Beginning NPR report writers often expect that an NPR report will automatically pay attention to facility, confidential access, and location restrictions. In fact, an NPR report respects none of these user-based restrictions, and will list patients from all facilities, any location, and include confidential patients, regardless of what is set up for the user.
The bad way to deal with this is to create different versions of a report for each facility, for particular locations, or including or excluding confidential patients. This would move security from the user dictionary to menu based control. Also, if you have a “restricted by location” user working on different locations, giving them a report with a hardcoded location selection is not sufficiently flexible.
Let’s look at ways that you can write a generic NPR report and include user dictionary based filtering to handle confidential patients, facility access, and restrictions by location.
When a user runs an NPR report in an application, before the report is executed, the standard “sign on” program for that application opens the database and dictionaries. Often, this will include a prompt to select a facility. After that prompt is answered (or if you have access to just one facility), the selected (or only) facility is stored in a slash variable @.facility.
Rather than create a version of your report for each facility, just add this selection:
If you want to print a confidential message in place of the patient’s name, create a computed field as follows (and do not use the ck.confidential selection).
Here an entire location is confidential, so the parameter based string prints in place of the name:
Restriction by Location
MEDITECH allows you to designate a user “restricted by location.” This means that the user can only select patients for locations associated with a particular device (PC). This allows a user to move throughout the hospital, and only access patients for the location they are “on.”
Here I have restricted a user by location in MIS.USER, and I have associated the user’s device “IATRICVM.1” to the location “CCPM”.
When you device to a location to the list of Terminals, this creates an entry in the @MIS.LOCN.DICT.terminal.x as follows:
To check location access, and exclude patients if (A) the user is restricted by location and (B) the current device is not associated with the location of the patient, add a computed select to your report as follows:
Client Server (C/S) example:
Then, using the same approach as in the MAGIC version, you can write the computed field as follows:
Now the restricted user only gets the location(s) where he is working:
If your report prompts for location, you might want to add some error checking to the location selection instead:
Here we add an FCL to a location selection prompt with the EDIT ELEMENTS option:
For the C/S version, because of the problem with using the @.machine field in a FCL (as in a computed field) we move the checking program to a macro:
The code in the C/S macro:
Restricted by Location – LOOKUP (MAGIC only)
This tip is MAGIC only because the default behavior of patient lookups in C/S apparently respects the location restriction.
Finally, you might be more concerned about adding a location restriction to a report that allows a user to identify a particular patient than you would be about a report that lists all patients for one or more locations. One reason to impose a location restriction on users is to reduce the chance of misidentification, and a report that prints for a single patient run for the wrong patient is probably a more significant error than a report that happens to include “extra” locations. You could just add the location checking computed select field to cause a misidentification to return “no records found,” but it is more elegant to force the lookup itself to be restricted.
The ADM.PAT.id.color (MAGIC) or ADM.PAT.id (C/S) program checks a /LOC.RESTRICT flag to determine whether to provide a restricted by location lookup.
If we create our own program in a report macro %ADM.PAT.zcus.is.restricted.lookup.M.id and call it with an ID= attribute, we can provide our report with a restricted lookup.
Upcoming NPR Training Opportunities:
We are pleased to offer NPR Report Writer training sessions at host sites this fall. Details and a course description are available on our website at http//www.iatric.com/npr/class-schedule.asp.
|Children's Specialized Hospital
New Brunswick, NJ
|Beginner/Intermediate||Joe Cocuzzo||Oct. 20-22, 2010||$750|
|Valley Presbyterian Hospital
Van Nuys, CA
|Beginner/Intermediate||Richard Serrano||Nov. 17-19, 2010||$750|
To subscribe for email notifications for new classes, please visit http://www.iatric.com/npr/class-schedule.asp.
For more information or to reserve a seat, please contact Karen Roemer at 978-805-3142 or email email@example.com.
(This originally appeared in the September 2010 issue of Iatric Systems' Updates! newsletter.)