Security Profile Overview

Security is implemented in part by restricting rights through the use of security profiles. Administrators create these profiles by setting access levels to various categories or the operations within each category. Once a security profile is defined, administrators can apply the profile to any user they wish. A security profile is a system level setting: Once it is created, therefore, any administrator (across domains as well) can apply the profile to any user. Each domain may have its own unique set of security requirements and create profiles to match those requirements; however, those profiles are not limited to the domain in which they were created. Rather, security profiles help to define a type of user. Users are then assigned to a domain and given a security profile for that domain.

Levels of Operations

Program operations are broken down into categories, subcategories, and individual operations. Categories not only help you locate operations quickly and efficiently but also help you assign rights for the current profile configuration.

1. Select Data Maintenance > System and Security > Security Profiles from the Main menu. The Edit Security Profiles screen will appear. In this screen, the following list of operations categories will appear with a right-facing triangle next to each one.
• Appointment Operations
• Block Operations
• Case (Account) Operations
• Conflict Operations
• Grid Features
• Hold Operations
• Orders Handling
• Patient Portal
• Purge Operations
• Reports
• Resource Manager (only available to clients who have purchased WellSky Resource Manager full suite)
• Template/Shift Schedule Operations
• Text Message Setup Operations
• Wait List Operations
2. Begin typing on the grid. The Advanced Patient Search screen will appear with the text you type in whatever your chosen focus field is.
3. Click the right-facing arrow next to the Appointment Operations category as an example. It should expand to list the following options:

Appointment Operations (note the arrow now points downward)

• Add Appointment
• Change Appointment Status
• Copy Appointment
• Delete Appointment
• Edit Appointment
• Find Appointment
• Move/Reschedule and Appointment
• Payment Operations

The Change Appointment Status, the Move/Reschedule Appointment, and the Payment Operations should have an arrow next to their entry. Simply click the arrow next to either of these to expand the tree out further and view the individual operations of the subcategories.

Appointment Operations

• Add Appointment
• Change Appointment Status

Close Day

• Copy Appointment
• Delete Appointment
• Edit Appointment
• Find Appointment
• Move/Reschedule  Appointment

Add/Remove Resources from Existing Appointments

• Payment Operations

Add Payment

Delete Payment

Edit Payment

Operation Access Levels

A user’s ability to perform an operation is defined by the level of access provided in their user security profile. An access right may be set to:

Full access allows the user to perform the operation without restriction.

Read-only access allows the user to only view information, it does not allow modification.

None completely restricts the user from the operation.

All categories are set to None as the default. Most categories and subcategories can be set to Full, Read-only, or None. Some categories and operations, however, have only Full or None as options in that Read-Only would not make sense. When you set a category to Read-Only, the assigned right status will read Mixed. When a category or subcategory is set to Read-Only, the operations that control a users ability to change data are automatically set to None. Operations that govern access to a screen or the ability to look up data will be set to Read-Only.

Distinguishing Rights Through the Use of Color

The use of color is also used to differentiate security levels. Use the colors to reference the level of operation you are working with in relation to the other operations.

• The highest level of access, categories and the subcategories that have subordinate operations under them, are indicated by blue text in parenthesis.
• The lowest level of access, individual operations and the subcategories that are operations in and of themselves, are indicated by black underlined text.

Case Operations

The Case Operations category is slightly different than the other ones. When the Case Operations category is set to Read-only, the assigned right will be Mixed and the Edit Case subcategory will be Read-only (Mixed). This indicates that the sub-rights of editing a case are not Read-Only because Edit Case is a right in and of itself. Also, there are secondary rights of Edit Case (adding an authorization, changing diagnoses, etc.). Users will be able to access the patient Case tab in Read-Only mode, but not be able to perform such functions as changing diagnoses or adding authorizations. Users will, however, be able to change the note, the contact fields, and dates. If every right underneath Edit Case is changed to Read Only, the italicization and “(Mixed)” would disappear.