Transcript Jenny Bradshaw - EMIS Web Sorting out RBAC

EMIS Web
Sorting out RBAC
What is EMIS Web RBAC?
 EMIS Web functionality is driven by
Connecting for Health job roles (R codes)
and activity codes (B codes)
 EMIS development team linked
features/functions to specific codes
 If a user has a B code as part of their
profile they can perform the associated
functions
Why is Web RBAC driven?
 EMIS Web is a Connecting for Health
accredited product
 Access to CfH accredited software should
be controlled via a smartcard
 Users accessing EMIS Web without their
smartcard should be limited to:
 People using the EMIS Web Familiarisation
Service
 Users who do not have a smartcard
Why are issues occurring?
 RBAC profiles not configured with correct
baseline roles and do not always have
enough activity codes added
 User may have multiple roles
 Card issues are not picked up until go-live
day
 Implementation of PBAC
 Lack of clarity of RBAC processes
Designing RBAC profiles
NHS Job Roles
 EMIS Web uses ‘rationalised’ job roles
 For example:
 R8000 – Clinical Practitioner Access Role
 R8001 – Nurse Access Role
 All rationalised job roles start at R8000
 Designed in v25.1 RBAC database
 Each baseline role has differing levels of
RBAC activity automatically assigned
EMIS Web
Smartcard
Nurse Access Role
R8001
Clinical Practitioner Access Role
R8000
o
•
•
B8011 Perform Clinical Documents
o
o
o
o
B0790 Perform Clinical Coding
o
o
o
o
o
o
o
o
o
o
o
o
B0820 View Patient Demographics
EMIS Web
o
B0360 View Detailed Health Records
Smartcard
Clerical Access Role
R8010
B0380 Perform Detailed Health Records
EMIS Web
•
B8028 Verify Health Records
EMIS Web
•
RBAC Code Hierarchy
B8029 Manage Detailed Health Records
Smartcard
Admin/Clinical Support Access Role
Smartcard
R8008
Associated Activities
•
What do the codes do?
RBAC Code Hierarchy
Activity associated with code
Open care records for patients who are inactive (deceased or have left).
B8029 Manage Detailed Health Records
Archive and unarchive patients.
This code has no additional functionality in EMIS Web at present to code B0380
B8028 Verify Health Records
Perform Detailed Health Records.
Add, edit and delete all data within a patients care record.
Perform patient actions (exemption date, automatics, issue collected and script
destination) in a patients medication module.
B0380 Perform Detailed Health Records Perform Batch Add from appointment book sessions.
Make a consultation confidential.
Note: this code is required to be able to edit documents within a patients care
record.
B8011 Perform Clinical Documents
Access the scanning and document module within EMIS Web System Tools.
Scan documents (and save in patients Care Record) using the Scanning and
Documents module within EMIS Web System Tools.
Create document related workflow tasks (coding tasks and filing tasks).
Create documents based on document templates and attach files to a patients
care record.
Note: Documents can only be edited if B0380 Perform Detailed Health Records
(or a higher level care record code) is added. If the user needs to delete
documents from a care record they will need to add B0815 Manage Clinical
Documents.
Baseline Profiles
 If you create a local role in EMIS Web
using a particular baseline role
and you use the same baseline role on a
smartcard, they DO NOT have the same
set of default B codes associated to them
 Practice Manager role does not exist on
the spine so cannot be added to a card
 Some roles have now been retired or
withdrawn
RBAC documentation
For practices: QM760 EMIS Web RBAC
activities staff checklist
For RA teams: QM807 EMIS Web RBAC
roles baseline additional
 Show baseline activity, code definitions
and hierarchy
 Contain sample job roles which have been
tested and work well with EMIS Web
Sample GP role (QM807)
Smartcard Role: Higher Level GP
GP who performs higher level EMIS Web functions (audit
Staff Role
trails/formularies/templates/configuration)
Job Role
Clinical Practitioner Access Role
Job Role Code
R8000
Once the recommended codes (below) have been added to this job role the user will be able
to open and edit a patients full care record (including those patient who are deceased or have
left the practice), use the appointment book (including amending session times/holders
Role Description (with recommended
already on the book), edit a patients data sharing preferences, use EMIS Web Tasks, create
codes added)
and run searches, refer patients using integrated Choose and Book and override embargoed
appointments. This user will also be able to run audit trails, create and edit clinical templates
& formularies, amend organisation & workflow configuration).
This role has automatically assigned baseline activities which can be viewed on the RBAC Definitions and Hierarchy sheet.
The table below show EMIS recommended codes to be added to this job role. Practices may request further codes depending on
the tasks a user performs at the practice.
RBAC Codes which EMIS recommend adding to this job role
Access the Audit Trails module in EMIS Web System Tools.
Create Audit Trails (patient & system).
B0011 Analyse Audit Trails
Print Audit Trail results.
Export Audit Trail results (CSV).
Access to edit a patients data sharing preferences in relation to their summary care record
B0020 Control Consent Status
and their detailed care record.
B0056 Complete Work Item
Complete a task.
Continued…
Sample GP role (QM760)
Job Title:
GP (Higher Level Profile)
Baseline NHS RBAC Role:
Clinical Practitioner Access Role
Role Description:
Once the codes (below) have been added to this job role the user will be able to open and edit a patients full care record (including
those patient who are deceased or have left the practice), use the appointment book (including amending session times/holders already
on the book), edit a patients data sharing preferences, use EMIS Web Tasks, create and run searches, refer patients using integrated
Choose and Book and override embargoed appointments. This user will also be able to run audit trails, create and edit clinical templates
& formularies, amend organisation & workflow configuration).
B0011
Analyse Audit Trails
B1101
Manage Outbound Referrals
B0062
Local System Administration
B1611
Access Sensitive Records
B0278
Perform Prescription Preparation
B1700
Local System Configuration
B0428
Personal Medication Administration
B8015
Perform Clinically Restricted Administration
B0572
Manage Pharmacy Activities (ONLY add for dispensing
practices)
B0815
Manage Clinical Documents
Note: To create the same level of permission on a smartcard an RA Manager would also need to add the following RBAC codes to the card. These codes do not need
adding to a local role profile.
B0020
Control Consent Status
B0862
Manage Staff Diary/Rotas
B0056
Complete Work Item
B0994
Manage Ad Hoc Reports (Local)
Continued…
Prescribers
 Prescribing types
 B0420 Independent
 B0440 Supplementary
 B0058 Nurse Prescribers Formulary
 Ensure code on role profile matches the
prescribing type set in users EMIS Web
Role settings.
Choose and Book
 Clinical staff referring in own name:
B1101Manage Outbound Referrals
 Non-clinical staff referring on behalf of a
clinician:
B1102 Proxy Manage Outbound
Referrals
 Non-clinical staff who book appointments
but do not refer on behalf of a clinician:
B1103 Manage Outbound Appointments
Choose and Book
 Only 1 Choose and Book code should be
added to a users profile/position
 The booking of appointments (activity
B1103) is included in both B1101 and
B1102 and should not be added.
 Most users will have either B1101 (clinician)
or B1102 (admin) only
Multiple Roles &
Smartcard Synchronisation
Multiple Roles
 User only needs 1 RBAC profile
 Local profile to use until smartcards ready
 Local profile for staff not using a smartcard
 Smartcard profile once smartcard has been
set up and synchronised with EMIS Web
Smartcard Synchronisation
 Smartcard is configured for EMIS Web
 EMIS to EMIS sites can synchronise
smartcards prior to go-live day
 Allows cards to be tested
 Prevents issues on go-live day
 Card permissions are copied to
background of system
 Local profile is not required
User Role Profiles
Document reference: TH877 Synchronising
a smartcard for EMIS Web
Synchronisation Icon
 A synchronisation icon will be shown next to a
users name when their card has been
synchronised
PBAC
(Positional Based Access Control)
Smartcard Management
 Spine User Directory (SUD)
 Original way of adding users to the Spine and
creating and assigning roles to a user
 Direct access being phased out by CfH
 User Identity Manager (UIM)
 New way of assigning roles to users
 Uses Positional Based Access Control
(PBAC)
User Identity Manager
 Uses series of positions
 Positions are based on a job role and
added B codes
 Bank of positions created and then copied
to organisations
 Practices place staff into positions which
are appropriate for the tasks they perform
Positional Access Issues
 Not all practice staff with same job title
perform same tasks
 Positions need to cope with staff working
at differing levels of system access
 Refer to sample job roles for ideas
 Some users may not fit into any of your
pre-configured positions
 Flexibility should be available if required
EMIS Web RBAC Process
Upgrades from LV/PCS
 Discuss Smartcards on Planning Day
(Visit 1)
 Advise practice manager to contact RA team
to discuss process
 Discuss QM807/QM760
 Advise to set up job roles & assign to users
(practices could use sample job roles)
 Advise to get cards updated for next EMIS
visit
Upgrades from LV/PCS
 Demonstrate Synchronising Smartcards
on Preparing for Upgrade (Visit 2)




Discuss TH877 with Practice Manager
Advise to ensure cards not blocked or expired
Advise to remove additional card readers
Advise to remove any local profiles once card
synchronised
 Ensure users who will not be logging on with
card have a local RBAC profile (ref QM760)
New Installs
 Discuss QM807/QM760
 Ask practice manager to contact RA team
to ask what process need to follow
 RA team can set up new roles and expire
old roles after go-live day
 Cards synchronised on go-live day
 Advise to create local roles on go-live day
for staff using the system without a card
Advice to RA teams
 Ensure cards have been updated correctly




Old roles closed/edited
Relevant RA codes included (e.g. B1300)
Baseline roles are R8000 role codes
Refer to QM807 to know what additional
codes users may require
Coming soon…
 EMIS Web RBAC timeline
 What will happen, when, and by whom
 Facility to import/export RBAC profiles
 Dedicated EMIS Web RBAC page with all
supporting information on EMIS Common
Room
 Timeline, handouts, videos and FAQs
 Access provided for RA teams and practices