Intro to Security Manager

Why security?

The security system in SOAPware has been setup to help ensure only authorized users are able to access patients' information.  Once a user has logged into the system, the security system will track everything the user views and log all changes the user makes.  Since this tracking is available, it is very important that each staff member have a unique log-in ID.  For example, if a shared login is being used, there is no way to know what person in the office actually changed a patient's demographics or removed a medication from the chart.

In addition, there are other features in security that are important to understand. 

• Password policies can be setup to ensure passwords are secure and cannot be easily guessed.  Unfortunately, it's a common practice to write passwords on post-it notes attached on or near computers.  We definitely advise against this. 
• Account lockout policies can be setup to ensure that if somebody is trying to guess another user's password, it will disable the account for a period of time.
• Auto-logout can be setup to log out a user after a certain amount of idle time has occurred. This is done to make sure that patient information is not visible.
• Options to disable logging of certain events in the system.
   

Creating a new user

Each person that logs into SOAPware should have their own login.  We have provided some users in the system to get you started.  It would be a good idea to create your own users for each person in the clinic who will be using SOAPware.  Open the Security Administration dialog by Clicking tne Security menu item in the Tools menu.  Click on Users in the hierarchical list on the left, so we can add a new user.
 

Notice on the right side of the display there is now a list of users in SOAPware.  Click the New User button to create a new user. 

Enter the information in this dialog for the new user.  The Log-in ID field entry is required to be unique, and will be what the user types every time they log in.  Click the OK button.  This user will now show up in the list of SOAPware users.

Expand the list of users on the left by Clicking the plus to the left of the text 'Users'.  Notice the user just created along with the other SOAPware users.  In order to edit the settings for our new user, Click on the user name and Click the plus to the left of the new user. 

These items in the resulting dialog control the access a user has such as the option to access Scheduling or Security Manager.

This can be a lot of work to setup what each and every user in the system can access. Because of this,  Roles and Groups were created in order to be able to to specify default settings more efficiently. 

Roles are used to specify work tasks in the clinic such as nurse, lab tech and clinician. 

Groups are used to define physically related groups of people.  For example, if you have 3 clinics sharing the same database, you may want to setup 3 groups (one for each clinic) so that a nurse belongs to the nurse role and is a member of 1 or more of the clinic groups (depending on how many clinics at which the nurse works).  On the right, Notice the tabs for Role Membership and Group Membership.  Click the Role Membership tab and Click the checkbox next to the Nurse name (you may have to click it twice if Nurse is not selected).

Click the Close button on this dialog to return to the main Security Manager display.
 

Search Audit Log

Audit Logs are the way SOAPware tracks changes and events in the system such as users logging in and patient information being modified.  Notice the main display has some fields at the top.

We'll use these fields to perform a search for logins to the system. Click on the Transaction Type drop down menu and Click on the Login menu item. Click the Search button.  Now you should see some records displayed showing all the logins to the system including when you logged in.

To be able to search the audit logs, a SOAPware Standard or Professional license is required.