Difference between revisions of "Security Gates"

From Galen Healthcare Solutions - Allscripts TouchWorks EHR Wiki
Jump to navigation Jump to search
 
(32 intermediate revisions by 9 users not shown)
Line 1: Line 1:
='''Security Gates Definitions'''=
+
__TOC__
[[TWAdmin]] > Security Admin (VTB) > Security tab (HTB) > Security Gates (drop down)
 
  
Items with * indicate carryover from v10
+
=Definition=
 +
Security Gates are access points within different areas of [[Allscripts Enterprise EHR]] which can be restricted or allowed based on a user's role within an organization. Security Gates are managed from [[TWAdmin]] > [[Security Admin]] (VTB) > Security tab (HTB) > Security Gates (drop down).
  
  
* '''[[Break Glass]]*'''- allows selected users to see secured documents by pressing the "Break Glass" button
+
''Note'': ''Items below with '''*''' below indicate carryover from v10 and items with '''**''' indicate that they cannot be turned off in Security Gates.''
* '''Confidential Patients'''*- used when the Practice Management System defines a patient as confidential
 
* '''Chart-View'''*- if enabled unauthorized users cannot view charts
 
* '''Chart-Edit'''*- if enabled unauthorized users can view, but not make changes to charts
 
* '''Chart-Print'''*- if enabled unauthorized users may be able to view and edit charts, but not print
 
* '''Chart-PrintChart-Set System Templates'''*- Will prevent the user from setting the system template when printing a chart
 
* '''Results-Verify'''- controls whether a user can/cannot verify results
 
* '''Results-Edit'''- controls whether a user can/cannot edit results; this code is needed to add vitals or manually enter in-office results such as Rapid Strep or Urinalysis results
 
* '''Results-Invalidate'''- controls the ability to invalidate results
 
* '''Document-Invalidate'''- controls the ability to invalidate a note
 
* '''Document-Reconcile'''- defines the ability of a user to correct inbound unstructured notes
 
* '''Document-Management'''- allows for management of existing documents in the Document Management section
 
* '''Chart-PrintChart'''*- determines if a user can print a chart via the "Print Chart" button
 
* '''Restricted Patient Gate'''- forces unauthorized users to enter a password to access patients in this group
 
* '''Employee and Family Patient Group Gate'''- forces unauthorized users to enter a password to access patients in this group
 
* '''VIP Patient Group Gate'''- forces unauthorized users to enter a password to access patients in this group
 
* '''Results-EditInterface'''- allow/disallow a user to edit results that are automatically brought in via the interface
 
* '''Physician Administration Tool Admin'''- allows users defined as PAT Admins to create/edit items in the Physicians Admin Tools menu.
 
* '''Physician Administration Tool Group Lead'''- similar to above, but allows for PAT users to be defined as a Group Leaders. These Group Leaders can only modify settings for users in their associate group (example: Radiologists)
 
*'''Can Prescribe''' - allows a user to prescribe medication
 
* '''Can Renew'''- allows a user to renew a medication, but not add or modify new/current meds
 
* '''Chart-Alert-View'''- allow/disallow viewing of Chart Alerts on the Clinical Toolbar
 
* '''Chart-Alert-Edit'''- allow/disallow creating or editing of Chart Alerts on the Clinical Toolbar
 
* '''Non-Med Order Protocol'''- skips creating a task to "Authorize Order" when a user with out the proper ordering authority requests a non-medication order. Allows user to select "By Protocol" when ordering to accomplish
 
* '''Med Order Protocol'''- skips creating a task for the prescribing Physician for users who are authorized and are prescribing a level II medication. Allows user to select "By Protocol" when ordering to accomplish
 
* '''iHealthEReply'''- allows for messaging to patients via an Interactive Health Record
 
* '''Workspace View-Edit'''- allows user to change thier preassigned worlkist views, but they cannot edit them. User MUST have this key to edit
 
* '''WorkListAdmin'''- controls the ability to administer the worklist views of other users. This would be given to the same types of people that would get the ability to create task lists (think of it like enterprise task views).  Typically this would not include Help Desk users, but certainly administrators and occasionally site admins.
 
* '''History Items'''- this gate is no longer used.
 
* '''[[Clinical Desktop]] View-Edit'''- user MUST have to edit thier Clinical Desktop view. with out it they can still switch between thier predefined views.
 
* '''[[ChartViewer]] View-Edit'''- same as Clinical Desktop View-Edit except for Chart Viewer
 
* '''Worklist View - Edit'''- same as Clinical Desktop View-Edit except for Worklist View
 
* '''Note View - Edit'''- same as Clinical Desktop View-Edit except for Note View
 
  
===The following cannot be turned off in Security Gates===
+
=Security Gates =
* '''Print Queue-View Rx'''- allows for viewing of Rx jobs in Touchworks
+
 
* '''Print Queue-View Chart Item'''- allows for viewing of Chart Item jobs in Touchworks
+
{| class="wikitable sortable collapsible" border="1"
* '''Print Queue-View Coversheet'''- allows for viewing of Coversheet jobs in Touchworks
+
| align="center" style="background:#f0f0f0;"|'''Gate'''
* '''Print Queue-Reroute Chart Item'''- allows for viewing of Reroute Chart Item jobs in Touchworks
+
| align="center" style="background:#f0f0f0;"|'''Definition'''
* '''Print Queue-RerouteRx'''- allows for viewing of RerouteRx jobs in Touchworks
+
| align="center" style="background:#f0f0f0;"|'''When Gate is "Locked"'''
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Can Prescribe*'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows a user to prescribe a medication under user's own name
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Unable to prescribe medications under user's own name
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''[[Break Glass]]*'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows user(s) to see secured documents by means of the "Break Glass" icon in the patient banner
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| User(s) cannot break glass to view secured documents
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Confidential Patients*'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Used when the Practice Management System defines a patient as confidential
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Patient chart cannot be accessed, tasks cannot be sent regarding this patient to user's without this code, and name is hidden on daily schedule
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Chart-View*'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows viewing access to patient charts
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot view patient charts
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Chart-Edit*'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows access to edit patient charts
 +
| style="border-style: solid; border-width: 0 1px 1px 0"|Unauthorized users can view, but cannot edit patient charts
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Chart-Print*'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows access to print patient charts
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Unauthorized users can view and edit patient charts, but cannot print patient charts
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Chart-PrintChart-Set [[System Templates]]*'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows access to set system template(s) when printing charts
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot set system template(s) when printing charts
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Results-Verify'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows access to verify results
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot verify results
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Results-Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows access to edit results; this code is needed to add vitals or to manually enter in-office or point-of-care results such as a Rapid Strep or Urinalysis
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot enter or edit results or edit vitals
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Results-Invalidate'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Controls the ability to invalidate results
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot invalidate results
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Document-Invalidate'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Controls the ability to invalidate documents
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot invalidate documents
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Document-Invalidate-Without-Finalization -Authority'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows the user to invalidate  the note irrespective of Finalization Authority level of the user as compared to the Finalization Authority of the Note.
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot invalidate the note.
 +
 
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Document-Reconcile'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows correction of unstructured documents (typically these are transcriptions received via [[ConnectR]]
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot correct unstructured documents
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Document-Management'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows for management of documents in the Document Management workspace
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot access Document Management workspace or perform the functions unique to this workspace
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Chart-PrintChart'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows for printing of more than one document from a patient chart via the "Print Chart" button
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Print Chart button is disabled and user can only fax one document at a time
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Restricted Patient Access Security Code'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Grants unrestricted access to patients assigned to this [[Patient Security Access Groups|Patient Security Access Group]]
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Access to chart is restricted by a prompt asking for password entry and notification of chart actions undergoing a detailed audit
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Employee & Family Patient Security Code'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Grants unrestricted access to patients assigned to this [[Patient Security Access Groups|Patient Security Access Group]]
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Access to chart is restricted by a prompt asking for password entry and notification of chart actions undergoing a detailed audit
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''VIP Patient Access Security Code'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Grants unrestricted access to patients assigned to this [[Patient Security Access Groups|Patient Security Access Group]]
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Access to chart is restricted by a prompt asking for password entry and notification of chart actions undergoing a detailed audit
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Results-EditInterface'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Provides access to edit results that are automatically filed via the interface
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot edit results that are filed via the interface
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Physician Administration Tool Admin'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows users defined with the [[PAT|Physician Admin Tools]] as part of their workspace to create/edit items in the [[PAT]] menu
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot create or edit items in [[PAT]]
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Physician Administration Tool Group Lead'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows users defined with the [[PAT|Physician Admin Tools] as part of their workspace to create/edit items as Group Leader for other users in their group in the [[PAT]] menu (example: Radiologists)
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot create or edit items for other users
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''EReply'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows user(s) to send messages to patients via the [[Allscripts Enterprise EHR Patient Portal|Patient Portal]]
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot send messages to patient through the portal
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''[[Clinical Desktop]] View-Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Grants a user to edit their own [[Clinical Desktop]] views.
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot edit their own [[Clinical Desktop]] views, however a user can still switch between their pre-defined views
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''[[ChartViewer]] View-Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Grants a user to edit their own [[ChartViewer]] views.
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot edit their own [[ChartViewer]] views, however a user can still switch between their pre-defined views
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Can Renew'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows renewing of medication while still restricting modifying existing meds or adding new meds
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot renew medications
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Print Queue-View Rx**'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows for viewing of Rx jobs in the Print Queue
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot view Rx jobs in the Print Queue
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Print Queue-View Chart Item**'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows for viewing of chart item jobs in the Print Queue
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot view chart item jobs in the Print Queue
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Print Queue-View Coversheet**'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows for viewing of coversheets for jobs in the Print Queue
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot view coversheets for jobs in the Print Queue
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Print Queue-Reroute Chart Item**'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows ability to reroute chart item jobs in the Print Queue
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot reroute chart item jobs in the Print Queue
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Chart-Alert-View'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Grants access to view [[Chart Alerts]] on the [[Clinical toolbar]]
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot view [[Chart Alerts]]
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Chart-Alert-Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Grants access to create or edit [[Chart Alerts]] on the [[Clinical toolbar]]
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot create or edit [[Chart Alerts]]
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Non-Med Order Protocol'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows user to select "By Protocol" option, giving organizations the ability to circumvent the Authorize Order task that is created when the user's preference for orders is set to Prospective authorization. This indicates that a verbal authorization was granted or the established protocol was followed
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| "By Protocol" option is not present upon ordering, forcing typical workflow for Prospective authorization for applicable users upon ordering non-medication orders
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Med Order Protocol'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows user to select "By Protocol" option, giving organizations the ability to circumvent the Authorize Order task that is created when the user's preference for medication orders is set to Prospective authorization. This indicates that a verbal authorization was granted or the established protocol was followed
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| "By Protocol" option is not present upon ordering, forcing typical workflow for Prospective authorization for applicable users upon ordering medication orders
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''WorkListAdmin'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Controls the ability to administer worklist views of other users. This is typically given to the same role of users who also have the ability to create tasks views (think of it like enterprise task views, only for worklists). Typically this would not include Help Desk users, but certainly administrators and occasionally site admins
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot administer worklist views of other users
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Worklist View - Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Grants a user to edit their own [[Worklist]] views.
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot edit their own [[Worklist]] views, however a user can still switch between their pre-defined views
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Note View - Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Permits editing of [[Note]] views.
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot edit [[Note]] views
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''TWUser-Provider-Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows modification of settings under provider detail menus within [[TWAdmin]]
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot edit settings under provider detail menus in [[TWAdmin]]
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''TWuser-User Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows modification of settings under user details menu within [[TWAdmin]]
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot edit settings under user details menu in [[TWAdmin]]
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Patient Report Exempt-Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Permits modification of the Patient Report Exempt
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot edit the Patient Report Exempt
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Can Reprint/Resend Rx'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows a user to reprint or resend a prescription, but does not grant the ability to write a new prescription
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot reprint/resend prescriptions
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Patient Profile Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows editing of info in the Patient Profile window
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot edit any information in the Patient Profile. This effectively prevents users from adding chart alerts or changing the PCP - see also [[Lock PCP]]
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Order-Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows editing of an existing order (i.e. a physician places an order and then someone without the proper "ordering authority" needs to update the order with the necessary information)
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot edit an existing order
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Recommendation View'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows viewing of recommendations
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot view recommendations
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Recommendation Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows editing of recommendations
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot edit recommendations
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''CQS Access'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows access to [[CQS]]
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Restricts access to [[CQS]]
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Chart Download'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows "Chart Download" option in [[ChartViewer]]
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot use "Chart Download" option in [[ChartViewer]]
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''CanCSInvalid'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows the user to invalidate RTF clinical Summaries and visit summary CED’s. The user must also have the Chart-Edit security code.
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot invalidate RTF clinical Summaries and visit summary CED’s.
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Imm Reg Patient Matching'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Permits users to view and take patient matching action on '''ImmunizationRegistryRespondedEvent''' messages with Needs Matching status from the Match Patient tab on Message Queue.
 +
 
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| User not allowed to take patient matching action.
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Interface Error Queue Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Permits users to edit information on the Error Queue page, as well as pages accessed from that page, including the Message Details page, the Bridge Details page, and the Change MRN Details page.
 +
 
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| User restricted from editing information on the Error Queue page.
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Interface Error Queue View'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Permits users to view (but not  edit) information on the Error Queue page as well as pages accessed from that page.
 +
 
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| User restricted from viewing  information on the Error Queue page.
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Order Billable ICD-10'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows users to run this report.
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Restricts users from running this report.
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Override Absolute Contraindication'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Enables users to override an Absolute Contraindication DUR Alert
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot override an Absolute Contraindication DUR Alert
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Override Do Not Release Order'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Enables the provider to modify the Do Not Release check box for orders where the orderable item in the Orderable Item dictionary has the Do Not Release Flag set either to Always Release - User Can Override or Do Not Release - User can Override.
 +
 
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Cannot override the Do Not Release order
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''Preceptor Note - Edit'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows users to add the Preceptor Note section to a note and to edit contents of that section.
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Restricts users from adding Preceptor Note section.
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''CDS Exclude One Prov'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows users to exclude patients for Point of Care (POC) recommendations for the provider who owns the recommendation.
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Restricts users from excluding patients.
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''CDS Suppress'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Allows users suppress POC  recommendations.
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Restricts users from suppressing recommendations.
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''PMT Access'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''NOTE:''' This security gate is only available on Allscripts Touchworks EHR systems with a successfully completed PMT server side installation. New Allscripts Touchworks EHR 11.4 clients will not see this gate since problem mapping is not required. 
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Restricts or permits user access
 +
|-
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''PMT Administration'''
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| '''NOTE:''' This security gate is only available on Allscripts Touchworks EHR systems with a successfully completed PMT server side installation. New Allscripts Touchworks EHR 11.4 clients will not see this gate since problem mapping is not required. 
 +
| style="border-style: solid; border-width: 0 1px 1px 0"| Restricts or permits user admin access
 +
|}
 +
 
 +
==Security Codes==
 +
[[V11_Security_Codes | V11 Security Codes]]
 +
 
 +
Back to [[Security]]

Latest revision as of 20:45, 21 July 2014

Definition

Security Gates are access points within different areas of Allscripts Enterprise EHR which can be restricted or allowed based on a user's role within an organization. Security Gates are managed from TWAdmin > Security Admin (VTB) > Security tab (HTB) > Security Gates (drop down).


Note: Items below with * below indicate carryover from v10 and items with ** indicate that they cannot be turned off in Security Gates.

Security Gates

Gate Definition When Gate is "Locked"
Can Prescribe* Allows a user to prescribe a medication under user's own name Unable to prescribe medications under user's own name
Break Glass* Allows user(s) to see secured documents by means of the "Break Glass" icon in the patient banner User(s) cannot break glass to view secured documents
Confidential Patients* Used when the Practice Management System defines a patient as confidential Patient chart cannot be accessed, tasks cannot be sent regarding this patient to user's without this code, and name is hidden on daily schedule
Chart-View* Allows viewing access to patient charts Cannot view patient charts
Chart-Edit* Allows access to edit patient charts Unauthorized users can view, but cannot edit patient charts
Chart-Print* Allows access to print patient charts Unauthorized users can view and edit patient charts, but cannot print patient charts
Chart-PrintChart-Set System Templates* Allows access to set system template(s) when printing charts Cannot set system template(s) when printing charts
Results-Verify Allows access to verify results Cannot verify results
Results-Edit Allows access to edit results; this code is needed to add vitals or to manually enter in-office or point-of-care results such as a Rapid Strep or Urinalysis Cannot enter or edit results or edit vitals
Results-Invalidate Controls the ability to invalidate results Cannot invalidate results
Document-Invalidate Controls the ability to invalidate documents Cannot invalidate documents
Document-Invalidate-Without-Finalization -Authority Allows the user to invalidate the note irrespective of Finalization Authority level of the user as compared to the Finalization Authority of the Note. Cannot invalidate the note.
Document-Reconcile Allows correction of unstructured documents (typically these are transcriptions received via ConnectR Cannot correct unstructured documents
Document-Management Allows for management of documents in the Document Management workspace Cannot access Document Management workspace or perform the functions unique to this workspace
Chart-PrintChart Allows for printing of more than one document from a patient chart via the "Print Chart" button Print Chart button is disabled and user can only fax one document at a time
Restricted Patient Access Security Code Grants unrestricted access to patients assigned to this Patient Security Access Group Access to chart is restricted by a prompt asking for password entry and notification of chart actions undergoing a detailed audit
Employee & Family Patient Security Code Grants unrestricted access to patients assigned to this Patient Security Access Group Access to chart is restricted by a prompt asking for password entry and notification of chart actions undergoing a detailed audit
VIP Patient Access Security Code Grants unrestricted access to patients assigned to this Patient Security Access Group Access to chart is restricted by a prompt asking for password entry and notification of chart actions undergoing a detailed audit
Results-EditInterface Provides access to edit results that are automatically filed via the interface Cannot edit results that are filed via the interface
Physician Administration Tool Admin Allows users defined with the Physician Admin Tools as part of their workspace to create/edit items in the PAT menu Cannot create or edit items in PAT
Physician Administration Tool Group Lead Allows users defined with the [[PAT|Physician Admin Tools] as part of their workspace to create/edit items as Group Leader for other users in their group in the PAT menu (example: Radiologists) Cannot create or edit items for other users
EReply Allows user(s) to send messages to patients via the Patient Portal Cannot send messages to patient through the portal
Clinical Desktop View-Edit Grants a user to edit their own Clinical Desktop views. Cannot edit their own Clinical Desktop views, however a user can still switch between their pre-defined views
ChartViewer View-Edit Grants a user to edit their own ChartViewer views. Cannot edit their own ChartViewer views, however a user can still switch between their pre-defined views
Can Renew Allows renewing of medication while still restricting modifying existing meds or adding new meds Cannot renew medications
Print Queue-View Rx** Allows for viewing of Rx jobs in the Print Queue Cannot view Rx jobs in the Print Queue
Print Queue-View Chart Item** Allows for viewing of chart item jobs in the Print Queue Cannot view chart item jobs in the Print Queue
Print Queue-View Coversheet** Allows for viewing of coversheets for jobs in the Print Queue Cannot view coversheets for jobs in the Print Queue
Print Queue-Reroute Chart Item** Allows ability to reroute chart item jobs in the Print Queue Cannot reroute chart item jobs in the Print Queue
Chart-Alert-View Grants access to view Chart Alerts on the Clinical toolbar Cannot view Chart Alerts
Chart-Alert-Edit Grants access to create or edit Chart Alerts on the Clinical toolbar Cannot create or edit Chart Alerts
Non-Med Order Protocol Allows user to select "By Protocol" option, giving organizations the ability to circumvent the Authorize Order task that is created when the user's preference for orders is set to Prospective authorization. This indicates that a verbal authorization was granted or the established protocol was followed "By Protocol" option is not present upon ordering, forcing typical workflow for Prospective authorization for applicable users upon ordering non-medication orders
Med Order Protocol Allows user to select "By Protocol" option, giving organizations the ability to circumvent the Authorize Order task that is created when the user's preference for medication orders is set to Prospective authorization. This indicates that a verbal authorization was granted or the established protocol was followed "By Protocol" option is not present upon ordering, forcing typical workflow for Prospective authorization for applicable users upon ordering medication orders
WorkListAdmin Controls the ability to administer worklist views of other users. This is typically given to the same role of users who also have the ability to create tasks views (think of it like enterprise task views, only for worklists). Typically this would not include Help Desk users, but certainly administrators and occasionally site admins Cannot administer worklist views of other users
Worklist View - Edit Grants a user to edit their own Worklist views. Cannot edit their own Worklist views, however a user can still switch between their pre-defined views
Note View - Edit Permits editing of Note views. Cannot edit Note views
TWUser-Provider-Edit Allows modification of settings under provider detail menus within TWAdmin Cannot edit settings under provider detail menus in TWAdmin
TWuser-User Edit Allows modification of settings under user details menu within TWAdmin Cannot edit settings under user details menu in TWAdmin
Patient Report Exempt-Edit Permits modification of the Patient Report Exempt Cannot edit the Patient Report Exempt
Can Reprint/Resend Rx Allows a user to reprint or resend a prescription, but does not grant the ability to write a new prescription Cannot reprint/resend prescriptions
Patient Profile Edit Allows editing of info in the Patient Profile window Cannot edit any information in the Patient Profile. This effectively prevents users from adding chart alerts or changing the PCP - see also Lock PCP
Order-Edit Allows editing of an existing order (i.e. a physician places an order and then someone without the proper "ordering authority" needs to update the order with the necessary information) Cannot edit an existing order
Recommendation View Allows viewing of recommendations Cannot view recommendations
Recommendation Edit Allows editing of recommendations Cannot edit recommendations
CQS Access Allows access to CQS Restricts access to CQS
Chart Download Allows "Chart Download" option in ChartViewer Cannot use "Chart Download" option in ChartViewer
CanCSInvalid Allows the user to invalidate RTF clinical Summaries and visit summary CED’s. The user must also have the Chart-Edit security code. Cannot invalidate RTF clinical Summaries and visit summary CED’s.
Imm Reg Patient Matching Permits users to view and take patient matching action on ImmunizationRegistryRespondedEvent messages with Needs Matching status from the Match Patient tab on Message Queue. User not allowed to take patient matching action.
Interface Error Queue Edit Permits users to edit information on the Error Queue page, as well as pages accessed from that page, including the Message Details page, the Bridge Details page, and the Change MRN Details page. User restricted from editing information on the Error Queue page.
Interface Error Queue View Permits users to view (but not edit) information on the Error Queue page as well as pages accessed from that page. User restricted from viewing information on the Error Queue page.
Order Billable ICD-10 Allows users to run this report. Restricts users from running this report.
Override Absolute Contraindication Enables users to override an Absolute Contraindication DUR Alert Cannot override an Absolute Contraindication DUR Alert
Override Do Not Release Order Enables the provider to modify the Do Not Release check box for orders where the orderable item in the Orderable Item dictionary has the Do Not Release Flag set either to Always Release - User Can Override or Do Not Release - User can Override. Cannot override the Do Not Release order
Preceptor Note - Edit Allows users to add the Preceptor Note section to a note and to edit contents of that section. Restricts users from adding Preceptor Note section.
CDS Exclude One Prov Allows users to exclude patients for Point of Care (POC) recommendations for the provider who owns the recommendation. Restricts users from excluding patients.
CDS Suppress Allows users suppress POC recommendations. Restricts users from suppressing recommendations.
PMT Access NOTE: This security gate is only available on Allscripts Touchworks EHR systems with a successfully completed PMT server side installation. New Allscripts Touchworks EHR 11.4 clients will not see this gate since problem mapping is not required. Restricts or permits user access
PMT Administration NOTE: This security gate is only available on Allscripts Touchworks EHR systems with a successfully completed PMT server side installation. New Allscripts Touchworks EHR 11.4 clients will not see this gate since problem mapping is not required. Restricts or permits user admin access

Security Codes

V11 Security Codes

Back to Security

Retrieved from "https://wiki.galenhealthcare.com/index.php?title=Security_Gates&oldid=18295"