User access controll

panos12345 wrote on Wednesday, March 05, 2014:

Hello, I am very new to openemr, but from the little I have seen I find it very usefull and handy program.
I want to setup a system to manage multiple doctors’ offices. Each doctor will have his own account in openemr and should be able to add his own patients and appointments. Also each user will have his own facility to see his patients. So far I have easily managed to do that, but the doctors’ accounts are able to create patients and appointments and assign them to a different doctor. As you can tell this is not a desirable outcome and can cause many problems when the system goes live. Is there a way to restrict access for the doctors (non-admin accounts) to be able to see only their patients and appointments?

Thank you very much for your support.

anonymous wrote on Wednesday, March 05, 2014:

Sounds like you may want to look into the multi-site module. This will allow you to configure separate databases per provider but still share the same codebase.

http://www.open-emr.org/wiki/index.php/OpenEMR_Multiple_Sites_Module

fsgl wrote on Wednesday, March 05, 2014:

Try changing Sensitivities in ACL to High by moving Normal to the right.

panos12345 wrote on Wednesday, March 05, 2014:

It is an interesting solution but not very handy. It needs too much HDD space because of the many copies of sites and databases. Also having to create new databases each time we want to add a new doctor is not something I can trust an employee to do. Thank you very much for your concern!

panos12345 wrote on Wednesday, March 05, 2014:

I have tried that but it doesn’t seem to work. Maybe I need to do anything else? I provide some screenshots. In 1 and 2 you can see the permissions, and in the 3rd you can see that Doctor1 can assign a patient to Doctor 2 and Administrator.

blankev wrote on Wednesday, March 05, 2014:

A shot in the dark:

Why not exclude Demographics Write also to the right side screen… only than the Administrator has to do all the changes in the Demographics of the Client. Another option could be the Multi Facility setup of OpenEMR.

fsgl wrote on Thursday, March 06, 2014:

Your 2.png should be the other way round, namely High in the Active box on the left and Normal in the Inactive box on the right.

penguin8r wrote on Friday, March 07, 2014:

If you are located in the U.S., you’ll want to consider multi-site for HIPAA & security reasons. Also, the disk space used is really not much, and storage space is cheap.

panos12345 wrote on Saturday, March 08, 2014:

I tried that, no change :confused:

panos12345 wrote on Saturday, March 08, 2014:

I do not live in US. The multi-site feature will be my last solution. Right now the goal is each doctor(provider) to not be able to see the other providers’ names in the appointment creation, nor in the calendar. In other words, the drop down menu in provider and facility should contain only the user’s name and facility. Ofc the same should happen with the patients.

fsgl wrote on Tuesday, March 11, 2014:

It only works for segregating the clinical notes, not for hiding other modules.

sergiors wrote on Saturday, November 28, 2015:

Hello. I am also interested in a solution to restrict the patients a doctor can see. As it is now, it could cause data privacy concerns. Maybe a group of doctors will be able to share patients inside the group, but not outside. Let me know if anyone has a solution for that.