Top

Don't give away the keys to your castle! aka Provider Access & Permissions

Follow
Avatar
Sam Green

It can be so so so tempting to set your fellow staff/providers up with open access to all of the nooks and crannies of your organization's system. Unfortunately, it's only overall benefit really just is the initial time saved at set up... which you might end up paying back in droves trying to fix an oopsie.

I am glad to say I am confident that everyone I work with has the best intentions to serve our mission well. And... we're also human. Sometimes curiosity might just win out and then someone can't unsee information that wasn't meant to be read by them. Or they accidently click into a new section of a profile and accidently cancelled a payment. It's much too easy to consider all that could go wrong, so it's worth the time to also maintain your provider profiles:

Build in time to review provider accounts and their levels of access. If they are only working seasonally or have since left your organization, remember to remove their provider access. This also just keeps this list tidy and easy to navigate from year to year, and it's easy to re-activate someone as needed!

Create levels of access for the different groups of staff that access info. At least in my experience, my bookkeeper is glad he can't accidently click into a camper's health forms and is only presented with the finance options. Training program staff on how to access information is much easier when they only can see the sections they need. As needs change, you can adjust these groups and their access.

We've also scaled our access by having some groups able to access registrants across all of our programs, such as having all our camp nurses able to access all profiles, just in case they need to cover at another location. Other groups, like our individual program directors and their support staff, are only registered as providers for the groups they serve. This way their lists of participants only have the campers they work with!

What else do you manage as you consider setting up fellow staff as providers? What do you wish you knew?

1

Comments

1 comment

Sort by Date Votes
  • Avatar
    Phil Owen

    Sam!

    This is a GREAT POST, with some serious and strong reminders.

    We'd often get the question about, 'Is your software HIPAA compliant?' That's such a loaded statement too. My answer was typically...'we give you the TOOLS to be HIPAA compliant, but just like a doctor's office...if they leave the office unlocked and file cabinets open (assuming they're living in a paper world) they're not HIPAA compliant!'. It's always about how you use the tool!

    Great thoughts!

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post