Does anyone know how we can get a specific user to be able to delete his notes or documents should there be an error but to not have access to any other admin privileges. This can be done by assigning Superuser privileges under access control but that allows gives access to the database which we don’t want to give. We’re using 4.1.2 and how specific can user privileges get? How do I find out how to do this, if it is possible?
Fine-tuning of permissions for USERS can be done in the module, but most permissions are restricted due to a reason. Be sure to consult with USERS before giving special permissions since the Accountant and/or the Super controllers need sometimes to have the background information available for special reasons like following the stipulated rules for a certain specialism.
Best thing to do is to make a new type of USER. for example DoctorPlus and give this the permissions of SuperUser and than continue to block things like unwanted permissions. Remember to make frequent backups before changing, so the change will not affect the working version if unwanted permissions are giving bad and unwanted results.
Deletion of a clinical note is not advisable from a medical-legal perspective. If there is a lawsuit, the problem of spoliation, or tampering of the medical record, can come up. If plaintiff’s attorney can prove spoliation, you’ve lost the case. In the case of the EHR, because nothing is truly deleted, spoliation is even simpler to prove than with paper records.
It is better to write an addendum to correct the record.
The ACL module does not have fine granularity at this time. Fine tuning will require coding skills.