Access Control By Facility

mike-h30 wrote on Wednesday, September 07, 2011:

When using multiple facilities, is it possible to restrict a user’s access to patient data or patient encounters to only one facility?  Thanks.


bradymiller wrote on Thursday, September 08, 2011:

In Administration->Globals->Features, there is an entry ‘Restrict Users to Facilities’, and can then set the facility in Administration->Users. Note, there may be bugs with this feature and not sure if can limit patients (think it’s really mostly for scheduling). Another option is to create a completely separate instance of OpenEMR for each facility.

mike-h30 wrote on Thursday, September 08, 2011:

I would like to avoid creating a second instance of OpenEMR as the same patient would exist at both facilities thus creating data redundancy.

How about utilizing a custom field in patient demographics to assign a facility to a patient?  Then a user’s access control could be restricted to a specific facility right?

I will check out the “Restrict Users to Facilities” option in Globals.  Thanks Brady!!


bradymiller wrote on Thursday, September 08, 2011:


Depending on how the ‘Restrict Users to Facilities’ actually works. IF it works, then a good strategy may be to then make a ‘Restrict Patients to Facilities’ global that complements above, but does for patients (and the facility(s) for patient could be entered in demographics; could even store this in it’s own table since the patient_data table is getting close to being over-crowded). Obviously, this would require some development, but would be a useful feature(could even then extend this facility mapping table to other features such as tracking “sensitive” patients that require warnings when accessing etc.).



raimund-e wrote on Monday, September 07, 2015:

Hi guys,
am just starting to implement OpenEMR for a small clinic where several providers work independently and should only see their own patients.
I followed the instructions from the FAQ, but this only hides facilities from the calendar, while the complete list of patients is still visible for every provider.
In this thread Bill hinted at the option of using the user_facility table to theat end, so I also tried to play with that, manually entering | patient_data | 91 | 3 | , but this did not seem to have any effect.
Has anyone worked on this since 2011, or is it just unfinished code that needs more development?


fsgl wrote on Monday, September 07, 2015:

Are you able to use Multiple Sites for each practice despite the fact they are all under one roof?

visolveemr wrote on Tuesday, September 08, 2015:

Hello Raimund

To restrict the users list for the providers logged in, we may need to customize the code. The 'Restrict Users to Facilities ’ will not restrict the patients specific to the providers, as you mentioned this uses the user_facility table for its functionality.

Since Fine granularization is not available in OpenEMR ACL, we need to do code customizations to achieve the same.

OpenEMR Customization/Support Team,
ViSolve Inc | Phone: 408-850-2243
Demo’s @ ViSolve Demo Library

A much belated thank you for the answer. In a first step we are now implementing OpenEMR with completely separated instances, but will look into the problem again in the next phase. Then I might get back to you re. customization.

Hi @RaimundE ,

On a related note, @ken recently brought in a very nice mechanism to create modules that can be used to restrict patients for users/facilities:

1 Like

Hi @RaimundE Yes, Check out the sample module in tests/eventdispatcher which has the capability of filtering patients. The README has instructions how to install the module. This can be enhanced to filter by facility with some simple changes to the code to look at a facility/users query instead of a blacklist. We have implemented it for a couple customers. Good luck! Let me know if you have any questions.

Hi @brady.miller and @ken,
great to hear that you were able to work on that issue! With data protection becoming more of an issue, I’d assume that a lot of people will be interested.
I’ll forward this to our web developer and he’ll have a look at it after his vacation.

I made some file changes to allow doctors to see only their patients, using all the same database.

How did you do this? I am interested in doing this, too.

Hello Charles. I arranged that each insurance company will be able to see its own patients. So, the user name has to be the same of the primary insurance for a given patient set. The programmer that wrote this for me is available for some other arrangement. I can show you a demo for you to evaluate. The feature comes in a few files that you can upload to your system. It costs 39 dollars. Let me know…

Hello @brady.miller I can use the files from this gitpage to install or tweak to make the patients visible to only the facilities that they are assigned too? I need something for a practice that has multiple providers that all independent of each other and share 1 billing department. So I need for the Facility to only see their patients and if I setup a global user like a admin that will be able to see all patients for billing. The practice doesnt care about the redundancy since they are all independent of each other. Thanks

Is there an update on this feature yet? Or has anyone come up with a solution to identify patients by facility or - BETTER - by provider to limit access?

1 Like