What is the context?
Security Policies govern different aspects of data security in Meddbase. Each policy type (or certificate) governs a set of user permissions.
These permissions determine if/how users will be able to interact with data protected by a given policy or certificate, e.g. Company record protected by a Company Policy; Patient record protected by a Patient Policy.
Many permissions need to be used in conjunction with permissions governed by other certificates e.g. Company Certificate(s).
What is the purpose of the article?
This article provides a detailed description of user permissions governed by the Patient Certificate(s)
Please note: From February 2025, the following permissions' behaviours have been updated or added:
- View Documents* - New permission
- Modify Documents* - New permission
- View Patient Medical Record* - Behaviour updated
With these permissions, users are now be able to be granted access to View/Download or Edit a patient's documents, separately from being given access to View/Edit a patient's Medical Record. Any permissions previously set, will remain unaffected/assumed permissions.
Please note - interacting with individual documents requires permissions on the Document Policy assigned to respective documents e.g. View document - to view document list; Download document - to see document preview etc.
Permissions
| Permission | Description |
|---|---|
View Patient Demographic |
Allows users to search for patients and access their record page. The only actions this permission enables on the Patient's Record page are: Collaborate, Assign Task, Contact patient via Email or SMS, view Appointment History, write in their Message Feed. (Please note - This permission also requires granting the View Company Summary Record governed by the Company Policy.) |
Modify Patient Demographic |
Adds users' ability to view and modify patient's Personal Details e.g. Date of Birth or Address. |
View Documents* |
Adds users' ability to view documents associated with the patient. (Please note - interacting with individual documents requires permissions on the Document Policy assigned to respective documents e.g. View document - to view document list; Download document - to see document preview etc.) |
Modify Documents* |
Adds users' ability to modify documents associated with the patient. (Please note - interacting with individual documents requires permissions on the Document Policy assigned to respective documents e.g. View document - to view document list; Download document - to see document preview etc.) |
View Patient Medical Record* |
Adds users' ability to view the patient's Medical History and navigate to an individual Appointment Home Page. |
Modify Patient Medical Record |
Adds users' ability to log information in the patient's Medical History, navigate to an individual appointment's Consultation page and add/remove information on a Clinical Form. |
View Patient Accounts |
Adds users' ability to access the 'Eligibility and Cases' section and create a case, and access the 'Accounts' sections of the Patient's record page. |
Modify Patient Accounts |
Adds users' ability to add an authorisation in the 'Eligibility and Cases' section, add payments and mark invoices as sent in the 'Accounts' section of the Patient Record. |
Book Appointment for Patient |
Adds users' ability to book an appointment for a patient via Schedule, via Slot Finder and book a Walk-in Appointment. (Please note - This also requires the View Company Charge-bands and Service Prices and the View Services permissions granted on the relevant Company Policy.) |
Make Pathology Lab Request |
Adds users' ability to request Pathology from the respective laboratory. (Please note - This also requires the permissions to View Patient Demographic and Modify Patient Medical Record granted on the relevant Patient Policy.) |
Refer Patient |
Adds users' ability to refer the patient to an internal or external specialist. (Please note - Completing a referral also requires the View Document and Modify Document permissions granted on the relevant Document Policy.) |
View Patient Activity |
Adds users' ability to view the activity on the Patient Record e.g. page views, changes to the record etc. |
Delete Patient Record |
Adds users' ability to delete a patient's record. (Please note - Deleting a patient's record does not permanently remove it, but rather changes the status of the record to 'Deleted'. Deleted records can be restored.) |
Make Prescription |
Adds users' ability to prescribe a drug to the patient during a consultation. (Please note - Only a Medical Person can prescribe drugs.) |
Can View Referrals |
Adds users' ability to view the Patient's referrals. (Please note - This also requires the View Company Referrals permission granted on the relevant Company Policy.) |
Can View Contacts |
Adds users' ability to view the patient's contacts. |
Can Modify Contacts |
Adds users' ability to add, edit or remove patient's contacts. |
Can Share Message-Feed Messages With Patient/Employer |
Adds users' ability to share messages written in the message-feed on the patient's Record page with the patient via the Patient Portal and/or with the employer via the Referral Portal. |
Can Share Medical History Events With Patient |
Adds users' ability to share various elements of the medical history timeline with the patient via the Patient Portal. (Please note - Sharing documents with the patient via the Patient Portal or the patient's employer via the Referral Portal is governed by the Can Share Documents With Patient/Employer permission on the relevant Document Policy.) |
Can View Prescription |
Adds users' ability to view patient's prescriptions. |
Can Wipe Patient |
Adds users' ability to permanently remove a patient record after it had been 'Deleted'. (Please note! Wiping a patient involves permanent loss of data. If done by mistake, please contact Meddbase support immediately.) |
Can Merge Patient |
Adds users' ability to merge duplicate patient records. (Please note - Duplicate records are identified based on First Name, Surname and DOB matching. Record merge is permanent.) |
Can Close Case |
Adds users' ability to close an open case along with all related episodes (clinical forms). |
Can Reopen Case
|
Adds users' ability to re-open a closed case, thus restoring the ability to edit episodes related to the case. |
Can View Clinical Case Name |
Adds users' ability to view Case Names in the 'Eligibility and Cases' section of the patient record. (Please note - If the View Patient Medical Record permission is granted, it supersedes this permission and allows viewing Case Names along with the rest of the medical history.) |
Can Assign Policy |
Adds users' ability to assign this policy to a patient record. (Please note - Having this permission granted on a Patient Policy is necessary for creating patient records.) |
Can Un-assign Policy |
Adds users' ability to un-assign this policy and switch over to an alternative certificate. (Please note - This requires the Can Assign Policy permission granted on the alternative certificate.) |
Review date
This article was last updated on 29th October 2024.