Security Policy - Company Certificates

Article author
Greg Pietras
  • Updated

What is the context?


Security Policies govern different aspects of data security in Meddbase. Each policy type (or certificate) governs a set of user permissions. 

These permissions determine if or how users will be able to interact with data protected by a given policy or certificate, e.g. Company record protected by a Company Policy; Patient record protected by a Patient Policy.

Many permissions need to be used in conjunction with permissions governed by other certificates e.g. Patient Certificate(s).

 

What is the purpose of the article?


This article provides a detailed description of user permissions governed by the Company Certificate(s).

The chamber company's record (the clinic) is also governed/protected by a Company Certificate and many of the permissions described below determine users' access to functionality in Meddbase, as the chamber company owns the chamber.

Permissions


Permission Description
View Company Summary Record

Allows users to view the Start Page including Tiles, Notifications, Email, Work items, People online. Users can search for Company records, without viewing details or modifying them. They can communicate with colleagues.

(Please note! Access to demographic records and other functionality is governed by other permissions).

Modify Company Summary Record Adds to the above user's ability to view Company's details page.
View Company Documents

Adds users' ability to access Company's document section.

(Please note! Viewing documents is governed by the Document Policy: Permissions>View document).

Modify Company Documents

Adds users' ability to upload, delete or change information for documents on the company record.

(Please note! this also requires granting permissions governed by the Document Policy: Permissions>Assign policy (for uploading), Download, Modify, Delete, Restore etc.)

View Company Accounts Adds users' ability to view the accounts section of companies. Lists of invoices, billing items, payments etc. can be viewed, but not individual items.
Modify Company Accounts

Adds users' ability to add, remove or modify individual items in the company accounts.

(Please note! Some items e.g. patient invoices, employer invoices, will require granting additional permissions on the Patient Policy: Permissions > View patient demographic and  Medical Person Policy: Permissions > View demographic).

*View Company Charge-bands and Service Prices

Adds users' ability to view the charge bands and service prices for all companies in Admin > Billing Rules.

*This permission has been updated as of October 2024: This rule now operates independently of System Admin. Users with this permission will now no longer also need System Admin permission granted to view Billing rules.

*Modify Company Charge-bands and Service Prices

Adds users' ability to create, change or delete charge-bands and billing rules in Admin>Billing Rules.

*This permission has been updated as of September 2024: This rule now operates independently of System Admin. Users with this permission will now no longer also need System Admin permission granted to view Billing rules.
View Company Referrals Adds users' ability to view referrals made to and from a company.
Modify Company Referrals

Adds users' ability to add, remove or modify items in the company referrals page.

(Please note! Viewing the referral letter here requires granting a permission on Patient Policy: Permissions > View patient medical record).

Can Make Company Into Chamber Adds users' ability to create new chambers from companies.
Modify Company Security Policy

Adds users' ability to modify this Company Certificate incl. adding permitted users or groups, modifying permissions, changing certificate owners.

(Please note! This also requires granting the 'System Administrator' permission governed by the Company Policy. 'System Administrator' permission gives access to Admin > Security Policy section.

Add and Modify User Adds users' ability to access to Admin > User Management and allows users to create other users.
Assign User licence Adds users' ability to assign licences to user accounts.
Remove User licence Adds users' ability to remove licences assigned to accounts.
Add Role Adds users' ability to create new roles.
Remove Role Adds users' ability to remove roles.
Modify Role Adds users' ability to rename roles and add/remove role group members.
Can View Contacts

Adds users' ability to view companies' contact lists.

Can Modify Contacts

Adds users' ability to create and change the details of companies' contacts.

*Can Propagate Page Layouts

Adds users' ability to propagate page layouts to other users.


*Please note: This is a new permission as of 14th October 2024.  This allows the gating of the following actions: 

  • Save my layout for everyone and as company default
  • Reset everyone to company default layout
  • Reset everyone to factory default layout
Create Patient Record

Adds users' ability to create new patient records.

(Please note! To assign a security policy to a patient record requires granting a permission on the Patient Policy: Permissions > Assign Policy).

Create Company Record

Adds users' ability to create new company records.

(Please note! To assign a security policy to a company requires granting another permission on the Company Policy: Permissions > Assign Policy).

Create Clinician Record

Adds users' ability to create new clinician records.

(Please note! To assign a security policy to a medical person record requires granting permission on the Medical Person Policy: Permissions > Assign Policy)

Create Non-Medical Person Record

Adds users' ability to create new non-medical staff records.

(Please note! To assign a security policy to a company requires granting another permission on the Non-Medical Person Policy: Permissions>Assign Policy)

*Create and Modify Document Template

Adds users' ability to create and modify new document templates.

(Please note! This needs to be used in tandem with a permission on the Document Policy: Permissions > Can assign policy).

*This permission has been updated as of September 2024:
'Create Document Template' has been changed to 'Create and Modify Document Template'. Users previously with create document template now have create and modify. Users without create document template can no longer modify templates.

Delete Document Template

Adds users' ability to delete document templates.

(Please note! This needs to be used in tandem with a permission on the Document Policy: Permissions>Delete document).

Create and Modify Document Type

Adds users' ability to modify (create, update or delete) a new document type. 

(Please note! Creating a new document type also requires granting the permission on the Document Policy: Permissions > Can assign policy).

Create a Task

Adds users' ability to create new tasks.

View Reports Server

Adds users' ability to access the Reports tile, view and run system reports.

(Please note! Users will only be able to view report results that they are permitted to see e.g. Patient Certificate: Permissions > View Patient Demographic)

System Administrator

Grants access to all tiles under Start Page > Admin.

(Please note! Other permissions on other policies may be required for some Admin functions e.g. Company Policy: Permissions > Viewing and Modifying Services)

*Can View Company Sites

Adds users' ability to view the sites of your clinic.

*This permission has been updated as of November 2024:

Previously users also needed the System Admin permission to be able to view company sites. This permission is now a standalone permission and gives users the ability to access Site Management in the Admin tile, without needing full system admin permissions. 

Please follow this article to read more about the Site Management page Adding Sites and Locations – Meddbase Help Center

*Can Modify Company Sites

Adds users' ability to change the name and delete your clinic’s sites in Admin > Site Management.

 

*This permission has been updated as of November 2024:

Previously users also needed the System Admin permission to be able to modify company sites. This permission is now a standalone permission and gives users the ability to access Site Management in the Admin tile, without needing full system admin permissions. 
Please follow this article to read more about the Site Management page Adding Sites and Locations – Meddbase Help Center

Mass Mail Patients

Adds users' ability to access the Mail Merges Server and allows users to send out mass emails to patients, companies or medical staff.

Can Take Control of Chamber

Adds users' ability to take control of chambers within your system (for systems with more than one chamber).

Can View Services

Adds users' ability to see and use the services created in your system.

Can Modify Services

Adds users' ability to change the service details such as name, default duration etc.

Can Raise Fee Invoices

Adds users' ability to raise invoices to patients and companies.

Can Use Postcode Lookup

Adds users' ability to search for address using the postal code when adding a record for a Company, Patient, Medical and Non-Medical Person.

Can Share Meta Data Fields with Patient

Adds users' ability to share numerical data captured in 'Meta fields' e.g. BP, BMI, Weight, Height etc. with the patient vie the Patient Portal.

(Please note! When this permission is granted the user can navigate to Admin > Patient Data Fields, select a visible field, check the 'Shared with Patient' box and 'Save')

Can Manage Medbase Licenses

Adds users' ability to access the Contract Management tile (via Admin > Contract management) and view current breakdown of Full and/or Concurrent licences, add or cancel licences and view licence history.

Can Bulk Re-assign Sessions/Appointments

Adds users' ability to to Re-assign Sessions/Appointments.

(via Start Page > Doctor Details > Site Scheduler > Re-assign).

Can Bulk Remove Sessions

Adds users' ability to Remove Sessions in bulk.

(via Start Page > Doctor Details > Site Scheduler > Re-assign).

Can Bulk Cancel Appointments

Adds users' ability to to Cancel Appointments in bulk.

(via Start Page > Doctor Details > Site Scheduler > Re-assign).

Can Book Appointment On Behalf Of Company

Adds users' ability to Book Appointment On Behalf Of Company e.g. on behalf of an Employer in Occupational Health.

Can Modify Invoice Line Items

Adds users' ability to edit billing items on an un-sent invoice e.g. re-assign to another invoice, change date, attendees etc.

(Please note! Depending on the invoice debtor e.g. patient, medical person, a permission to 'Modify Accounts' on the respective certificate needs to be granted e.g. Patient Certificate: Permissions>Modify Patient Accounts).

Can View Absences

Adds users' ability to view the patient's absences.

(Please note! This permission relates to the Absence Management chargeable feature used is Occupational Health)

Can Modify Absences

Adds users' ability to edit a patient's absence incl. status, reason, absence dates etc.
(Please note! This permission relates to the Absence Management chargeable feature used is Occupational Health)

Can Modify Session Templates


Adds users' ability to modify (create, update or delete) the companies' session templates.

(Please note! This does not affect users' ability to modify personal session templates).

Can Assign Policy

Adds users' ability to assign this policy to a company record.

Can Un-assign Policy

Adds users' ability to un-assign this policy on a company record.

(Please note! In case of having multiple Company Policies in your chamber, changing one policy to another on a company record requires the user to have Assign/Un-assign Policy permissions granted on both/all company policies).

 

 

Review date


This article was last updated on 4th of June 2021 in the context of Meddbase version 1.244.0.30956