Security: How to Configure Desktop Security for Scheduling
This section covers the scheduling security workflow in OnTarget Clinical:
Depending on how the scheduling function is implemented throughout a particular organization, security administrators may need to control how calendars are created, viewed, and edited for some users. Several options are available for securing the calendars.
Control points are configurable by role by going to the "security" menu and "configure roles".
Start by selecting a role and reviewing the "role information" under the "user assignment".
The calendar settings are managed under the Desktop Security tab. Several choices are available once the scheduling section is expanded.
The first check box, "My Calendar (Read Only)", is the most restrictive type of calendar access. This option permits users to view strictly their calendar, excluding them from all other calendars. Read-only indicates that calendars are only viewable and that there are no adding, editing or deleting rights allowed. Clicking on this check box effectively removes the "show all" feature from the calendar. This allows all scheduled events to be displayed by default since no other calendars can be viewed. This also removes the ability to schedule an event on the calendar, since the calendar is made read-only. This only allows the user to add or edit a note. All other options, such as editing the time of the event, creating a task, or opening the client record, are restricted. The only other actions available with this level of access chosen are to refresh the calendar to see all current events, validate the schedule to review any warning messages, or to export to a report format.
The second check box, "My Calendar (Full Access)", is for full calendar access. My calendar indicates that the user can still only see their individual calendars, but the full access gives them the ability to create or update their scheduled events. When this level of access is granted, the "add event" window is available to create an event. For existing events, this also grants full rights to edit and review the client chart info, add a task, and add/edit a note. The "show all" check box is still restricted. By default, all of the user's scheduled events are displayed.
The third check box, "All Calendars (Read Only)", opens visibility to all calendars. Read-only indicates that calendars are only viewable and that there are no adding, editing or deleting rights allowed. Both All Calendars options take into account the cost center assignment and the assigned clients rules. This means that there is still some control over what calendars are visible, since cost centers and/or assigned clients are being respected. For example, If the ‘Only Show Assigned Clients’ is checked, then even in the All Calendars mode, the user will only see the calendars that are associated with their assigned clients. That is also true for the cost center rules. If a user is restricted to what cost centers they see client/employee information, then they are still restricted to viewing only the associated calendars for their cost centers when the All Calendars option is checked. Unlike the My Calendar options, all other caregiver calendars are visible within their given cost centers and assigned clients. This is helpful in team delivered service environments.
By default, no scheduled events are shown within the "All Calendars" mode on the calendar. The user must click the "Show All" check box or use one of the filters or statuses to begin viewing appointments.
Once the events are displayed, just as in the Read-Only option for the My Calendar mode, no events can be added, edited or deleted. The only actions that can be taken are to add/edit the note, validate the schedule to review any warning messages, or to export to a report format.
The final check box, "All Calendars (Full Access)", permits access to all calendars (again, with respect to cost center and assigned client rules). This mode allows for full access to add, edit, and delete scheduled events. This is the highest level of access that can be allowed within the scheduling module.
Security administrators can determine how particular roles are able to handle warning messages when scheduled items are being validated for compliance with the authorization, the client record and the employee record. This is managed under the "Validations" tab.
Each point of validation is listed and there is a tool tip that describes the purpose of each one. If validations are enforced and items are scheduled, the system looks to ensure it is in compliance. If it is not enforced, the system will not check for compliance in that particular area. If validations are enforced, it should be determined if the system will allow override. If "allow override" is checked for a particular item, users are allowed to continue with scheduling the events at their discretion, but empowering them with the knowledge that the event will be out of compliance. If overrides are not allowed, then the system will prevent the scheduled event from being entered altogether until the event is no longer out of compliance with the validation.