I’ve been working through the Patient screens. Specifically focused on the Encounters and Reports. Here is a list of some changes I’ve recently made to the code:
- Ability to delete forms from encounters
You must be an admin to do this. The form is not really deleted but just flagged as deleted and the event is logged. The deleted form will not appear in the encounter screens or on the reports. A form and be un-deleted by finding the specific record in the database and flipping the deleted flag from 1 to 0.
- Search spinner added
When searching it can be confusing for the users to not see anything happen. I added a spinner graphic to the code-search part of an encounter.
- Show number and last encounter info in search results
When searching for a patient you see a list of matches and columns for past encounters, etc. These columns would only be populated if an encounter was billed. Now these columns are populated even if the encounter is not billed.
**** PLEASE CORRECT ME if I’m wrong to make this change. Perhaps it could become a toggle or setting or something ****
- Encounter summary look-n-feel
I’ve changed the look and feel to the summary of an encounter. Each form is separated by a line so they don’t just run together. There is great potential to clean this up but it depends heavily on the individual form developers.
Previously there was no security on the reports at all. So if a user wasn’t able to view/edit Encounters they could still view them in the reports section. This oversight has been corrected. The security in the reports matches that found on the other screens, as appropriate.
I look forward to trying out your enhancements. Speaking of ACL:
I am testing access to the billing information by creating a user and taking away any permissions that have to do with billing from ACL within OpenEMR-2.9.1 -dev.
In this case we have a massage therapist and a physical therapist that we contract to provide therapy for our patients. They need to document their sessions, however we do not want them to see the billing information for our facility.
I gave these users “clinician” access with the following rights via ACL:
Clinicians-add only
encounters : Notes – my encounters(write,addonly optional)
patients: Demographics (write, addonly optional)
Medical/History (write, addonly optional)
For the most part, ACL prohibits access to billing information for an unauthorized user. When the unauthorized user chooses an encounter, then clicks on “billing view” the result is that they are not granted access to view the “billing note” or “code”. Next when they drill down by clicking on the encounters’ hyper link, the coding frame to the right displays “Coding not authorized”
However, I found that the unauthorized user can still access billing information if they choose “super bill” or “fee sheet” from within an encounter. Should these also be secured under default ACL billing permissions?
I can make that security change but need a little more guidance. We don’t use OpenEMR for billing so I’m a little out of my depth here.
It seems that if the logged-in user can see the ‘Billing’ link in the main navigation, whether top-nav or side-nav, then they should be able to access the Superbill and fee-sheet. Am I correct?
Yes, that is correct Jason. We have not converted our billing to OpenEMR yet but plan to do so with the release of 2.9.1. I am currently testing with 2.9.1-dev. So our concern is that we do not want to have users that are not authorized to have access to billing information - like the Superbill and fee-sheet.
Thank you Jason for the great work.
Is it possible to list name of files you changed to make encounter (delete) working, were there any new sql data for that as well?
What files did you change for acl securities?
I don’t want to update all files to avoid loosing custom made settings.
Jason, thanks for the fixes. I think the thing about encounter information being based on billed encounters is my fault. I use encounters for billed and non-billed events. A billed encounter would be an office visit, a non-billed encounter might be a phone call. Since this is probably not typical, I don’t have a problem if you change it.
For acl protection of various files for administrative access only, would it make sense to make a header that can be included where needed? Like this:
I did make one change to the database that makes it possible to “delete” encounter forms. I’ll list the files I changed to make this feature available:
sql/2_9_0-to-2_9_1_upgrade.sql
interface/patient_file/encounter/forms.php
interface/patient_file/encounter/delete_form.php
Mark,
I like the idea of having a single include for Admin-ACL checking. It’s a good solution if an entire PHP file should not be accessed but in many situations we need to exclude only portions of a PHP while it’s being processed. I’ve relied upon the ‘acl_check’ function and it works really well in-line. As an example, you can see what I’ve done here:
interface/patient_file/encounter/forms.php
– see line 99 for the acl_check for admin, that determines if the ‘delete’ link appears to the user
Mike,
I’ll add the missing acl_checks and post an update back to this developers forum.
I changed a handful of files back a few weeks and have changed more recently. To enable forms to be deleted you’ll need to upgrade/get these files
<oemr>/interface/patient_files/encounters/delete_form.php
<oemr>/interface/patient_files/encounters/forms.php
and also upgrade your database to include a new field. See this file
<oemr>/sql/2_9_0-to-2_9_1_upgrade.sql
I think that’s it. But if you’re keeping up with the CVS development tree then you’ve already got all my changes.
Sorry Jason for not being more specific, I actually meant this one:
"- Show number and last encounter info in search results
When searching for a patient you see a list of matches and columns for past encounters, etc. These columns would only be populated if an encounter was billed. Now these columns are populated even if the encounter is not billed. "
Have you added the ACL checks so that users not authorized for billing cannot access the fee sheet and super bill or any billing related information? I have been testing with current CVS version this week.