Meaningful Use requires that you clearly control who has access to your HIPAA protected patient information. Each and every person that works in your practice is required to have his/her own log in. It is then up to you to set the permissions for each employee, consultant, partner and/or doctor. This is done through User Security. Go to Tools, Select Catalogs, and then click on User Security
The User Security window will open displaying all the doctors, providers, consultants and employees that have been entered into the system.
To add someone to the system, click the Add button.
If you need to revise the security settings for any individual on the list, click on the person’s name and then the Edit button.
The User Security Add and Edit section opens to the basic information for the individual. This is where each user is authenticated.
•Create a 3 to 5 digit ID for a new addition to the system. Note that this is the one item on this window that once created and saved can NOT be changed.
•Enter the person’s name
•Create a unique password that is unique and specific to this individual
•If this person is a provider, select his/her provider ID
•Create the emergency access password for a lower level employee that may need to access the system in an emergency when the higher level person is not available
As individuals are hired, join the practice and are added to the system, the Status defaults to Active. In the event that the person leaves the practice, for security purposes, the Status should be changed to Inactive. Once it is made Inactive, that person would no longer be able to log in to the program.
Click on the Permissions tab to set the functions in the system that this user will have access to. A simple check in a box allows this user to perform that function, or a check missing from a box means that the user can not access that feature. This controls which functions in the program this user will be able to access and use. Go through the list carefully and decide which functions to turn on/off for each user. For the purposes of Meaningful Use, scroll down to the bottom of the list. For each provider and staff member that needs to use the Meaningful Use reports, be sure there is a check in the box to View EHR Audit Log. For any user that should have emergency access to the full system, place a check in the Manage Emergency Access box.
Emergency Access gives full unrestricted access to patient information. It requires that the permission be set as shown in Figure 12. In the user window, a unique emergency access password can be set for each employee (see Figure 11). After logging in using the user’s emergency password, the system will give a pop up that requires the special Emergency Access password to give full permissions to the system. At this time, the default is the word emergency.