on-site deployed product. More documentation on this topic here: https://bahmni.atlassian.net/wiki/spaces/BAH/pages/41713684/Security+Roles+and+Privileges

9.b. Inappropriate & Illegal Content

Does this project collect, store or distribute content?

No

If yes - what kinds of content does this project, collect, store or distribute? (i.e. childrens books)

Not Applicable

If yes - does this project have policies that describe what is considered innappropriate content? (i.e. child sexual abuse materials)

Not Applicable

If yes - please link to the relevant policy/guidelines/documentation.

Not Applicable

If yes - does this project have policies and processes for detecting and moderating innappropriate/illegal content?

Not Applicable

If yes - please describe the policies and processes for detecting, reporting and removing innapropriate/illegal content (Please include the average response time for assessment and/or action. Link to any policies or descriptions of how inappropriate content is handled):

Not Applicable

9.c. Protection from harassment

Does this project facilitate interactions with or between users or contributors?

Yes

If yes - does the project take steps to address the safety and security of underage users?

Yes

If yes - please describe the steps this project takes to address risk or prevent access by underage users:

  • The software is not intended for underage users and is expected to be used by professionals in clinical settings.

If yes - does the project help users and contributors protect themselves against grief, abuse, and harassment?

Yes

If yes - please describe the steps taken to help users protect themselves.

Development & deployment countries

List of countries this project was developed in.

  • India
  • United States of America

List of countries this project is actively deployed in.

  • India
  • Lesotho
  • Cambodia
  • Nepal
  • Bangladesh
  • Bhutan
  • Sierra Leone
  • Uganda
  • Pakistan
  • Indonesia
  • South Africa
  • Kenya
  • Ethiopia
  • Philippines
  • Haiti
  • Zambia
  • Papua New Guinea
  • Jordan
  • Congo (Congo-Brazzaville)
  • Iraq
  • Malawi
  • Belarus
  • Myanmar
  • Mozambique
  • Eswatini (fmr. 'Swaziland')
  • Armenia
  • Georgia
  • Kyrgyzstan
  • Ukraine
  • Zimbabwe