Role-based access control provides a greater level of flexibility when defining a user's permissions and what data users can access.

A common use case for role-based access control is multiple physical locations sharing a CHR domain. By default, all users with Patients permissions can access all patient records. If you have a clinic with multiple locations where users at one location should not have access to patients at other locations, you can set up role-based access control to limit access to patient records by location. A user who does not have permission to access a patient record in another location cannot see the patient in the CHR. Or, if role-based access control is configured to allow users outside the location to see the patient in the list of patients, users must force access or "break the glass" to see the patient's chart.

If you are using role-based access control to provide access to patients in a specific location, you can also extend that to the Billing dashboard so a user sees only bills for patients whose location they have access to. You can also set it up to provide access to specific inboxes, regardless of patient location. This is useful for generic inboxes such as one for incoming faxes, as well as to see messages addressed to you even if you do not have access to the patient the message is regarding.

Role-based access control uses resource sets in conjunction with roles to provide access. Resource sets define the set of data that can be accessed (e.g. patients at a specific location) and the role defines the operations allowed on the specific data (e.g. creating and updating patient charts). With role-based access control, each user must have at least one role assigned; you cannot apply user-specific permissions outside of a role.

TELUS Health must first enable role-based access control on your system. Then you set it up by:

Once role-based access control is configured, you can view a user's permissions and quickly see where the permissions are inherited from (the individual user or a group, the role assigned, and the resource set). See Viewing a user's permissions (role-based access control) for more information.

Updated June 28, 2022

Did this answer your question?