eHana EHR Security & Permissions

Glossary of terms

“Capability”

Category that controls a specific area of permissions e.g. View Clients, Create Client Documents

“HIPAA”

Health Insurance Portability and Accountability Act that governs access and privacy of client information

“PHI”

Protected Health Information.  Any information about health status, provision of health care, or payment for health care that can be linked to a specific individual.  This includes any part of a client’s medical record

“Plugin”

Within a capability, the options that the capability can be applied to.  e.g. Assigned Clients, All (clients) in Program

“Program”

A set of services provided.  Examples are Outpatient, IHT, CBFS, etc.  Each of these is a separate program in the EHR.  Each program has their own ‘tab’ on client charts so saved documents are stored accordingly.

“Site”

Typically a location where a set of services are offered. Within an Outpatient program, an agency may have multiple locations that offer that set of services. For a Boston agency, they may have a West Boston site, an East Boston site, and a Central Boston site.  Sites within a program use the same documents and follow the same business rules.  The individual sites are separate instances of the program.

“Task Set”

Related document workflows grouped together for display purposes on client charts.  e.g. The Comprehensive Assessment task set contains links to begin an Adult Comprehensive Assessment, Child Comprehensive Assessment, Assessment Updates, and stand-alone assessment addenda.

“Workflow”

Any document written in the EHR.  Assessments, Treatment Plans, Progress Notes, and Discharge Plans are all examples of a workflow.

Introducing "Permissions"

To access permissions, select the Admin tab from your home screen. From the Admin page, select the Security sidetab and choose the program where you are setting permissions.

Our intention was to design a system that while extremely powerful is relatively straightforward. Once you’ve accessed the program you’re interested, find the permission capability you want to update, hit “Edit”, and make the appropriate change.

Of course there’s a lot more to it than that, as described in the following pages. Healthcare privacy and security regulations are complex, especially when dealing with clients with mental health and addiction challenges and specific healthcare conditions. We’ve built a system capable of ensuring client data remains secure as determined by your agency’s policies and procedures.

Let’s start with the relationship between roles and permissions. Every “program” in your agency includes a number of “roles.” For example, an “Outpatient” program may have the “Clinician” role. Individual employees are granted these “roles”, sometimes in a time-limited fashion.

Within a program (such as Outpatient), a role (such as Clinician) is given certain “Permissions”, or more technically, “Capabilities” (such as “View Clients”). Users assigned to that role are, by proxy, given the same permissions.

Confused? Bear with us. Let’s cover some of the basic concepts we’ll be using throughout this document.

Permissions

Generally speaking, there are four permissions that are used within the EHR:

Create

Who can create/add this item (intake a new client, write a new progress note)

View

Who can view this item (a client’s chart, a saved progress note)

Edit

Who can make a change to a saved item (change client demographics, change a value on a saved progress note)

Delete (generally restricted to administrators)

Delete applies to all EHR items, however, it is not a permission that we ever recommend granting to any roles except for Administrator. The delete permission removes items that were previously saved to the EHR and could impact items that have already been billed and have other unexpected repercussions.

Capabilities

A capability is a category that controls a specific area of permissions e.g. View Clients, Create Client Documents, etc.  The example below is the capability to Create and Intake Clients

Plugins

A plugin defines a subset of clients that the permission will be granted on. The plugins available are

  • In Program
  • In Program and Site
  • Assigned Clients.

In the IHT program example below, a user with the IHT Test Role will be able to view all clients in the IHT program.

Task Sets

When granting document permissions, users are able to select task sets. Task sets define how the documents are grouped on the client chart. Although program-specific, these are most commonly seen broken out into Client Tasks, Individualized Action Plan Tasks, Comprehensive Assessment Tasks, and Doctor/Nurse Tasks.

Working with Permissions

It is highly recommended that system administrators test their permissions changes on their agency’s sandbox environment prior to updating the production (live) environment. The sandbox may be accessed at agencyname-sandbox.ehana.com using your regular username and password.

With great power comes great responsibility!
It is very important that even the smallest permissions changes be tested, preferably by “impersonating” a representative sample of users. This will help identify and prevent accidental configuration changes that might cause unexpected or undesired behavior, such as allowing users to access records they shouldn’t.

Deploying (“Syncing”) changes to permissions

Syncing allows users to move permissions from one “environment” to another, for example from sandbox to live. The sync button is located on the bottom of each program permissions page  and will only move the capabilities for the program chart the user is on.  Once permission capabilities are configured and tested, administrators can sync the permissions to their production environment.

Note: the administrator configuring the permissions must have access in the target environment to complete the sync. For example, the user account must be in an administrator role on both sandbox and live.

Once the environment is selected, clicking the Sync button will push the permissions configuration to the target environment. This will quickly update the permissions on the other environment, so be careful with this button! There will be a confirmation message that the permissions were synced.

Controlling who can access Client Records

Controlling access to client charts to the appropriate people is key to HIPAA compliance and has long been one of the core security features of the EHR.

Permission capabilities are separated into view, create/intake, edit, and delete functionality. Remember that this impacts security involving the client chart itself, whereas control to different documents is handled separately.

“View Clients” Capability

The view client capability controls which clients a users can see when selecting the clients tab from the home screen as well as when Program/Site filters are available from this page.

All data in this documentation is anonymized

All data in this documentation is anonymized

To set up view client capabilities, it is recommended to select the broadest set of clients to be viewed first. This is determined by the Plugin dropdown and the options include:

  • In Program
  • In Program and Site
  • Assigned Clients

It is recommended to start by creating the view capability for the broadest set of clients first.

The next step is to define the roles that should have access to view all clients in the program.  The role drop down will include all roles in the selected program.

Next, define the ensuing level of access.  Determine which roles can see clients in the Program and Site (location) of their role assignment.

Finally, determine which roles should apply to the third plugin, Assigned Clients.  This allows the role to only see clients that are assigned to them (Client assignments are most likely found on the Personal Information Form or program-specific intake document).

Don’t forget to click Save after you’ve set up your configurations.  That’s it!  You have successfully added the capabilities for viewing clients in a program

Let’s take a close look at the View Clients permissions in the example above

  • Administrators, Program Directors, and Program Auditors are able to view all clients in the Outpatient Program.
  • Clinical Supervisors, Intake Coordinators, and Schedulers can view all clients in the Program and Site they are assigned to via the existing role system.
  • Clinicians and Client Restricted Auditors can only view clients that are specifically Assigned.

After a capability is created, it can be edited and saved independently of other permissions for future modifications and maintenance.

“Create and Intake Clients” Capability

The Create and Intake Clients capability controls three things.

  • Access to the “New Client” link from the Clients tab.  This begins the process of creating a new client
  • Which programs are available on the first slide of the intake process.
  • Which sites are available when assigning a client case on the third slide of intake.


Based on the nature of intaking clients, the only plugin available for this capability is for clients

  •  In Program and Site.

Users that are intaking clients for an entire program must have this role defined on their Employee chart for all the sites they will be creating clients.

“Edit Clients” Capability

This capability controls the ability to edit the client chart summary page for an existing client.  This does not grant access to edit the Personal Information Form.  That is a separate permission governed in the client documents section

The only Plugin available for the Timeline Export is 

  • Visible Clients in Program

This capability relies on the View Client capability that was set up in an earlier section.  The roles granted this capability have it applied to the clients they have access to view.  In the sample below, the Program Director role will be able to generate a PDF Export on any client they can view in the Outpatient program.

Controlling access to Client Documentation

The permissions system allows fine-grained control over who has access to specific types of documents. Document permissions are divided into view, create, edit, and delete capabilities.

“View Client Documents” Capability

Permissioning view client document capabilities will control what saved documents each role can view  on a specified group of clients.  This will control what is available on the client timeline as well as the ‘Timeline -most recent records’ section on the bottom of the client chart.

In setting the Client Document permissions, there are several ways an agency may decide to organize each section.  One way to configure these permissions is based on Role. Once the role and plugin are selected, define the documents that this role can view.

By clicking into the box below the plugin, the user is presented with a list of documents available in the program, beginning with Sets.  As noted in the permissions introduction, task sets are how the documents are grouped on the client chart.

By selecting a set, permissions are granted to all documents in that set. By scrolling through the lookup, each task set is bolded with applicable documents in that section listed below.  This allows users to select individual documents to be permissioned.

In addition, users can type into this search box. The system will begin to search for matching documents as soon as typing begins and letter matches will be underlined. This allows for quick searching and configuration.

If you are setting up document capabilities by role, select the next role and the applicable plugin.  Then add the documents that can be viewed by the role.

Continue until all roles in the program are configured.

The advantage of setting up permissions by role is that it allows for distinct snapshots of access for each role and provides easy maintenance for future document permission changes to a role.  

An alternative way to set up document permissions is by document type. For example, grouping together all roles that can view the CA and IAP Tasks or all the roles that can view all Client Tasks.  

Something to note with View Client Documents permissions is that for the plugin of Assigned Clients, the only option available is All Documents.  

The advantage of setting up permissions by document type is that it eliminates some redundance among roles that overlap.  This works best if many roles in the program require similar access.

“Create Client Documents” Capability

This capability controls what documents each role can create. Available documents for a user to create are listed on the right side of the client chart.

NOTE: Roles must first be granted view permissions to clients to be able to complete documentation. Granting document permissions will not grant view client chart permissions.  

Once the role and plugin are selected, chose task sets or individual documents. The same process of selecting documents described in the View Client Documents section applies here.  Clicking into the box below the plugin presents the user with a list of documents available in the program. Users can also type into this box to search for specific documents.

As noted in the View Client Document permissions section, agencies can choose the organization of how these are set such as by role or by document type. The example below has create document permissions configured based on role assignment.

Let’s take a closer look at the example above:  

  • Administrators can create all Outpatient documents on all clients in the Outpatient Program.
  • Intake Coordinator and Scheduler roles can create the Client Receipt, Client File, and PIF for clients in the Program and Site where the role is assigned.
  • Clinical Supervisors can create all CA tasks, IAP Tasks, and a handful of other forms that fall in the “Client Tasks” section. These forms can be created for clients in the Program and Site where the role is assigned.
  • Clinicians are able to create all CA tasks and IAP tasks on clients that are specifically Assigned to them.

The alternative setup would be to define the roles that can create specific documents or task sets and group them together. For example, determining all the roles that can create All Comprehensive Assessment Tasks, All IAP Tasks, All Clients Tasks, etc.

“Edit Client Documents” Capability

This capability controls which documents can be edited once they are saved.  Editing a saved document is not something we encourage, but understand is necessary at times. Some examples of appropriate edits include correcting an erroneous date of service or service type of the document.  Remember that editing a note after a claim has been generated for the service can create potential inconsistencies if the edit is not also updated in your billing system.  

NOTE: Changing information on the billing strip on a saved document could cause inconsistencies if the change is not made in your billing system.

As seen with View and Create Client Document Capabilities, configuration involves defining the plugin, role, and document(s) allowed to be edited.  

NOTE: Granting edit permissions to the PIF is needed to change employee assignments.

“Delete Client Documents” Capability

Included in permissions setup is the capability to delete both clients and documents.  Although this is available, it is strongly suggested that the delete client documents permissions be given only to the Administrator role.

Troubleshooting Tip: In order for the document permissions to be applied, roles must first have view client permissions established.  Granting document permissions will not grant view client permissions. For example, if a role is set up to see all documents of all clients in the program but only has View Client permissions for assigned clients, that role will only see all documents for all assigned clients.

“View Client Documents in Other Programs” Capability

The ability to view client documents in other programs is referred to as cross program permissions.  This capability allows users to see that clients they have access to are receiving services in other programs at the agency and the completed documents related to the other program.

The only plugin available for this capability is “Visible in Program” and allows users to define which additional program views are available.

By selecting CBFS from the list above, Outpatient Clinicians that have clients that are also receiving CBFS services will see the CBFS case listed on the client list.

When accessing the Client Chart, both the Outpatient and CBFS tabs will be available.  Without having a role in the CBFS program, the Outpatient Clinician is granted view access to all saved CBFS documents on this client.