EMIS Web

Sorting out RBAC

What is EMIS Web RBAC?

EMIS Web functionality is driven by Connecting for Health job roles (R codes) and activity codes (B codes)

EMIS development team linked features/functions to specific codes

If a user has a B code as part of their profile they can perform the associated functions

Why is Web RBAC driven?

EMIS Web is a Connecting for Health accredited product

Access to CfH accredited software should be controlled via a smartcard

Users accessing EMIS Web without their smartcard should be limited to: People using the EMIS Web Familiarisation

Service Users who do not have a smartcard

Why are issues occurring?

RBAC profiles not configured with correct baseline roles and do not always have enough activity codes added

User may have multiple roles Card issues are not picked up until go-live

day Implementation of PBAC Lack of clarity of RBAC processes

Designing RBAC profiles

NHS Job Roles

EMIS Web uses ‘rationalised’ job roles For example:

R8000 – Clinical Practitioner Access Role R8001 – Nurse Access Role

All rationalised job roles start at R8000 Designed in v25.1 RBAC database Each baseline role has differing levels of

RBAC activity automatically assigned

Associated Activities

What do the codes do?RBAC Code Hierarchy Activity associated with code

B8029 Manage Detailed Health Records

Open care records for patients who are inactive (deceased or have left). Archive and unarchive patients.

B8028 Verify Health RecordsThis code has no additional functionality in EMIS Web at present to code B0380 Perform Detailed Health Records.

B0380 Perform Detailed Health Records

Add, edit and delete all data within a patients care record.Perform patient actions (exemption date, automatics, issue collected and script destination) in a patients medication module.Perform Batch Add from appointment book sessions.Make a consultation confidential.Note: this code is required to be able to edit documents within a patients care record.

B8011 Perform Clinical Documents

Access the scanning and document module within EMIS Web System Tools.Scan documents (and save in patients Care Record) using the Scanning and Documents module within EMIS Web System Tools. Create document related workflow tasks (coding tasks and filing tasks).Create documents based on document templates and attach files to a patients care record.Note: Documents can only be edited if B0380 Perform Detailed Health Records (or a higher level care record code) is added. If the user needs to delete documents from a care record they will need to add B0815 Manage Clinical Documents.

Baseline Profiles

If you create a local role in EMIS Web using a particular baseline roleand you use the same baseline role on a smartcard, they DO NOT have the same set of default B codes associated to them

Practice Manager role does not exist on the spine so cannot be added to a card

Some roles have now been retired or withdrawn

RBAC documentation

For practices: QM760 EMIS Web RBAC activities staff checklist

For RA teams: QM807 EMIS Web RBAC roles baseline additionalShow baseline activity, code definitions and hierarchy Contain sample job roles which have been tested and work well with EMIS Web

Sample GP role (QM807)Smartcard Role: Higher Level GP

Staff RoleGP who performs higher level EMIS Web functions (audit trails/formularies/templates/configuration)

Job Role Clinical Practitioner Access RoleJob Role Code R8000

Role Description (with recommended codes added)

Once the recommended codes (below) have been added to this job role the user will be able to open and edit a patients full care record (including those patient who are deceased or have left the practice), use the appointment book (including amending session times/holders already on the book), edit a patients data sharing preferences, use EMIS Web Tasks, create and run searches, refer patients using integrated Choose and Book and override embargoed appointments. This user will also be able to run audit trails, create and edit clinical templates & formularies, amend organisation & workflow configuration).

This role has automatically assigned baseline activities which can be viewed on the RBAC Definitions and Hierarchy sheet.The table below show EMIS recommended codes to be added to this job role. Practices may request further codes depending on the tasks a user performs at the practice.RBAC Codes which EMIS recommend adding to this job role

B0011 Analyse Audit Trails

Access the Audit Trails module in EMIS Web System Tools.Create Audit Trails (patient & system).Print Audit Trail results.Export Audit Trail results (CSV).

B0020 Control Consent Status Access to edit a patients data sharing preferences in relation to their summary care record and their detailed care record.

B0056 Complete Work Item Complete a task.Continued…

Job Title: GP (Higher Level Profile)

Baseline NHS RBAC Role: Clinical Practitioner Access Role

Role Description: Once the codes (below) have been added to this job role the user will be able to open and edit a patients full care record (including those patient who are deceased or have left the practice), use the appointment book (including amending session times/holders already on the book), edit a patients data sharing preferences, use EMIS Web Tasks, create and run searches, refer patients using integrated Choose and Book and override embargoed appointments. This user will also be able to run audit trails, create and edit clinical templates & formularies, amend organisation & workflow configuration).

B0011 Analyse Audit Trails B1101 Manage Outbound Referrals

B0062 Local System Administration B1611 Access Sensitive Records

B0278 Perform Prescription Preparation B1700 Local System Configuration

B0428 Personal Medication Administration B8015 Perform Clinically Restricted Administration

B0572 Manage Pharmacy Activities (ONLY add for dispensing practices)

B0815 Manage Clinical Documents

Note: To create the same level of permission on a smartcard an RA Manager would also need to add the following RBAC codes to the card. These codes do not need adding to a local role profile.

B0020 Control Consent Status B0862 Manage Staff Diary/Rotas

B0056 Complete Work Item B0994 Manage Ad Hoc Reports (Local)

Sample GP role (QM760)

Continued…

Prescribers

Prescribing types B0420 Independent B0440 Supplementary B0058 Nurse Prescribers Formulary

Ensure code on role profile matches the prescribing type set in users EMIS Web Role settings.

Choose and Book

Clinical staff referring in own name:B1101Manage Outbound Referrals

Non-clinical staff referring on behalf of a clinician:B1102 Proxy Manage Outbound Referrals

Non-clinical staff who book appointments but do not refer on behalf of a clinician:B1103 Manage Outbound Appointments

Choose and Book

Only 1 Choose and Book code should be added to a users profile/position

The booking of appointments (activity B1103) is included in both B1101 and B1102 and should not be added.

Most users will have either B1101 (clinician) or B1102 (admin) only

Multiple Roles &Smartcard Synchronisation

Multiple Roles

User only needs 1 RBAC profile Local profile to use until smartcards ready Local profile for staff not using a smartcard Smartcard profile once smartcard has been

set up and synchronised with EMIS Web

Smartcard Synchronisation

Smartcard is configured for EMIS Web EMIS to EMIS sites can synchronise

smartcards prior to go-live day Allows cards to be tested Prevents issues on go-live day

Card permissions are copied to background of system Local profile is not required

User Role Profiles

Document reference: TH877 Synchronising a smartcard for EMIS Web

Synchronisation Icon

A synchronisation icon will be shown next to a users name when their card has been synchronised

PBAC(Positional Based Access Control)

Smartcard Management

Spine User Directory (SUD) Original way of adding users to the Spine and

creating and assigning roles to a user Direct access being phased out by CfH

User Identity Manager (UIM) New way of assigning roles to users Uses Positional Based Access Control

(PBAC)

User Identity Manager

Uses series of positions Positions are based on a job role and

added B codes Bank of positions created and then copied

to organisations Practices place staff into positions which

are appropriate for the tasks they perform

Positional Access Issues

Not all practice staff with same job title perform same tasks

Positions need to cope with staff working at differing levels of system access Refer to sample job roles for ideas

Some users may not fit into any of your pre-configured positions Flexibility should be available if required

EMIS Web RBAC Process

Upgrades from LV/PCS

Discuss Smartcards on Planning Day (Visit 1) Advise practice manager to contact RA team

to discuss process Discuss QM807/QM760 Advise to set up job roles & assign to users

(practices could use sample job roles) Advise to get cards updated for next EMIS

visit

Upgrades from LV/PCS

Demonstrate Synchronising Smartcards on Preparing for Upgrade (Visit 2) Discuss TH877 with Practice Manager Advise to ensure cards not blocked or expired Advise to remove additional card readers Advise to remove any local profiles once card

synchronised Ensure users who will not be logging on with

card have a local RBAC profile (ref QM760)

New Installs

Discuss QM807/QM760 Ask practice manager to contact RA team

to ask what process need to follow RA team can set up new roles and expire

old roles after go-live day Cards synchronised on go-live day Advise to create local roles on go-live day

for staff using the system without a card

Advice to RA teams

Ensure cards have been updated correctly Old roles closed/edited Relevant RA codes included (e.g. B1300) Baseline roles are R8000 role codes Refer to QM807 to know what additional

codes users may require

Coming soon…

EMIS Web RBAC timeline What will happen, when, and by whom

Facility to import/export RBAC profiles Dedicated EMIS Web RBAC page with all

supporting information on EMIS Common Room Timeline, handouts, videos and FAQs Access provided for RA teams and practices