IN THIS ARTICLE
This article describes how patient access is controlled within ProKnow DS, including how you can manage access to individual patients using the Collaborator permission.
Understanding Patient Access
All access and permissions within ProKnow DS are controlled by assigning roles to users. Generally speaking, once a user is granted Read Patients permission (either at the organization level or within a particular workspace) they are able to see all related patients. Specifically, if Read Patients is granted at the organization level, they are able to see ALL patients within ALL workspaces. If Read Patients is only granted for specific workspaces then they are able to see ALL patients within those specific workspaces. The same logic also applies to the other patient permissions (i.e., View PHI, Download DICOM, Write Patients, Contour Patients, and Delete Patients); once a user has been granted a particular permission, that permission applies to ALL patients in either ALL workspaces, if the permission is granted at the organization level, or in a specific workspace, if the permission is granted at the workspace level.
The above logic applies to all normal (i.e., non-collaborator) users. However, the rules governing patient access changes once a user has been designated as a collaborator. Once a user is designated as a collaborator (via their assigned role), their respective permissions no longer apply to all related patients; instead, they only apply to patients to which the user has been given explicit access. A user may obtain explicit access to patients in two ways:
- A user is granted access to any patient that they create (either by manually creating the patient or by uploading files that result in the patient being created). Please note that in order to create or upload patient data, the user must also have the View PHI and Write Patients permission.
- A user may be granted access from the Manage Patient Access dialog by another user with Manage Users, Roles, and Workspaces permission (described below).
Please note that in either case, the Manage Patient Access dialog may be used to later grant or revoke access to any collaborator within the current workspace.
As an example, let's assume that a particular workspace has 3 patients: Patient A, Patient B, and Patient C. If a normal user (i.e., non-collaborator) with Read Patients access visits the Patients page, they will see all three patients. However, if a collaborator user with Read Patients, View PHI, Write Patients, and Collaborator permissions visits the Patients page, they would, by default, see no patients (assuming they did not upload nor have been granted explicit access any of the patients). They could, however, upload a fourth patient, Patient D, and if they visited the Patients page, they would only see Patient D in the list. A manager could also open a particular patient, say, Patient B, and grant the user access using the Manage Patient Access dialog. The user would now see both Patient B and Patient D. In this regard, the collaborator permission is a useful tool for selectively granting access to particular patients in a workspace (for example, in the case of peer review) as well as for allowing multiple users to upload into a single workspace while only seeing patients they have uploaded (for example, in the case of data collection).
Managing Patient Access
Access to particular patients may be controlled via the Manage Patient Access dialog. The following steps outline this process.
- With a patient opened, click on the Actions menu in the top right corner of the page and select Manage Access.
- You may grant access to the current patient by selecting a collaborator from the dropdown. Once selected, they will be added to the list of collaborators that have access to the patient (see screenshot below).
- You may revoke access to a particular collaborator by clicking the trash icon to the right of their name in the list of collaborators that have been granted access to the patient (see screenshot below)
- Click the Save button to save the changes.
Note: You must have the Manage Users, Roles, and Workspaces permission in order to manage patient access.