Users and Account Management

Sections: Overview | Groups | Examples | How-To | Password Policy | Notes | Screenshots


Overview

The groups that a user belongs to determines their cumulative account permissions, including which tabs are enabled along with what functionality is available from within those tabs via the UI. These groups combined with a user’s data associations (Casetypes, Physicians, Facilities) determine what pool of data is available to the user, which can differ between tabs and/or specific reports. Regardless of data associations, there are two distinct categories of users:

  • Internal: These users are typically a direct part of a customer’s operations with access to most (if not all) of the data in their environment; they can interact with the system beyond limited data entry and/or report viewing, and they are always members of the Work Flow Power User group.
  • External: These users are typically part of a group associated with a customer’s operations with specific-use access to a limited subset of the data in an environment; they can only interact with the system via limited data entry (e.g., remote accessioner) and/or report viewing (e.g., portal user), and they are never members of the Work Flow Power User group.

Both types of users have access to the Dashboard tab, but a user can only interact with the system to change their password and some of their profile information (e.g., name, email, timezone) unless they belong to at least one group. When determining which users should be added to which groups, it’s important to consider these key points:

  • Groups are modularly independent: no group is simply a subset of another group.
  • Groups are intended to be used conjunctively based on the requirements of a user’s role: if a user needs functionality from multiple groups, the user needs to be added to each of those groups.

↑ top


Groups

Work Flow Power User: This broad-access group is intended for internal accessioners and users who need to directly interact with various Work Flow data elements. A user should never be added to both the Work Flow Power User and Work Flow Limited User groups.

  • Permissions:
    • Can access the Work Flow tab
    • Can create, edit, and view the following data elements: batches, patients (including insurance), physicians, facilities, and cases (potentially limited by casetype associations)
    • Can clone cases
    • If a user has been added to the user list of a queue:
      • Can access and interact with the queue
    • If a user also belongs to the Reports Viewer – Results group:
      • Can view an additional five prebuilt Available Reports: Specimen Report, Turnaround Time Report, Distribution Report, Process Feedback Report, Queued Cases
      • Can view all Custom Reports in the customer environment
  • Data Associations via Work Flow:
    • Casetypes: If a user has no casetype associations, cases of all types are available. If a user has any casetype associations, only cases of those types are available.
    • Physicians & Facilities: These associations are not intended for use with internal users and are ignored.

Work Flow Limited User: This limited-access group is intended only for external accessioners with carefully restricted data associations. A user should never be added to both the Work Flow Power User and Work Flow Limited User groups.

  • Permissions:
    • Can access the Work Flow tab
    • Can create, edit, and view the following data elements: patients (can edit and view only patients they have created) and cases (can edit and view only cases they have created and that are of a type allowed by their casetype associations)
    • If a user has been added to the user list of a queue:
      • Can access and interact with the queue
  • Data Associations via Work Flow:
    • Casetypes: If a user has no casetype associations, cases they have created of all types are available. If a user has any casetype associations, only cases they have created that are also of those types are available.
    • Physicians & Facilities: If a user has no physician and facility associations, no corresponding selections will be available when creating or editing a case. If a user has any physician and facility associations, only those corresponding selections will be available when creating or editing a case.

Work Flow Sign Cases: This group is for specially-designated users who have the authority to review and provide final approval for a case before it is signed and released. This group must be used in conjunction with either the Work Flow Power User or Work Flow Limited User group, or a user will have no available cases to sign.

  • Permissions:
    • Can sign cases
  • Data Associations via Work Flow: As per a user’s accompanying Work Flow Power User or Work Flow Limited User group.

Reports Viewer – Results: This group provides access to reporting data (including end-clinician reports) related to the details, status, and results of the cases allowed by a user’s data associations.

  • Permissions:
    • Can access the Reports tab
    • Can view two prebuilt Available Reports: Results, Case Status
  • If a user also belongs to the Work Flow Power User group:
    • Can view an additional five prebuilt Available Reports: Specimen Report, Turnaround Time Report, Distribution Report, Process Feedback Report, Queued Cases
    • Can view all Custom Reports in the customer environment
  • Data Associations via Reports:
    • Casetypes: If a user has no casetype associations, cases of all types are available. If a user has any casetype associations, only cases of those types are available.
    • Physicians & Facilities: If an internal user has no physician and facility associations, cases associated with any physician or facility are available. If an external user has no physician and facility associations, no cases are available. If a user (internal or external) has any physician or facility associations, only cases associated with any of those physicians or facilities are available.

Reports Viewer – Sales: This tightly-focused group provides access to the Sales by Representative report, regardless of a user’s data associations. All cases that were signed and released when at least one of the facilities associated with the case had any user assigned as the Sales Representative are available to an internal user. Only cases that were signed and released when at least one of the facilities associated with the case had the external user assigned as the Sales Representative are available to an external user.

  • Permissions:
    • Can access the Reports tab
    • Can view one prebuilt Available Report: Sales by Representative
  • Data Associations via Reports: The Sales by Representative report ignores data associations.

Reports Viewer – Billing: This tightly-focused group provides access to the Patient Insurance Billing report, regardless of a user’s data associations. This group must be used in conjunction with at least one of the following groups: Work Flow Power User, Work Flow Limited User, or Reports Viewer – Results.

  • Permissions:
    • Can view one prebuilt Available Report: Patient Insurance Billing
  • Data Associations via Reports: The Patient Insurance Billing report ignores data associations.

Customer Administrator: This powerful group enables a Pathagility expert to administer and manage their customer environment.

  • Permissions:
    • Can access the Administration tab
    • Can create, edit, and view the following data elements: users, content templates, casetypes, and queues
    • Can view development cycle details, active and upcoming release dates, and information about open and recently completed tickets
    • If a user has also been added to the Work Flow Power User group:
      • Can merge patients, physicians, and facilities
    • If relevant to the customer environment:
      • Can create, edit, and view the following data elements: insurance payors, sales organizations and representatives
  • Data Associations via Customer Administrator: Data associations are ignored.

API User: Separate from the standard groups listed above, this special group is explicitly designed only to grant API access to external software systems (with customer approval) and for some internal process (usually interface-related). This group has access to all customer-accessible data in an environment and is intended only for advanced users with a firm and thorough understanding of Pathagility WorkPath; in many situations (usually interface-related), these users have additional discrete and separate permissions managed by Pathagility to address specific use-cases. This group is intended to be used independently and should not be used in conjunction with other groups, and users who access the system via the UI should not be added to this group.

↑ top


Examples

Every customer is unique, with internal processes and specific roles based on their individual business needs. As such, user groups and data associations are designed to be flexible in order to meet a plethora of different needs. While this means there is not a single narrow path to follow, the following example roles reflect common trends and usage that we have observed:

  • Customer Admin (a.k.a. LIS SME (Subject Matter Expert), LIS Coordinator)
    • Groups: Customer Administrator, Work Flow Power User, Reports Viewer – Results (occasionally also Reports Viewer – Billing and/or Reports Viewer – Sales)
    • Data Associations: none
  • Power User (a.k.a. Internal Accessioner)
    • Groups: Work Flow Power User, Reports Viewer – Results (occasionally also Reports Viewer – Billing and/or Reports Viewer – Sales)
    • Data Associations: none (occasionally Casetypes if a customer sharply divides separate portions of their operations along those lines)
  • Signer (a.k.a. Internal Signer, Final Approver)
    • Groups: Work Flow Power User, Work Flow Sign Cases, Reports Viewer – Results
    • Data Associations: none (occasionally Casetypes if a customer sharply divides separate portions of their operations along those lines)
  • Portal User (a.k.a. Physician User, Facility User, Clinic Coordinator)
    • Groups: Reports Viewer – Results
    • Data Associations: Physicians and/or Facilities depending on customer’s relevant data structures
  • Sales Rep (a.k.a. Sales User)
    • Groups: Reports Viewer – Sales
    • Data Associations: none
  • Limited User (a.k.a. External Accessioner, Remote Accessioner) [rarely used]
    • Groups: Work Flow Limited User, Reports Viewer – Results
    • Data Associations: Casetypes, Physicians, and/or Facilities depending on customer’s relevant data structures
  • Limited Signer (a.k.a. External Signer, Remote Signer, Remote Approver) [very rarely used]
    • Groups: Work Flow Limited User, Work Flow Sign Cases, Reports Viewer – Results
    • Data Associations: Casetypes, Physicians, and/or Facilities depending on customer’s relevant data structures

↑ top


How-To

To create a user:

  1. Click on the Administration tab.
  2. Click the Users link in the System Management Tools section.
  3. Click the New User button on the right side of the screen.
  4. Enter the User Information and Profile settings.
  5. Click the Save button.

To edit a user:

  1. Click on the Administration tab.
  2. Click the Users link in the System Management Tools section.
  3. Click the desired user name in the list.
  4. Click the Edit User button.
  5. Edit the User Information and Profile settings.
  6. Click the Save button.

To deactivate a user:

  1. Click on the Administration tab.
  2. Click the Users link in the System Management Tools section.
  3. Click the desired user name in the list.
  4. Click the Edit User button.
  5. Deselect the Active checkbox.
  6. Click the Save button.

↑ top


Password Policy

If desired, a modular password policy can be implemented in a customer’s environment. A policy applies to all users by default, but exclusions can be configured on a per user or group membership basis. The following policy rules can be used independently or cooperatively:

  • Password length – maximum: Maximum number of characters a password can contain.
  • Password length- minimum: Minimum number of characters a password must contain.
  • Special characters – minimum: Minimum number of special characters a password must contain.
  • Special characters – maximum: Maximum number of special characters a password can contain.
  • Uppercase characters – minimum: Minimum number of uppercase characters a password must contain.
  • Uppercase characters – maximum: Maximum number of uppercase characters a password can contain.
  • Lowercase characters – minimum: Maximum number of lowercase characters a password must contain.
  • Lowercase characters – maximum: Minimum number of lowercase characters a password can contain.
  • Number characters – minimum: Maximum number of number characters a password must contain.
  • Number characters – maximum: Minimum number of number characters a password can contain.
  • Password lifetime days: Number of days for which a password is valid.
  • Login attempt fail – maximum: How many times a user can attempt to login before they are locked out.
  • Track reuse count: The number of passwords to track to prevent password reuse.

By default, a notification email is sent to a user if and when their password expires.

↑ top


Notes

  • A user should never be added to both the Work Flow Power User and Work Flow Limited User groups.
  • For API access, a separate user (or multiple users if distributed access is appropriate) should be created and added to only the API User group. A user that belongs to other groups and interacts with Pathagility via the UI should not be added to the API User group.
  • Users do not get deleted: if a user is no longer active or an account needs to be otherwise disabled, deactivating the user (see ‘How-To’) is the proper course of action.

↑ top


Screenshots

Users: Create User
Users: Create User

Users – Create User: Profile
Users - Create User: Profile

Users – Create User: User Information
Users - Create User: User Information

↑ top

0