Security Policy - Patient Certificates

Article author
Greg Pietras
  • Updated

What is the context?


Security Policies govern different aspects of data security in Meddbase. Each policy type (or certificate) governs a set of user permissions. 

These permissions determine if/how users will be able to interact with data protected by a given policy or certificate, e.g. Company record protected by a Company Policy; Patient record protected by a Patient Policy.

    Please note: Many permissions need to be used in conjunction with permissions governed by other certificates e.g. Company Certificate(s).  

 

What is the purpose of the article?


This article provides a detailed description of user permissions governed by the Patient Certificate(s)

   

Permissions


Permission Description
View Patient Demographic

Allows users to search for patients and access their record page. The only actions this permission enables on the Patient's Record page are: Collaborate, Assign Task, Contact patient via Email or SMS, view Appointment History, write in their Message Feed.

(Please note - This permission also requires granting the View Company Summary Record governed by the Company Policy.)

Modify Patient Demographic Adds users' ability to view and modify patient's Personal Details e.g. Date of Birth or Address.
View Patient Medical Record

Adds users' ability to view the patient's Medical History and navigate to an individual Appointment Home Page. Also adds users' ability to visit the Documents section on the patient's record.

(Please note - Viewing and interacting with individual documents requires permissions on the Document Policy assigned to respective documents e.g. View document - to view document list; Download document - to see document preview etc.)

Modify Patient Medical Record

Adds users' ability to log information in the patient's Medical History, navigate to an individual appointment's Consultation page and add/remove information on a Clinical Form.

View Patient Accounts Adds users' ability to access the 'Eligibility and Cases' section and create a case, and access the 'Accounts' sections of the Patient's record page.
Modify Patient Accounts Adds users' ability to add an authorisation in the 'Eligibility and Cases' section, add payments and mark invoices as sent in the 'Accounts' section of the Patient Record.
Book Appointment for Patient

Adds users' ability to book an appointment for a patient via Schedule, via Slot Finder and book a Walk-in Appointment.

(Please note - This also requires the View Company Charge-bands and Service Prices and the View Services permissions granted on the relevant Company Policy.)

Make Pathology Lab Request

Adds users' ability to request Pathology from the respective laboratory.

(Please note - This also requires the permissions to View Patient Demographic and Modify Patient Medical Record granted on the relevant Patient Policy.)

Refer Patient

Adds users' ability to refer the patient to an internal or external specialist.

(Please note - Completing a referral also requires the View Document and Modify Document permissions granted on the relevant Document Policy.)

View Patient Activity

Adds users' ability to view the activity on the Patient Record e.g. page views, changes to the record etc.

Delete Patient Record

Adds users' ability to delete a patient's record.

(Please note - Deleting a patient's record does not permanently remove it, but rather changes the status of the record to 'Deleted'. Deleted records can be restored.)

Make Prescription

Adds users' ability to prescribe a drug to the patient during a consultation.

(Please note - Only a Medical Person can prescribe drugs.)

Can View Referrals

Adds users' ability to view the Patient's referrals.

(Please note - This also requires the View Company Referrals permission granted on the relevant Company Policy.)

Can View Contacts

Adds users' ability to view the patient's contacts.

Can Modify Contacts

Adds users' ability to add, edit or remove patient's contacts.

Can Wipe Patient

Adds users' ability to permanently remove a patient record after it had been 'Deleted'.

(Please note! Wiping a patient involves permanent loss of data. If done by mistake, please contact Meddbase support immediately.)

Can Share Message-Feed Messages With Patient/Employer

Adds users' ability to share messages written in the message-feed on the patient's Record page with the patient via the Patient Portal and/or with the employer via the Referral Portal.

Can Merge Patient

Adds users' ability to merge duplicate patient records.

(Please note - Duplicate records are identified based on First Name, Surname and DOB matching. Record merge is permanent.)

Can View Clinical Case Name

Adds users' ability to view Case Names in the 'Eligibility and Cases' section of the patient record.

(Please note - If the View Patient Medical Record permission is granted, it supersedes this permission and allows viewing Case Names along with the rest of the medical history.)

Can Close Case

Adds users' ability to close an open case along with all related episodes (clinical forms).

Can Reopen Case

Adds users' ability to re-open a closed case, thus restoring the ability to edit episodes related to the case.

Can Share Medical History Events With Patient

Adds users' ability to share various elements of the medical history timeline with the patient via the Patient Portal.

(Please note - Sharing documents with the patient via the Patient Portal or the patient's employer via the Referral Portal is governed by the Can Share Documents With Patient/Employer permission on the relevant Document Policy.)

Can View Prescription

Adds users' ability to view patient's prescriptions.

Can Assign Policy

Adds users' ability to assign this policy to a patient record.

(Please note - Having this permission granted on a Patient Policy is necessary for creating patient records.)

Can Un-assign Policy

Adds users' ability to un-assign this policy and switch over to an alternative certificate.

(Please note - This requires the Can Assign Policy permission granted on the alternative certificate.)

 

Review date


This article was last updated on 24 June 2021 in the context of Meddbase version 1.245.0.31616