Kareo provides several options to manage how users access and utilize the application(s). Understanding the level of access for each user to your account is the responsibility of the account's System Administrator. It is recommended to regularly monitor all user account roles and permissions to ensure HIPAA compliance.
Answers to the most common user management and security questions.
|What is an ideal user setup for a typical practice?||HIPAA guidelines direct all covered entities and business associates to limit user access to protected health information (PHI) to the minimum necessary in order to accomplish their intended purpose, use, disclosure or request. Each user should have a unique username (a valid email address to which only that user can access) protected with a password of sufficient complexity.|
|What else should be done to ensure users in the account are only accessing areas appropriate to their job function?||Limit inappropriate access by only assigning users the minimum necessary to allow them to perform their specific tasks. It is also recommended to revisit and fine-tune user access regularly.|
|How many System Administrators should the account have?||For most accounts, users set up with admin permissions should be minimal. It is recommended to create one primary user with this level of access and one back-up.|
|What permissions do System Administrators have?||Users with admin permissions will have access to all areas of the system including the ability to create users and change permission levels.|
|Do System Administrators in the Desktop Application (PM) have admin permissions in the Platform (app.kareo.com)?||Yes. This was intended to simplify account setup and access of administrators between the two applications.|
|Are all Desktop Application (PM) users automatically created in the Platform (app.kareo.com)?||Yes. This was intended to simplify the creation of users. Users can then use the same login credentials for both applications. However, only users with admin permissions will initially be able to access the Platform; all other users have to be assigned the appropriate Web User Roles by the System Administrator in order to gain access.|
|Can I define the security policies for the account?||Yes. Configure Security Policy Options to ensure that the policies meet all the requirements of the account's compliance plan.|
|We currently have a billing service and see all their users listed in the Platform (app.kareo.com). Are they able to access other modules such as Clinical?||The billing service should have assigned specific Web User Roles for their billers to only allow them to access the minimum necessary to perform their tasks. As long as those users have not been assigned admin or clinical permissions, they will not be able to access other modules such as Clinical.|