ClinicMaster appreciates the importance of security in software systems especially those designed to manage medical Information and it
considers it as a strong pillar in all its data structures and objects.
Security in ClinicMaster means allowing a user access powers and features you desire for them
and denying access to powers and features you don’t want them to access.
Parts of this include authentication and validation (making sure you are who you claim to be), encryption (making sure data gets where you want to go,
without others being able to observe it or intercept it.)
Logging into clinicMaster system.
All users in ClinicMaster must have a user name and password to access the system.
All transactions done in the system during one’s session are tagged onto them and this includes the transaction time , date, machine Name used and the login ID.
Automatic logging out of users.
The system can be configured to automatically log out a user who has spent a specified period of time idle.
Configuring user roles.
To access roles in ClinicMaster: (SETUP>SECURITY>ROLE)
User roles (e.g. RECEPTION) in clinicMaster are security blocks whose components are objects that a user instantiates (interacts) with on a daily basis.
Each object e.g. PATIENTS that is under a particular role (e.g. RECEPTION) is defined at four levels which can further be defined by either checking a check-box or not checking it.
These access levels are READ, WRITE,UPDATE and DELETE.
Defining Access levels.
-READ: If an administrator only granted a user a right to read for the object PATIENTS, they can only view patients registered but not able to register a new patient, update or delete a patient.
-WRITE: If an administrator only granted a user a right to write for the object PATIENTS, they can only register patients but they can’t update patient, delete or view.
-UPDATE: If an administrator only granted a user a right to update for the object PATIENTS, they can only update existing patients but they can’t register patients, delete or view.
-DELETE: If an administrator only granted a user a right to delete for the object PATIENTS, they can only delete existing patients but they can’t register patients, update existing ones or view.
A user may be granted a number of objects with a combination of access rights across all selected objects for a named role and this depends on what the user must access in the system.
Note that the system has inbuilt roles that an administrator or a security control manager might not edit as much as one can create their own custom role.
Roles in ClinicMaster can be defined for a single user or group of users.
Note that a role defined for doctors to access clinical information will not be the same role defined for users at receptionist to register patients.
User access rights and Audit Trail.
If a user is denied to access a particular component, the feature on their screen will be grayed or made inactive.
ClinicMaster keeps track of all changes (i.e. Deletions and update actions) done on stored data and it is comprehensive enough to enable an an administrator to back truck queries of WHO,
WHEN, WHAT and WHERE the action took place.
Note: If an item in clinicMaster is tagged PAID FOR or OFFERED, no one can delete or update such a record.
There are a number of business rules skewed to security that exist as options in ClinicMaster that an administrator can exploit to tighten security controls.