HOME | REQUEST INFO | CONTACT US | ABOUT US | SUPPORT | SITE MAP
Medical Records
Work Flows
Patient Walk-Through
Narrative Reports
EMR Add-Ons
Practice Management
Enrollment
Coding
Posting
End-Of-Day
Statements / Superbill
PowerView Inquiry
Messaging
Claims
Scheduler
Reporting
Statistics
Mail / Merge
News
RxWriter Data Update
Tuesday, September 15, 2009
Update your RxWriter drug data quickly and easily!
View Demo
X10 Videos!
.NET Interface
ChartGallery
Role Based Security
Hardware Requirements
 
ROLE BASED SECURITY 
 

Role Based Security Overview

PracticeStudio.NET's security system provides a convenient, throughout, and CCHIT compliant methodology of securing access to the PracticeStudio.NET system. The security is role based, and allows any user to be allowed access to a program based on their role, their specific user permissions, or even the time of day and workstation they have logged in from.

Global Preferences
View Larger Image
Global Preferences

Preferences Overview
The global preferences are used to enforce universal constraints within the security system. With the exception of password expiration and session lockouts, the values cannot be overridden. The preferences exist in order to control password strength, password policies, logon regulations, and session locking.

For example, the maximum and minimum password length, the minimum time between password changes, the maximum password age, and the complex passwords flag are a few of the properties associated with the global preferences.

Password Complexity
The requirements for a complex password follow closely to the requirements defined by Microsoft® for complex password within a Windows® 2003 system.

The exact specifications for a complex password are:

  • The password must be at least six characters long.
  • The password must contain characters from at least three of the following five categories:
    • English uppercase characters (A - Z)
    • English lowercase characters (a - z)
    • Base 10 digits (0 - 9)
    • Non-alphanumeric or symbols (for example: !,$,#, or %)
    • Unicode characters
  • The password cannot contain three or more consecutive characters from a word in the user's account name. For example, if the account name is "John L. Doe", a password would not meet the minimum complexity requirements if any of the following combinations was contained within the password: "joh", "ohn", "doe".

Logon and Sessions
Preferences also contains the settings for user logon and session inactivity lock.  A password input interval may be established that specifies the amount of time a user must wait after an invalid logon attempt before he/she is allowed to logon again.  This methodology discourages automatic programs designed to hack system passwords.

Session Inactivity Locks allow the user to establish the amount of time of inactivity before the session is locked and the user must re-authenticate before continuing to use the application.  This feature is very useful for applications where the user workstation is located in a public access area.  If used, this option will hide any active application form at the time the session is locked; thus, preventing unauthorized access or view.

Roles
View Larger Image
Roles

Roles Overview
In role-based security, permissions are associated with roles.  Users are then made members of roles, thereby acquiring the associated permissions. The purpose of the role is to group like tasks such as nurses, doctors, or insurance clerks together, thereby helping manage users and control access to application functions.

The assignment of a permission to a role is a simple binary function: permissions are checked to assign access and are unchecked to deny access. Furthermore, a role can be controlled at a more granular level with actions, auditing, and its restrictions of use.  The objective of a role-based security system is to manage the predominance of the access rights at the actual role level and only override permission at the user level when necessary.

Users
View Larger Image
Users

Users Overview
The purpose of any security system is to control user access. A well designed system aids the application administrator when actually configuring a user's access rights. As previously stated, the objective of a role-based security system is to manage the predominance of the access rights at the actual role level and only override permission at the user level when necessary.

This technique allows changes to be made on a global level to the actual role and ultimately inherited at the individual user level. Nevertheless, it is important to be able to granularly control any user without effecting roles or other users. This system is designed to incorporate the necessary control and access for the end-user.

In addition to the user name and password information, several properties allow for flexibility in the security system.  You may elect to deactivate the user account after a particular date, mark the user as inactive, or make the user an Administrator, or elect to use Windows authentication for the user account.  Session timeouts may also be established at the user level.

Restriction Sets
View Larger Image
Restriction Sets

Restrictions Set Overview
A Restriction Set is used to create a global user access rule that is comprised of days-of-week, time-of-day, workstation, and action. A Restriction Set is used to enable or inhibit a user’s access depending on the action (grant, deny, or read-only).  In many applications, the user should be restricted to the time and possibly the workstation on which he/she normally functions.

This feature helps prevent password sharing (or theft) in an application setting.  Since most of the control and auditing of an application starts and ends with the security system, the restriction sets enable enforcement on a granular basis pertaining to time and workstation.


©Copyright 2007 MicroFour, Inc. All rights reserved.
X10 Video Preview