Below you will find an example Security Class template for Worker’s who are in the role of Clinician. This template should be used as a starting point and adapted to meet your agency’s requirements.
It should also be noted that depending on your agency’s configuration and available modules, some of the Security Class Rules listed below may or may not appear.
X = check radio button / blank = unchecked / ? = depends on agency-specific modules
|
| Specific Pages Security Settings |
X | Hide Master Schedule | This setting hides the Master Agency Schedule icon (located on the left side bar) |
X | Deny access to Agency Appointments Page | Worker will not be able to access the Agency Appointments page (which displays all events for your organization). As a result, the worker will only be able to access the appointments which they are attending. |
X | Deny Access to Intake Wizard | Worker will not be able to use the Intake Wizard |
X | Hide Intake Wizard link on Home Page only | Worker will not be able to access the intake wizard from the Home Page. However, they can still access the intake wizard from the individual search and the individual page. NOTE: for this setting to work as expected, the “Deny Access to Intake Wizard” setting above must be OFF. |
X | Deny Access to Pre-Enrollment List | Worker will not be able to access the agency-wide Pre-Enrollment List. Note that having this setting on still allows the worker to access specific pre-enrollment entries of specific individuals via their Individual Profile. |
X | Deny Admin Executive Level Workers from Reviewing Service Events for Invoicing | The Admin-Exec user will not be able to access the Event Review Page or be able to edit the Review flag on the Service Event page |
X | Deny Intake Management Level Workers from Reviewing Service Events for Invoicing | The Intake Management level worker will not be able to access the Event Review Page or be able to edit the Review flag on the Service Event page |
X | Hide the Coverage Maintenance Page | This setting hides the Coverage Maintenance link from the Home Page |
| Allow access to ‘View by Individuals’ in Master Schedule | Worker will be able to View the Schedules of Individuals on the Master Schedule |
? | Show Link to DSS submissions list from home page | Worker will be granted access to the DSS submission list from the home page, and will be able to fix errors and mark the relevant record(s) for submission after the errors are fixed. Note that this security setting does not automatically grant the worker access to submission history records for which they are not the primary worker. See “Allow Access to DSS submissions of workers other than self” setting below |
? | Allow Access to DSS submissions of workers other than self | Worker will be granted full access to all DSS submissions regardless of whether they are the primary worker of the service file/group or not. |
? | Show Link to NDIS submissions list from home page | Worker will be granted access to the NDIS submission list from the home page, and will be able to fix errors and mark the relevant record(s) as corrected. Note that this security setting does not automatically grant the worker access to submission history records for which they are not the primary worker. See “Allow Access to NDIS submissions of workers other than self” setting below |
? | Allow Access to NDIS submissions of workers other than self | Worker will be granted full access to all NDIS submissions regardless of whether they are the primary worker of the service file/group or not. |
? | Allow Access to NDIS files | Worker will be granted full access to all NDIS files and able to modify and delete them. |
| Deny Access to Service Event :: Cart tab | Workers will not be able to access the “Cart” tab on the Service Event Page. |
X | Restrict Access to Service Event :: Cart tab to assigned workers only | Workers will not be able to access the “Cart” tab on the Service Event Page if they are not directly assigned to its parent service file. |
| Deny Modifications to Service Event :: Attendee Tab | Workers will not be able to modify the clients, blue book entries, workers or resources on the “Attendee” tab on the Service Event Page. |
X | Restrict Modifications to Service Event :: Attendee Tab to assigned workers only | Workers will not be able to modify the clients, blue book entries, workers or resources on the “Attendee” tab on the Service Event Page if they are not directly assigned to its parent service file. |
X | Deny Access to Service Event :: User Defined Tab | Workers will not be able to access the User Defined tab on the Service Event Page. |
X | Restrict Access to Service Event :: User Defined Tab to assigned workers only | Workers will not be able to access the User Defined Tab on Service Event Page if they are not directly assigned to its parent service file. |
| Deny Access to Service File :: User Defined Tab | Workers will not be able to access the Service File Page :: User Defined Tab. |
X | Restrict Access to Service File :: User Defined Tab to assigned workers only | Workers will not be able to access the User Defined Tab on the Service File Page if they are not directly assigned to that service file. |
X | Deny Modifications to Service File Workers | Worker will not be able to edit the workers box on the service file page :: profile tab after the service file has been added. |
| Allow access to agency targets | Worker will be able to view and edit agency targets via a link from the home page |
| Allow deleting and editing of messages in the system | Worker will be able to delete or edit existing messages at any level |
| Deny Access to All Group pages | Workers will not be able to view the list of groups in the system, along with the Group page and the Group Event page |
| Deny Access to Anonymous Services | Workers will not be able to access the anonymous services in the system. This includes the anonymous service list as well as the ability to add new instsnces of anonymous services |
| Deny Access to Reference page | Workers will not be able to access the reference page from the home page (which contains the list of services along with sites, resources, and agency links) |
X | Deny Addition and Modification of Public Blue Book Entries | Workers will not be able to add or modify Public Blue Book entries. They are still able to add existing Blue Book entries as referrals and collateral contacts, and new private collateral contacts. |
? | Allow Marking DSS Records Not For Submission | Workers will be able to mark records with DSS information (client, cases, sessions and assessments) not for submission, meaning they will never be uploaded to DSS data exchange |
X | Deny Addition of Agency News | Workers will not be able to add news items on the Agency News page. |
|
| Worker Security Settings |
| Allow access to Worker Set Up | Worker will be able to access and make modifications to other Worker’s Profiles. Note that this excludes Attachments, Documents, Preferences, and the Worker’s Context / Home Page Reports |
X | Allow Worker to access their Subordinate Workers’ Profile Documents, Attachments, and Workflow | Each Worker’s profile includes a ‘Reports to’ field. In this context, Workers who report to you are considered your ‘Subordinates’. With this security rule and notwithstanding other rules that may be in effect, the Worker will be able to access Attachments, Documents and Workflow on the Subordinates Worker’s profile. The worker will be able to view, create, add, edit and delete the Subordinate Worker’s Attachments, Documents, or Workflow Tasks and Reminders. |
| Allow access to Worker Profile Documents, Attachments, and Workflow of other Workers | Notwithstanding other security restrictions and configuration, the Worker will be able to access Attachments, Documents and Workflow on the other Worker’s profile. The worker will be able to view, create, add, edit and delete the other Worker’s Attachments, Documents, or Workflow Tasks and Reminders. |
X | Allow Viewing of Contact Information of other Workers | Worker will be able to view the Contact Information on other Workers’ Profiles |
| Allow Viewing of User-Defined Information of other Workers | Worker will be able to view the User-defined Information on other Workers’ Profiles |
| Allow Viewing of Clinical Information of other Workers | ‘Worker will be able to view the Clinical Information on other Workers’ Profiles |
| Allow creating Intake Availability Times for other Workers | Worker will be able to create intake availability times for other workers |
| Allow creating Worker Availability Slots for other workers | Worker will be able to set another worker’s availability. |
| Restrict Worker Suggest Lookup- Limit to current user site | Worker will only be able to see other workers on the same site when using the various worker suggest lookups in the system |
| Restrict Worker Search Results- Limit to current user site | Worker will only be able to see other workers on the same site when using the worker search |
| Deny access to Workers from other sites | Worker will not be able to access the profiles of other workers whose assigned sites are different from their own. |
X | Restrict Master Agency Schedule to worker’s own site | Worker will not be able to view other workers, resources, individuals or events at sites other than their own. |
X | Restrict Agency Events View to worker’s own site | Worker will not be able to view events that occurred in other sites other than the worker’s own when viewing the Master Agency Events page. |
| Deny access to Other Worker’s Profiles | Workers will not be able to view other workers’ profiles. |
| Limit Access to other workers to current worker’s own site tree | Workers will be limited to viewing (where appropriate) the names and profiles of other workers to those matching their own assigned site and below. |
X | Restrict Write Access to the Worker’s Own Profile | Worker will not be able to edit their own worker profile |
? | Allow ClientConnect Activation | Worker will be able to send activations to an individual for a new ClientConnect account. |
? | Allow ClientConnect Account Management | Worker will be able to modify the status of an individual ClientConnect account. |
|
| Search Security Settings |
| Hide Search Button | Worker will not be able to see / use the Search Engine; All search types are hidden / not accessible |
| Hide Worker Search on Home Page. | Worker will not be able to see / use the Worker Search |
| Hide Funder Search | Worker will not be able to see / use the Funder Search |
| Hide Individual Search | Worker will not be able to see / use the Individual Search |
| Hide Case Search | Worker will not be able to see / use the Case Search |
| Hide Service File Search | Worker will not be able to see / use the Service File Search |
| Hide Service Event Search | Worker will not be able to see / use Service Event Search |
| Hide Indirect Event Search | Worker will not be able to see / use Indirect Event Search |
| Hide Informal Event Search | Worker will not be able to see / use Informal Event Search |
X | Hide Billing Batch Search | Worker will not be able to see / use Billing Batch Search |
X | Hide Billing Deposit Search | Worker will not be able to see / use Billing Deposit Search |
X | Hide Billing Credit Search | Worker will not be able to see / use Billing Credit Search |
X | Hide Billing Debit Search | Worker will not be able to see / use Billing Debit Search |
X | Hide Billing EDI Search | Worker will not be able to see / use Billing EDI Search |
X | Hide Invoice Search | Worker will not be able to see / use Invoice Search |
X | Hide Billing EOB Search | Worker will not be able to see / use Billing EOB Search |
| Hide Policy Search | Worker will not be able to see / use Policy Search |
| Hide Blue Book Search | Worker will not be able to see / use Blue Book Search |
|
| Billing Information Security Settings |
| Hide Billing Amounts in Case | Worker will not be able to view the charges for any Service Units |
X | Hide Service File Fee Override | Worker will not be able to add a Fee Override for a Service File |
X | Hide Service Unit BIlling Adjustment Edit | Worker will not be able to make adjustments to a Service Unit in the Cart, including its FFS individual, patient name (if applicable) and claim amount |
X | Deny access to EOB | Worker will not be able to access Explanation of Benefits (EOB) Processes |
X | Deny access to Batch Invoicing | Worker will not be able to access Batch Invoicing. They may however, depending on other security classes, be able to generate invoices from specific Service Events. |
X | Allow access to Funder Account Information | Worker will be able to view Funder Account Information and Record payments, Debits or Credits against Funder. They will also be able to Apply Payments to Funder Invoices and Debits |
X | Allow access to Individual Account Information | Worker will be able to view Individual Account Information and Record payments, Debits or Credits against Individual. They will also be able to Apply Payments to Invoices and Debits |
| Deny modifications to the Billing Sequence | Worker will not be able to make modifications to the billing sequence of a service file, event or any specific service units in the cart. |
|
| Funder Security Settings |
| Deny access to Funder | Worker will not be able to access Funder Setup Information |
| Allow modifications to Funder Information | Worker will be able to modify Funder information |
| Allow Group Policy Set Up | Worker will be able to set up Group Policies for Funders |
| Allow Public Policy Set Up | Worker will be able to set up Public Policies for Funders |
|
| Policy Security Settings |
| Deny access to Client Policy | Worker will not be able to add/ edit or view a Client Policy |
| Restrict Add Individual Policy | Worker will not be able add any type of Policy for a Client |
X | View only for Group Policy | Worker will not be able add or edit a Client’s Group Policy |
X | View only for Public Policy. | Worker will not be able add or edit a Client’s Public Policy |
X | View only for Private Policy. | Worker will not be able add or edit a Client’s Private Policy |
| Hide Coverage View and Coverage Usage page | Worker will not be able to view a Client’s Coverage or Coverage Use |
|
| Case and Service File Security Settings |
X | Hide Create Case | Worker will not be able to create a new Case |
X | Restrict Intake to assigned Case Services | Intake-Management Worker Group Worker will only be able to access Client Service File information for Case Services to which they are assigned (ie. on their Worker Profile) |
X | Restrict Worker by Site | Notwithstanding other security restrictions, workers will only be able to access records that are associated with their assigned site tree as defined on their worker profile. That is, let’s assume that there are 3 sites set up in Penelope – Site A, B, C and worker Y (who is either Admin-Exec or Intake-Mgmt) is assigned to Site A. If this class is applied to them and notwithstanding other classes in effect, they will only be able to view records which are assigned to site A. Records from other site trees will be ‘invisible’ to them when searching or viewing the Agency Appointments screen. |
X | Restrict Service File access to Assigned Workers | Worker will not be able access the specific Service File unless they are one of the Assigned Workers to that Service File |
X | Allow Worker to Access their Subordinate Workers’ Service Files | Each Worker’s profile includes a ‘Reports to’ field. In this context, Workers who report to you are considered your ‘Subordinates’. With this security rule and notwithstanding other rules that may be in effect, Intake-Mgmt and Administrative-Executive workers will be able to access any Case (and Service File) for which one of their subordinates is assigned as a Worker. This rule takes precedence over the ‘Restrict Worker by Site’ and ‘Restrict Intake to Assigned Case Services’ rules. |
X | Restrict Service File display on Case Page to Assigned Services | Notwithstanding other security restrictions, workers will only be able to see service files that are associated with their assigned services. That is, let’s assume that there are 3 case services A, B, and C and the Worker is assigned to A and B. If the worker accesses a case where with 3 service files A, B and C, they would only be able to service file A and B, service file C would be hidden. |
X | Restrict Service File display to assigned Workers | Notwithstanding other security restrictions, Workers will not be able see a specific Service File unless they are one of the assigned Workers on that Service File. That is, let’s assume that there are 2 Cases (A and B) with the same Service File (but different presenting Individuals) in each Case. The Worker is only assigned as a Worker to Service File B in Case B. If the Worker accesses Case A, they would not see a Service File (even though they are assigned to that Case Service) as it has been hidden. If the Worker accesses Case B, they would see Service File B, as they are an assigned Worker on that Service File. |
X | Allow display of secured Case Service | Notwithstanding other security restrictions, Workers will be able to see secured Case Service Service Files. |
X | Restrict Service File display of secured Service Files to assigned Workers | Notwithstanding other security restrictions, Workers will not be able see a secured Service File unless they are one of the assigned Workers to that Service File. That is, let’s assume that there are 2 Cases (A and B) with the same secured Service File (but different presenting Individuals) in each Case. The Worker is only assigned as a Worker to Service File B in Case B. If the worker accesses Case A, they would not see a Service File (even though they are assigned to that secured Case Service) as it has been hidden. If the worker accesses Case B, they would see the secured Service File B, as they are an assigned worker on that file. |
| Allow a Worker to mark a Case Service as secure | Worker will be able to secure a Case Service. |
X | Hide Create Service File | Worker will not be able to add a new Service File |
| Deny Access to Closed Service Files | Worker will not have any access to a closed Service File even if they were one of the Assigned Workers. |
X | Mask SSN/SIN on Client Profile and Search Page. | Worker will not be able to see a Client’s SSN/ SIN |
| Allow Clinical Worker access to legacy action documents | Clinical-level workers in this class will be able to view legacy action documents created for a case file they have access to. |
| Allow for Adding any Clinical-Based Worker as Other to Service Files | Workers will be able to add any clinical based worker as an ‘other’ worker on existing service files via the ‘Show All’ box, regardless of other security restrictions which may be in effect. |
|
| Event Security Settings |
X | Allow Access to Service Events for Event Attendees | Worker will be able to access any Service Events that they have been added to as an Attendee, regardless of whether they are assigned to the Service File in any way. This security class takes precedence over the ‘Restrict Access to Service Files to Assigned Workers’ class. |
X | Allow Manager Access to Note field in Service Events attended by subordinate Workers | Worker will be able to view Service Event notes for all Service Files where their Subordinates (defined by the ‘report to’ field on their Worker Profile) are currently assigned as a Worker for that Service File. |
X | Hide Event Notes if not directly Assigned to Service File | Worker will only be able to view Service Event notes if they are currently assigned as a Worker for that Service File. Note that this only applies to intake workers; Clinical workers do not have access to event notes unless they are directly assigned to the service |
X | Restrict Reschedule to Only Own Service Events | Only the workers involved in a Service Event will be permitted to reschedule it using the ‘reschedule’ link. |
X | Restrict Reschedule to only Service Events at their own Site | Worker will only be able to reschedule a Service Event that is occurring at their ‘home’ Site (using the ‘reschedule’ link). |
| Restrict Ability to Cancel to Only Own Service Events | Only the workers involved in a Service Event will be permitted to cancel it. |
X | Restrict Ability to Cancel only Service Events at their own Site | Worker will only be able to cancel a Service Event that is occurring at their ‘home’ Site. |
X | Restrict Workers to only Book other workers from their own Site | Worker will only be able to schedule other workers from their own ‘home’ Site. |
X | Restrict Workers to only Schedule Events at their Own Site | Worker will only be able to schedule Events at their own ‘home’ site |
| Deny Access to Returns/Recoveries in Case Events | Worker will not be able to enter amounts for Returns and Recovery at the event/cart level. This setting does not extend to the EOB level. |
| Deny Access to Indirect Events | Workers will not be able to access indirect events in the system. This includes the ability to book new indirect events and access to view existing ones, regardless of if they are an attendee or had previously scheduled the event themselves. |
|
| Document Security Settings |
X | Restrict Worker from Deleting Completed Documents | Worker will not be able to delete completed Documents or Document Revisions. NOTE: this excludes Document previews |
| Deny Access to Case Documents | Worker will not be able to access Case Documents. This may be useful if you want to prevent Admin staff from accessing documents |
| Deny Access to Service File Documents | Worker will not be able to access Service File Documents. This may be useful if you want to prevent Admin staff from accessing documents |
X | Restrict Access to Documents in Service File Page to assigned workers only | Workers will not be able to access the “Document” sliding sidebar on the Service File Page if they are not directly assigned to that service file. |
| Deny Access to Service Event Documents | Worker will not be able to access Service Event Documents. This may be useful if you want to prevent Admin staff from accessing documents |
X | Restrict Access to Documents in Service Event Page to assigned workers only | Workers will not be able to access the “Document” sliding sidebar on the Service Event Page if they are not directly assigned to its parent service file. |
| Deny Access to Individual Documents | Worker will not be able to access Individual Documents; This may be useful if you want to prevent Admin staff from accessing documents |
X | Deny Access to Worker Documents | Worker will not be able to access Worker Documents |
X | Deny Access to Case Service Documents | Worker will not be able to access Case Service Documents; This may be useful if you want to prevent Admin staff from accessing documents |
| Deny Access to Informal Service Documents | Worker will not be able to access Informal Service Documents; This may be useful if you want to prevent Admin staff from accessing documents |
| Deny Access to Informal Series Documents | Worker will not be able to access Informal Series Documents; This may be useful if you want to prevent Admin staff from accessing documents |
| Deny Access to Group Documents | Worker will not be able to access Group Documents; This may be useful if you want to prevent Admin staff from accessing documents |
| Deny Access to Group Event Documents | Worker will not be able to access Group Event Documents; This may be useful if you want to prevent Admin staff from accessing documents |
| Deny Access to Funder Documents | Worker will not be able to access Funder Documents |
| Deny Access to Anonymous Service Documents | Worker will not be able to access Anonymous Service Documents; This may be useful if you want to prevent Admin staff from accessing documents |
| Deny Access to Indirect Event Documents | Worker will not be able to access Indirect Event Documents |
| Deny Access to Referral Entry Documents | Worker will not be able to access Referral Entry Documents – useful if you want to prevent Admin staff from accessing documents |
| Deny Access to Blue Book Entry Documents | Worker will not be able to access Blue Book Entry Documents – useful if you want to prevent Admin staff from accessing documents |
| Deny Access to Informal Event Documents | Worker will not be able to access Informal Event Documents – useful if you want to prevent Admin staff from accessing documents |
| Deny Access to Outcomes Assessments | Worker will not be able to access Outcomes Assessments |
| Deny Add to Outcomes Assessments | Worker will not be able to add Outcomes Assessments |
|
| Informal Service Security Settings |
| Deny Access to Informal Services | Worker will not be able to access the Informal Services section of Penelope |
| Allow Access to All Secure Informal Series | When switched on, this setting allows the worker to have view and edit privileges to all secure informal series and associated events in the system. NOTE: in order for this setting to be effective, the ‘Deny Access to Informal Services’ security setting MUST BE UNCHECKED. |
|
| Setup Security Settings |
| Allow Access to Services Set Up | Worker will be able to add / edit Case Services |
| Allow Access to Service Units Set Up | Worker will be able to add / edit Service Units and Unit of Measures |
| Allow access to Document Set Up | Worker will be able to add / edit Documents, Questions and Sections |
| Allow access to Resource Set Up | Worker will be to add/ edit Resources |
| Allow access to Worker Category Set Up | Worker will be able to add/ edit Worker Categories |
|
| Report Security Settings |
X | Deny access to Main Reports Page | Worker will not be able to access the Main Reports Page. The only reports they will be able to access are the ones embedded in the areas of Penelope in which they otherwise have permission to view (eg. Case reports, Case Load Roster etc). |
X | Hide Individual Reports section of main Reports Page | Worker will not be able to view reports in the Individual Reports section of the main reports page |
X | Hide Worker Reports section of main Reports Page | Worker will not be able to view reports in the Worker Reports section of the main reports page |
X | Hide Funder Reports section of main Reports Page | Worker will not be able to view reports in the Funder Reports section of the main reports page |
X | Hide Anonymous Reports section of main Reports Page | Worker will not be able to view reports in the Anonymous Reports section of the main reports page |
X | Hide Informal Reports section of main Reports Page | Worker will not be able to view reports in the Informal Reports section of the main reports page |
X | Hide Pre-Enrollment Reports section of main Reports Page | Worker will not be able to view reports in the Pre-Enrollment Reports section of the main reports page |
X | Hide Survey Reports section of main Reports Page | Worker will not be able to view reports in the Survey Reports section of the main reports page |
X | Hide Document Reports section of main Reports Page | Worker will not be able to view reports in the Document Reports section of the main reports page |
X | Hide Schedule Reports section of main Reports Page | Worker will not be able to view reports in the Schedule Reports section of the main reports page |
X | Hide Case Service Reports section of main Reports Page | Worker will not be able to view reports in the Case Service Reports section of the main reports page |
X | Hide Service Reports section of main Reports Page | Worker will not be able to view reports in the Service Reports section of the main reports page |
X | Hide Service Event Reports section of main Reports Page | Worker will not be able to view reports in the Service Reports section of the main reports page |
X | Hide Service Unit Reports section of main Reports Page | Worker will not be able to view reports in the Service Unit Reports section of the main reports page |
X | Hide Engage Reports section of main Reports Page | Worker will not be able to view reports in the Engage Reports section of the main reports page |
X | Hide Account Balance Reports section of main Reports Page | Worker will not be able to view reports in the Account Balance Reports section of the main reports page |
X | Hide Billing Reports section of main Reports Page | Worker will not be able to view reports in the Billing Reports section of the main reports page |
X | Hide Policy Reports section of main Reports Page | Worker will not be able to view reports in the Policy Reports section of the main reports page |
? | Hide DSS Reports | Worker will not be able to view DSS Reports section of the main reports page |
? | Hide NDIS Reports | Worker will not be able to view NDIS reports section of the main reports page. |
|
| Attachment Security Settings |
| Deny Access to Attachments in Service Event Page | Workers will not be able to access the “Attachments” sliding sidebar on the Service Event Page. |
X | Restrict Access to Attachments in Service Event Page to assigned workers only | Workers will not be able to access the “Attachments” sliding sidebar on the Service Event Page if they are not directly assigned to its parent service file. |
| Deny Access to Attachments in Service File Page | Workers will not be able to access the “Attachments” sliding sidebar on the Service File Page. |
X | Restrict Access to Attachments in Service File Page to assigned workers only | Workers will not be able to access the “Attachments” sliding sidebar on the Service File Page if they are not directly assigned to that service file. |
X | Restrict Worker from Deleting an Attachment | Workers will not be able to delete an attachment. |
|
| PCEHR Security Settings |
| Allow viewing of IHI numbers | Workers will be able to view IHI numbers |
*The Security Class Rules listed above are accurate as of Penelope version 4.16.2.0.
More Security Class Examples
For more examples of role-based Security Classes click here.