How to modify open emr ACL setup?
My requirement is :
If there were two doctors, say A and B. Doctor A ‘provided’ a new patient for consultation. And the front office staff writes, provider as Doctor A on patient’s dempgraphics.
And, when the Doctor A logging in, and should only see the patients provided by him(not required to see other patients deatils ). Also, other doctors are not permitted to see Doctor A’s patient details.
I have tried in open emr demo and cannot achieve. It sometimes shows this error :
Site ID is missing from session data!
ACL Administration Not Authorized.
If you only want to limit access to the clinical notes to the author, it is fairly easy. See this.
If the restricted access is to the Patient Summary, it is far more difficult.
Using the ACO’s, Encounters, Notes - my encounters in the Active column & Encounters - all encounters in the Inactive column, requires both an authorize statement & a disallowed statement in the same set of snippets.
Another possibility is to create different ARO’s.
This is something I’ve yet to resolve.
Have a look at the Wiki article & see if you can come up with other ideas in the meantime.
If you need to add snippets, it is not possible to use the Demo because you don’t have access to the various .php files in question. Experiment on your own test copy, not in the Demo.
All of this should be clearer after reading the Wiki article. The subject is complex, so an ample amount of time is required to understand it & then to implement it.
Edit 8/25/15
“ACL Administration Not Authorized.” is an error message that occurs
if an attempt to delete an ACO. Deletion breaks ACL. It’s very important to have a backup before any work is begun in the Advanced link.
I have tried other suggestion, but after that everything disabled for ‘Administrator’(including menus, calendar etc). Based on my requirement, Administrator requires all permissions. But Physician(Doctor) reqiures to see only the patients provided by him. For Example, Front Office : Add/ Update patient details, create appointments, cannot delete any.
Administrator: Full control
Consider two Physicians(Doctor1, Doctor2).
Doctor1 is the provider of patients A,B,C,D. And, Doctor2 is the provider of patients E,F,G.
So, here, Doctor1 should only need to see/ modify patients A,B,C,D only, not required to see E,F,G data.Similarly, Doctor2 only to see E,F,G.
I understand that the Patient Summary should only be visible to the Administrator & the attending physician.
Denial of access, as explained in the Wiki article, is accomplished across ARO’s.
In your case, restricted access is required within an ARO, which is more difficult to achieve.
This can be done readily with restriction to clinical notes in the Encounters; but it’s more difficult hiding the Patient Summary (Demographics) because one needs a mechanism to grant acess to the Administrator & attending physician while concurrently denying access to other physicians.
I will need to examine the acl_upgrade.php file in detail to glean some hints over the weekend.
If I am unable to resolve this, I would then suggest paid help. Note that 3 contributors have offices in India as well.
Tried every tool in the toolbox, including insertion of attached snippets into openemr/interface/patient_file/summary/demographics.php in various permutations & using different ACO’s. Nothing to show for it. Needed tool is missing from the box.
If this restriction is absolutely needed for your practice, the only alternative is to consult one of the Certified Contributors. Sorry.