User Guide — Record Access Restriction

athenaClinicals

To restrict and track access to sensitive charts such as those belonging to employees, VIP patients, or other patients needing additional privacy protections, you can apply a "record access restriction" privacy protection note.

 

Note: This privacy protection note was previously called "block patient."

 

Once a record access restriction is applied to a patient's record, there are three access types for that record: a free access user, a restricted record access user, and a no access user.

 

  • A free access user is the rendering, scheduling, or supervising provider assigned to an appointment for a patient with a record access restriction. The free access user can access the patient’s record for 15 days before and after the appointment.

     

    This user does not require the Privacy: Access Blocked Patients or Emergency Access: Privacy: Access Blocked Patients permission. However, if a provider will need access to any patients with a record access restriction, we recommend granting them one of these permissions in case they are not the rendering, scheduling, or supervising provider, or they need to access a record outside the window of 15 days before or after the appointment.

     

    Changes to the rendering, scheduling, or supervising provider for an appointment immediately affect user access. For example, if the scheduling provider is changed from Provider A to Provider B, Provider A is no longer a free access user, and Provider B immediately becomes a free access user.

  • A restricted record access user is someone who is not the rendering, scheduling, or supervising provider, but requires access to the record of a patient with a record access restriction. This user must have either the Privacy: Access Blocked Patients or Emergency Access: Privacy: Access Blocked Patients permission. When accessing the record, a restricted record access user must provide a reason for the access and can access the record for only 12 hours. If the user attempts to access the record after 12 hours, they must again provide a reason for the access.

  • A no access user is someone who is not a free access user or a restricted record access user, and therefore cannot access the record of a patient with a record access restriction. If this user attempts to access a record with a record access restriction, either a Forbidden page or a pop-up window displays to indicate that they are not able to access the record. If this user requires access, they must be granted either the Privacy: Access Blocked Patients or Emergency Access: Privacy: Access Blocked Patients permission.

 

A Record Access Restriction Activity report provides visibility into who accessed patient records that have a record access restriction privacy protection note.

 

 

 

 

 

Related Topics Link IconRelated Topics