Assign Security Classifications to Organization Roles

From Galen Healthcare Solutions - Allscripts TouchWorks EHR Wiki
Jump to navigation Jump to search

Concepts

Security Classifications can be used to grant the same security to a group of users such as all users with the same role. Assigning security to roles rather than individual users will make it easier to create and update security settings. The consultant and client should work together to define the roles within the organization taking care not to combine roles. Security classifications can then be created for each role.

Security Gates are at the organizational level and simply control whether a function can be resticted or not.

Security Codes can be assigned to a user or classification and allow users with that classification to pass through the corresponding security gate.

For example if the gate 'printchart' is on, only users assigned the corresponding security code can print charts. If the gate is off than all users can print charts.

High Level Process

  1. Define organization roles
  2. Decide which Gates will be locked for the organization
  3. Create a Classification (keyring) for each role
  4. Add appropriate Codes (keys) to the Classification (keyring)
  5. Assign Classifications (keyrings) to users based on role
  6. Lock the Gates with the Codes (keys)

Detailed Steps

In the following sections we will create a new security classification called 'GHS ROLE' then assign it to 1 user (idamon) via TW and 5 users (adermott, ahsuser, bjones, ceisner and csnapp) via SSMT.

Assigning Security Classifications to a user in TW will allow you to easily view the data you'll need when assigning the Security Classifications via SSMT. You'll see this when we extract the data.

Access 'Sec Admin' workspace

Login to TW as TWAdmin

Select 'Sec Admin' in the VTB

Select 'Security' tab in the HTB

Choose 'Security Classification' from the 'Security Setup' Drop Down Menu

Create a New Security Classification

Click Add (lower left)

Enter GHS ROLE as the NAME Enter GHSrole as the CODE

(What do 'Inactive', Patient Security' and 'Enforced' do?)

Sc1.jpg

Highlight GHS ROLE

Sc2.jpg

Add appropriate Codes (keys) to the Classification (keyring)

Click the 'Assign Codes' button. (Button in lower left of lower window, scroll down to view if not visible)

For example: To grant all security access except 'Chart-PrintChart' to this new classification called GHS ROLE. We would simply move everything from "Available Codes" to "Current Selection" except for 'Chart-PrintChart' using the Down Arrow.

Sc3.jpg


Click OK.

Assign Security Classification to a User via TouchWorks

  1. Highlight the classification you wish to add the user to
  2. Click 'Assign Users' button
  3. Search for the user you want to assign
  4. Highlight the user
  5. Move the user down to the bottom section using the "down Arrow"

Sc4.jpg


Click OK

You should now see your user as one the of "Assigned users" in the Assign user box.

Sc5.jpg

Click Save.

Assign Security Classifications to Users via SSMT

In the above example a new security classification was created and assigned to a user via the 'Sec Admin' Workspace.

The following example shows how to take a classification assigned to one user and assign it to others.

1. Extract the 'User Security Classifications' data from TouchWorks via SSMT

2. Paste the extracted data into Excel

3. Search for the security classification you wish to assign under "Access Group Entry Name", in this example 'GHS ROLE'. If you know of a user with the classification you wish to assign you can search for that user. In this example the security classification GHS ROLE has been assigned to idamon.

Sc0.jpg

4. Insert a new row for every user you want to add this Security Classification to.

5. Copy the user's existing data into the newly inserted row and change the "Access Group Entry Code" and the "Access Group Entry Name" values to the new classification based on the already assigned user. In this example to GHSrole and GHS ROLE. (see examples in bold below)

Sc00.jpg

6. Load the data back into TouchWorks via SSMT


Verify data loaded properly

  1. Login to TouchWorks as TWAdmin
  2. Click on TWUser Admin on the VTB
  3. Search for a user you added the Security Classification GHS ROLE to in SSMT. For this example I will use adermott.
  4. Verify GHS ROLE appears in the Security section for this user.

Sc7.jpg

Lock Security Gates

The pre-existing security gates are activated by apply the corresponding Security Code to the Gate

This example will demonstrate how to restrict access for users to print a patient’s entire chart. Using the predefined security gate and security code printing an entire chart will be locked down by the code Chart-Print-Chart.

Lock gate.jpg

1. Access the Security tab within Sec Admin

2. Select Security Gates from the 'Security Setup:' dropdown

3. Locate the Security Gate to be locked in the list. (for this example look for 'Chart-PrintChart'

4. Select corresponding Security Code(key) from the dropdown. Most Security Codes mirror the Security Gate name.

(Why are some newly assigned security codes pink and others black?)

5. Click Save

Other Resources

Allscripts KB Article 3136 v11.0.1 ITT TouchWorks Security Guide


to Build Workbook (BW)

Retrieved from "https://wiki.galenhealthcare.com/index.php?title=Assign_Security_Classifications_to_Organization_Roles&oldid=2228"