Security Policy - Medical User Certificates

Article author
Colin Rixom
  • Updated

This feature allows for Clinicians to have restricted views of the other clinicians in the chamber while having full access to their own personal record. This will also prevent Clinicians from viewing each other's appointments and diaries, while still allowing access to any medical history recorded on a patient record.

The aspects affected by this are as follows:

  • Demographics
  • Schedule
  • Contacts
  • Documents

This feature is centred around role groups and Security Policies within Meddbase. If you are not familiar with these governance aspects of the application, please feel free to read through the two articles linked directly below.

If you are comfortable with these two features and governance settings within the application in general. Please feel free to continue.

Please read through and understand the changes this will make to your chamber before committing them as this may cause disruption to your users.

Step 1:

Navigate to the security policies via Start Page > Admin > Security Policy.
Before enabling the feature, we need to decide what restrictions you wish to apply when it comes to how clinicians view each other's info.

1) Expand the "Medical Person Certificates" and click on the default policy (or whichever is most commonly in use)
2) Select the role group of users you wish to apply this to

3) Set up the permissions you would like clinicians to have when it comes to accessing/modifying each other. In this example below, we have no permissions granted as we do not want the clinicians to have any access or modify of each other's information.



Step 2)
Now that we have removed/restricted all rights from all clinicians, we need to give these rights back to them in a way that allows them to only edit their own.

1) At the bottom of the Security Certificates on the left of the screen, you will notice "Medical User Certificates"

2) Once you have read through the explanations, tick the checkbox to allow all clinicians to have access to their own records, Demographics, Schedule's, Contacts and Documents while not having access to any of the other clinician's details (unless granted in step 1)

3) Click save to commit your changes

4) Once save is clicked, a notice will appear here showing how many clinician records are being updated and show you the progress of these changes. This may take a while if you have a large number of clinician records. You can close this entire page and come back at a later stage to see the progress if need be.



Important notes:

  • After step 1 is completed, the clinicians in the affected role group will have extremely restricted access until Step 2 is completed. We recommend testing this on a role group with a small number of clinicians in first or after hours to avoid disrupting users' access.
  • Step 2 grants clinicians' full access to their own records, if you wish to restrict what a clinician can do to their own records, simply use the deny tick box in Step 1.
  • When viewing a patients Appointment history, Appointments with other clinicians will be accessible allowing the clinicians to view any medical findings or history, however the clinician name who was in these historical appointments will be removed, as shown below.


If you have any concerns or queries, feel free to contact the support team via a ticket and we will be able to assist.