Security Settings
To gain access to Security, a user must be granted the access rights of a System Administrator. Before beginning to assign security settings, the System Administrator should become familiar with the functions related to Groups, Roles and Users.
1. Intro to Security Manager
Start SOAPware, and Log in as an administrator using the User ID and Password given at time of install. The Administrator account is used to set-up all user accounts but does not allow access to patient information.
After logging in to SOAPware using the System Administrator account, Click on Tools in the main menu bar, then Click the Security menu item to access the Security Administration dialog window.
The security system in SOAPware has been set up to help ensure only authorized users are able to access patients' information. Once a user has logged into the system, the security system will track everything the user views, and it logs all changes the user makes. Since this tracking is available, it is very important that each staff member have a unique log-in ID. For example, if a shared log-in is being used, there is no way to know what person in the office actually changed a patient's demographics or removed a medication from the chart.
2. Logging On and Logging Off
- Password Policy: This setting is to ensure passwords are secure and cannot be easily guessed. Unfortunately, it's a common practice to write passwords on post-it notes attached on or near computers. We definitely advise against this.
- Lockout Policy: This can be setup to ensure that if somebody is trying to guess another user's password, it will disable the account for a period of time.
- Transaction Logging: Allows the administrator to disable logging of certain events in the system. It is recommended that all four items always remain check (ie: turned on) in order for proper audit logging to occur.
- Idle Logout: This determines when to log out a user after a certain amount of idle time has occurred. This is done to make sure that patient information is not visible.
- Login Window: This setting tells SOAPware to remember the username of the last person who signed in and to display it in the login window when starting SOAPware.
- Signature Password: When this setting is turned on (checked), it will require that the provider enter their password in order to sign off on a document.
- Emergency Access: When this setting is turned on (checked), it will enable the emergency access roles for all users. Emergency access roles can be defined for each individual user. For instructions on defining the users emergency access roles, please see: Emergency Access Role.
3. Search Audit Log
Audit logs are the way SOAPware tracks changes and events in the system such as users logging in and patient information being modified. When a user logs in as the administrator, he/she will see the Search Audit Log window. Notice the main display has some fields at the top.
To demo, use these fields to perform a search for log ins to the system. Click on the Section drop down menu, select the Login menu item and then click the Search button. Now the user should see some records displayed showing all the log ins to the system including when the user logged in.
For detailed instructions, see: Security Auditing in SOAPware.