New User Access issue?

hitechelp wrote on Sunday, February 08, 2015:

We’re seeing an access issue with a new user added after we upgraded to v4.1.2(7) and Ubuntu 14.04.
Users who were in the system with Billing and Front Desk access were able to (and still can) see “Codes” for any patient in all 8 facilities from the billing view of Encounter History.
The new user sees “(No access)” in the “Codes” column for all patients outside our main facility, even with same access rights and Facility Specific User Information as other users.
Also, in the “Clinical View” the “Billing” column shows “(No access)” for the new user, although they have Billing access. The ACL (MYPhp Admin) has not been touched and appears to have only default (placeholder) values. TIA for any help.
-David

drlong wrote on Tuesday, April 14, 2015:

Hi David,

Did you ever find a solution to this?

In our system, ACL’s Administrator and Physician can still view all codes in the Past Encounters Billing View.

However, ACL Front Desk cannot, even when Accounting privileges are granted. I’ve attached a screenshot.

Thanks

fsgl wrote on Tuesday, April 14, 2015:

There is a heavy price to granting Front Office access to that part of Visit History. See attachment a.

“No Access” is stipulated by the script in openemr/interface/patient_file/history/encounters.php. See attachment c.

Alternatively, Line 518 can be altered to remove the 2 ACO’s, which I did not test. If successfully accomplished, it should be acceptable to leave the 2 coding ACO’s, if Front Desk does billing.

drlong wrote on Wednesday, April 15, 2015:

As always, thank you for your thorough reply.

I am in agreement that the front office’s access should be guarded. I am moving ahead cautiously with all changes, and am just experimenting with my test system at present.

The front staff can still see the billing information for each encounter via the fee sheet, so it did not make sense why they are not shown the same information in the billing view, especially when it is a convenient billing snapshot. We often have insurance calling to verify invoices, and this saves our staff from clicking through various screens to collect the same information. They always had access to this up until the last major release of OpenEMR.

Cheers!

blankev wrote on Wednesday, April 15, 2015:

Will this tiny correction also be included in the next Pach?

fsgl wrote on Wednesday, April 15, 2015:

There is another part of the script that needs reworking.

It’s also complicated by the fact that some of the Encounter forms, such SOAP & ROS, should be off-limits to Front Office.

Once I get it worked out, it will be in the Wiki.

Last I heard, Brady was waiting for a volunteer to get all the changes into the codebase.

Can’t heed the call because Classical Chinese has been neglected.

If Brady does not have the time, it won’t be in the next patch.

fsgl wrote on Wednesday, April 15, 2015:

The article has been updated with a new section about Code.

The changes give the Front Office enough access to do their job without the ability to write clinical notes nor view highly sensitive notes.