mick1916 wrote on Friday, November 18, 2011:
Maybe someone has already pointed this out but when logging in as a member of accounting or other group in OpenEMR
4.1 the user CAN Create Encounters and then add clinical data etc that only an authorized provider or clinician should be able to do. When first logging in person has NO Access to such information but the Past Encounters and documents page allows them to select an encounter and afterwards the full navigation menu is available to the user. Surely this is a security issue that needs to be addressed.
For now I have simply disabled portions of the navigation menu based on the users group privileges, as I am just exploring and testing OpenEmr.