In PracticeSuite, once a user is created assigning appropriate Admin, Legal and Accounting rights, access configurations for the user need to be setup. The Configuration has mainly two components. They are
1. Remote Access configuration
2. Menu access configuration.
They are represented by gear icons as highlighted in Image 1.
1. Remote Access Configuration
Remote access for a user needs to be configured so as to restrict the time and days on which a user can access the system remotely. Moreover, IP addresses can be given to restrict a user to those machines while accessing the system remotely. On clicking the Setup Remote Access gear icon , the screen, as in Image 2, shows up.
a) Context-Based Access control
The Time/Day based security in PracticeSuite enables you to restrict remote user access based on time or day. Refer to Image 3.
i) To enable the Time/Day based access for the user
Set the Access Time Allowed for the user using the Time Allowed From and Time Allowed To boxes.
From the Allow Access on Days select the days on which remote access is allowed. To prevent access on any particular day, leave the checkbox corresponding to the day unchecked.
If remote access timing is required to be different for different days, then select the checkbox Click here if different time allowed for different day(s). A list of days will be displayed below with the option to set individual timings for each day as shown in the image below. Set different access times for the user using the options provided.
ii) For IP specific remote access – Enter the Primary IP Address. Multiple IP addresses can be given in this field separated by commas. Leaving the field blank would indicate that there are no location restrictions on the user.
b) Clinical Access for HIPAA safeguard
PracticeSuite provides the option to restrict user access to certain patient charts.
Restricted Charts: Here we can limit the user from clinical charts of certain patients. The patients can be selected by typing the first three letters of the last name in the field provided in Image 4. A drop-down appears from which the patient can be selected. Any number of patients can be added to the list. To remove a patient from the list, click on button corresponding to the patient.
Allow emergency Access If this option is set to Yes, then the restricted user can be given access to a restricted Patient Chart in case of an emergency after validation.
Do Not Allow to Edit Level I and Level II: This can be used to restrict users from editing the EHR Level-1 and Level-2 components. System throws a warning when the user tries to edit any of the L1 or L2.
After entering all the necessary information, click on the Save button. The remote access for the user gets configured.
2. Menu Access Configuration
Menu access permissions for a user are set according to the role of the user in the system. The role is specified at the time of creating the user. Further permissions/restrictions can be given by Setup Menu Access gear icon in the Manage Users page. On clicking corresponding to a user, the screen as in Image 5 opens up.
The left pane displays the main menu and the sub-menus. The permitted menu options for the selected user is given on the right. Start Date displays the date on which the menu access was given. End Date can be given (optional) to specify the date unto which the access is given. Select a Menu displayed on the left side and click the assign button to assign the menu for the user. On assigning the Start Date defaults to the current date. Provide an End date, if necessary, and click on Save.