Users

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Click Add user.
   The Profile tab appears.
   
3. Last name — Enter the staff member's last name.
4. First name — Enter the staff member's first name.
5. Organization — Select the user's organization.
6. Practice — Select the practice. This field defaults to your practice if you have access to one practice only.
7. Training department — Click in the text box to display the list of departments in your practice. Select the user's department.
   Note: If the user has access to multiple practices, the department names are preceded by the practice ID.
8. Department name — Enter the staff member's department.
   If this field was previously blank, it is automatically populated with the selected Training department. If this field was already populated, the information does not change.
9. Position — Select the user's position.
10. Other (Specify) — This field appears only if you select Other (Please Specify) from the Position menu. Enter the user's position in this field.
11. Portal display name — Select Display full name or select Display custom name. By default, your full name is displayed on the Patient Portal or Patient Information Center.
    Note: If the role in the Position field is Provider, the Portal display name field does not appear.
12. Date of birth — Enter or select the user's date of birth.
13. Other ID — You can enter additional identifying information in this field. athenahealth recommends that you not enter the user's social security number in this field, but instead enter the user's employee ID numbers or some other identifying number.
14. Phone — Enter the staff member's phone number.
15. Email — Enter the staff member's email address.
16. Notes — Enter any notes about this user.
17. Click Save.
    A HIPAA confirmation message appears.
18. Click OK.
    The Security tab appears with a system-generated username and password.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter the user search criteria.
3. Click Search.
   A list of usernames that match your search criteria appears below.
4. Click the update link for the user account that you want to update.
   The user profile details appear in the fields at the top of the page.
5. Click the Security tab.
6. New password — Enter a new password (optional).
7. Confirm password — Re-enter the new password.

8. Require change — Select this option to require this user to create a new password at the next login; the new password will replace the password set on this page.

9. Block account — The default is No.
   You would select Yes when editing the account of an existing user who should no longer access the system, such as a former employee. 
10. Block password reset — The default is No. Select Yes if you want to prevent this user from using his or her security questions to reset the password.
11. Account expiration — Enter an expiration date for the account for a temporary user (optional).
12. Session timeout — Enter a number of minutes from 1 to 120, or leave this field blank to keep the default 30-minute timeout.

13. Account access — Defaults to all days selected and times blank. You can specify the days and times during which the user can log in to athenaOne. Leave the time of day fields blank to allow this user to log in at any time.

14. Time Zone — Select the appropriate time zone.
15. Click Save.

You must have User Admin (or Practice Superuser) access to block a user account.

When you block a user account, athenaOne ends the user's session immediately and prevents the user from logging back in.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria to find the user.
3. Click Search.
4. Click update next to the username in the list of search results.
5. Click the Security tab.
6. Block account — Select Yes.
7. Click Save.

You must have User Admin (or Practice Superuser) access to unblock a user account.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria to find the user.
3. Click Search.
4. Click update next to the username in the list of search results.
5. Click the Security tab.
6. Block account — Select Unblock Account.
7. Block password reset — Select Unblock Password Reset to allow the user to use his or her security questions to reset the password. (Security questions must be set up on the Update User Profile page.) Select Leave Password Reset Blocked if you want to prevent this user from using his or her security questions to reset the password.
8. Click Save.

All practice staff, except for providers, can edit their name as it appears in messages on the Patient Portal or the Patient Information Center (PIC). By default, your full name appears in these messages.

Note: Practice staff members with the Provider role can update their display names only on the Providers page.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria to find the user.
3. Click Search.
4. Click the update link for the user account that you want to update.
   The Profile tab appears.
5. Portal display name — Select Display custom name, then type the name that you want to appear in messages on the Patient Portal or Patient Information Center. For example, you could enter "Jane S. - Billing."
6. Click Save.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria to find the user.
3. Click Search.
   A list of usernames that match your search criteria appears below.
4. Click the update link for the user account that you want to update.
   The user profile details appear in the fields at the top of the page.
5. Click the Roles tab.
6. Click the Edit link.
7. Select the appropriate roles.
   Note: You can assign a local role to a user account just as you would any other role (see Local Roles).
8. Click Save.

Rather than pick user roles one by one, you can copy one user's roles to another user.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria to find the user.
3. Click Search.
   A list of usernames that match your search criteria appears below.
4. Click the update link for the user account that you want to update.
   The user profile details appear in the fields at the top of the page.
5. Click the Roles tab.
6. Click the Edit link.
7. Enter a username in the Copy user box.
8. Click Copy.
   The user's roles appear in the Selected list.
9. Edit the list of roles as needed.
10. Click Save.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria to find the user.
3. Click Search.
   A list of usernames that match your search criteria appears below.
4. Click the update link for the user account that you want to update.
   The user profile details appear in the fields at the top of the page.
5. Click the Departments tab.
6. Click the Edit link.
7. Select the appropriate departments.
8. Click Save.

Rather than pick department access one by one, you can copy one user's department access to another user.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria to find the user.
3. Click Search.
   A list of usernames that match your search criteria appears below.
4. Click the update link for the user account that you want to update.
   The user profile details appear in the fields at the top of the page.
5. Click the Departments tab.
6. Click the Edit link.
7. Enter a username in the Copy user box.
8. Click Copy.
   The user's departments appear in the Selected area.
9. Edit the departments as needed.
10. Click Save.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria to find the user.
3. Click Search.
   A list of usernames that match your search criteria appears below.
4. Click the update link for the user account that you want to update.
   The user profile details appear in the fields at the top of the page.
5. Click the Providers tab.
6. Click the Edit link.
7. Select the appropriate providers.
8. Click Save.

Rather than pick provider access one by one, you can copy one user's department access to another user.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria to find the user.
3. Click Search.
   A list of usernames that match your search criteria appears below.
4. Click the update link for the user account that you want to update.
   The user profile details appear in the fields at the top of the page.
5. Click the Providers tab.
6. Click the Edit link.
7. Enter a username in the Copy user box.
8. Click Copy.
   The providers to which the user has access appear in the Selected area.
9. Edit the list of providers as needed.
10. Click Save.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria to find the user.
3. Click Search.
   A list of usernames that match your search criteria appears below.
4. Click the update link for the user account that you want to update.
   The user profile details appear in the fields at the top of the page.
5. Click the Roles tab.
6. Click the Edit link.
   If the user has access to more than one tablespace (practice), click the Edit link next to the appropriate tablespace.
7. Enter Access to all Providers in the text field.
8. Select the Access to all Providers role.
9. Click Save.
   The user now has access to all providers in perpetuity.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria for the user.
3. Click Search.
   A list of usernames that match your search criteria appears below.
4. Click update next to a username.
   The user's profile appears.
5. Click the Roles tab.
   The user's roles appear.
6. Click a role.
   The permissions associated with that role appear in a new window.

Note: This functionality applies to enterprise organizations only. Administrators must have access to multiple practices to use this feature.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria for the user and click Search.
3. Click update next to the username.
4. Click the Roles tab.
5. Select the Role option.
   All roles for the user appear in alphabetical order.
   Note: A role does not appear in the list if a user does not have that specific role assigned to him in at least one practice.
6. Click the Edit link above the role that you want to modify.
   The role appears with all of the available practices.
7. Select the practices in which you want the user to have this role.
   Click Select all if you want the user to have this role in all practices.
   Note: Only practices to which you have administrative access appear in the list.
8. Click Save.

Note: This functionality applies to enterprise organizations only. Administrators must have access to multiple practices to use this feature.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria for the user and click Search.
3. Click update next to the username.
4. Click the Roles tab.
5. Click Add multiple practices.
6. Select the relevant practices. Click Select all if you want the user to have this role in all practices.
   Note: Only practices to which you have administrative access appear in the list.
7. Click Add practice.
8. Make any necessary changes to the roles.
9. Click Save.

Using the Data Access tab on the Users page, Population Health administrators who manage user accounts can grant permission to view multiple PCPs to users with restricted access.

Important: Always verify that the user you're granting access to should have access to all selected PCPs.

To access the Data Access tab, your practice must use athenahealth Population Health, and you must be an administrator of user accounts.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria to find the user.
3. Click Search.
4. Click update next to the username in the list of search results.
5. Click the Data Access tab.
6. What type of access will this user have? — Select Restricted - Access to specific hierarchies.
7. How do you want to assign a data access? — Select Select data access from a list.
8. Click PCP (to the left of Data Provider). A list of PCP hierarchies appears.
   Note: This feature applies only to read-only data access for PCPs; it does not apply to data providers.
9. Level 1 — Select UNDEFINED.
   This option indicates that you do not want to limit access to a specific organization or ACO only, for example.
10. Level 2 — Select UNDEFINED.
    This option indicates that you do not want to limit access to a specific group or practice only, for example.
11. Level 3 — By default, all PCPs are selected, but you can deselect the names of any PCPs that you do not want this user to have access to.
12. Review your entries to verify that you want to grant the user access to all selected providers.
13. Click Save.
    The list of PCPs selected appears on the right.

Using the Data Access tab on the Users page, Population Health administrators who manage user accounts can grant permission to view certain payer feeds.

Note: Data provider security restricts access for athenaOne users to specific payer feeds. We define data provider as the name of the provider or source that sends data to your organization, such as a payer source, EMR, or third-party administrator.

For newly provisioned RDA users, both PCPs and data providers need to be provisioned prior to the nightly security process for a user to see all data for which they are provisioned. Because the security process is run each night, there may be a slight lag between when you update security settings for a user in your organization and when these settings go into effect.

Important: Always verify that the user you're granting access to should have access to all selected data providers.

To access the Data Access tab, your practice must use athenahealth Population Health, and you must be an administrator of user accounts.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria to find the user.
3. Click Search.
4. Click update next to the username in the list of search results.
5. Click the Data Access tab.
6. What type of access will this user have? — Select Restricted - Access to specific hierarchies.
7. How do you want to assign a data access? — Select Select data access from a list.
8. Click Data Provider.
   
9. Level 1 — Select the names of all data providers you want the user to have access to.
   Note: This list shows only data providers that affect security, such as payer data providers.
10. Review your entries to verify that you want to grant the user access to all selected data providers.
    The list of data providers selected appears on the right.
11. Click Save.

If the user you need to delete is a provider, please complete all the provider deletion steps described on the Providers page.

Warning: After you delete a user account, you cannot run reports on that user. athenahealth recommends that instead of deleting the user account, you remove the user's security access and block the user account to ensure that he or she has no access to athenaOne.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Search for the user that you want to delete.
3. Click update next to the user that you want to delete.
4. Click the Roles tab.
5. Click Remove for every practice to which the user has access.
   This action will delete the user from the practice.

1. Display the Users page: On the Main Menu, click Settings > User. In the left menu, under Practice Links — Users, click Users.
2. Enter search criteria for the user.
3. Click Search.
   A list of usernames that match your search criteria appears below.
4. Click update next to the username with the audit history that you want to view.
   The user's profile appears.
5. Click the Audit history link (below the Save and Cancel buttons).
   The audit history for the user account appears, organized by the username that made changes to the account.
6. On the Security tab of the Users page, you can also click the Self Service Password Reset Status link (to the right of the Audit history link). The Self Service Password Reset Status option displays the following information about the user's password reset status:
   • Last Login Date — Date that the user last logged in to athenaOne
   • Email — Email address for the user (from the user's athenaOne User Profile)
   • Valid Security Question — Whether the user has valid security questions defined in their athenaOne User Profile (Yes or No)
   • Last Attempt Status — Status and date of the user's last self-service password reset attempt

Each feature and function in athenaOne requires that the user have the required "user permission" to access the relevant page and perform the function. athenaOne bundles many of these user permissions into "roles," such as Receptionist, Billing Manager, and Privacy Administrator, to make it easier for you to assign the appropriate permissions for each user in your practice. You can use the Users page to assign roles and permissions to each user.

Note: User accounts with the Manage Invoices user permission do not appear in the list and can only be unblocked by an athenahealth user. Please contact the CSC to resolve account issues for users with the Manage Invoices user permission.

The Client Support Center can assist you regarding the role or permission you need to view a particular page or take a particular action in athenaOne; however, the role or permission must be granted by an authorized user in your practice, such as a practice administrator or superuser (exception: the "Manage Invoices" permission must be granted by the CSC).

The following athenaOne pages give you control over user access to the data in your practice:

• User Access by Location
• User Access to Provider Data
• User Access to Departments

See also: View-Only Access

The following three permissions control user admin-related access:

• Master User Admin — Users with this permission can assign the Clinicals User Admin role to other users in your practice.
• Clinicals User Admin — Users with this permission can grant athenaClinicals-related roles to users in your practice.
• Collector User Admin — Users with this permission can grant non-athenaClinicals roles to users in your practice.

Note: If a user has access to more than one practice (tablespace), you must have access to all the same practices to edit the user account of that user.

On the Local Roles page, the Grantable by menu provides these options:

• Any User Admin (default) — Users with the Collector User Admin permission or the Clinicals User Admin permission can grant this role.
• Clinicals User Admin — Any user with the Clinicals User Admin permission can grant this role.
• Inpatient Clinicals User Admin — Any user with the Inpatient Clinicals User Admin permission can grant this role.
• Collector User Admin — Any user with the Collector User Admin permission can grant this role.
• Coordinator User Admin — Any user with the Coordinator User Admin permission can grant this role.
• athenaText User Admin — Any user with the athenaText User Admin permission can grant this role.
• Master User Admin — Only a user with the Master User Admin permission can grant this role.

The username is a critical component for athenaOne data security, patient privacy compliance, financial auditing, and user accountability. Every action that a user takes in athenaOne, from patient registration to payment collection, is logged with the staff member's username. Every athenaOne user must have a unique username.

Usernames are generated using the first name initial and the last name of the user (for example, jsmith). If this designation is not unique, athenaOne automatically appends a digit to the end of the username to make it unique throughout our entire network.

Covered entities, including athenahealth and its clients, should never assign the same login ID or user ID to multiple employees. Under the HIPAA Security Rule, covered entities, regardless of their size, are required to assign a unique name and/or number for identifying and tracking user identity.

A "user" is defined as a "person or entity with authorized access." Accordingly, the Security Rule requires covered entities to assign a unique name and/or number to each employee or workforce member who uses a system that maintains electronic protected health information (ePHI), so that system access and activity can be identified and tracked. This rule pertains to workforce members within small or large healthcare provider offices, health plans, group health plans, and healthcare clearinghouses.

As required under Section 45 CFR 164.312(a)(2)(i) of HIPAA, all actions performed in athenaOne must be traceable to a specific individual. This helps us, and our practices, maintain the security and integrity of our systems.

Note: A non-person provider is an entity configured using the Providers page that refers to a scheduling resource (such as "Echocardiogram") or generic provider (such as "Nurse"). With athenaClinicals, if your practice has the "Assign Encounters to Practice Roles" feature enabled, you can associate a non-person provider with a practice role instead of with a username.

See also: Assign Encounters to Practice Role.

User access in the Preview and Client Train support environments matches user access in athenaOne, reflecting all provider group- and department-based access defined in athenaOne. You can grant additional roles and access to yourself and other users in the Preview and Client Train support environments, regardless of the users' roles in athenaOne. You retain the roles and permissions granted in the Preview and Client Train environments until you revoke them manually.

• When you grant or revoke roles and context access in the Preview or Client Train environment, the changes take effect immediately. If you grant or revoke roles and context access in athenaOne, the changes take effect the next day.
• When you grant a role or context access to a user in Preview or Client Train (but not in athenaOne), the user retains this role in Preview or Client Train until you revoke the role manually. The user does not gain this role or access in athenaOne.
• When you revoke a role or context access for a user in athenaOne, the user loses this role or context access in Preview or Client Train the next day. If you later grant the role or context access to the user in Preview or Client Train, the user retains that access in Preview or Client Train but does not gain the role or access in athenaOne.