Kareo provides several options to manage how users access and utilize the application(s). Understanding the level of access for each user to your account is the responsibility of the account's System Administrator. It is recommended to regularly monitor all user account roles and permissions to ensure HIPAA compliance.
Answers to the most common user management and security questions.
|What is an ideal user setup for a typical practice?||HIPAA guidelines direct all covered entities and business associates to limit user access to protected health information (PHI) to the minimum necessary in order to accomplish their intended purpose, use, disclosure or request. Each user should have a unique username (a valid email address to which only that user can access) protected with a password of sufficient complexity.|
|What else should be done to ensure users in the account are only accessing areas appropriate to their job function?||Limit inappropriate access by only assigning users the minimum necessary to allow them to perform their specific tasks. It is also recommended to revisit and fine-tune user access regularly.|
|How many System Administrators should the account have?||For most accounts, users set up with admin permissions should be minimal. It is recommended to create one primary user with this level of access and one back-up.|
|What permissions do System Administrators have?||Users with admin permissions will have access to all areas of the system including the ability to create users and change permission levels.|
|Do Desktop Application (PM) System Administrators have admin permissions in the Web App (app.kareo.com)?||Yes. This was intended to simplify account setup and access of administrators between the two applications.|
|Are all Desktop Application (PM) users automatically created in the Web App (app.kareo.com)?||Yes. This was intended to simplify the creation of users. Users can then use the same login credentials for both applications. However, only users with admin permissions will initially be able to access the Web App; all other users have to be assigned the appropriate Web User Roles by the System Administrator in order to gain access.|
|Can I define the security policies for the account?||Yes. It is recommended to configure Security Policy Options to ensure that the policies meet all the requirements of the account's compliance plan.|
|We currently have a billing service and see all their users listed in the Web App (app.kareo.com). Are they able to access other modules such as Clinical?||The billing service should have assigned specific Web User Roles for their billers to only allow them to access the minimum necessary to perform their tasks. As long as those users have not been assigned admin or clinical permissions, they will not be able to access other modules such as Clinical.|
|I'm a System Administrator but I do not have the two user settings options: User Accounts and Web User Roles. Why do I only see the User Accounts option?||System Administrators of accounts created after May 9, 2016 have the User Accounts option to assign Web User Roles.
System Administrators of billing company accounts and accounts created prior to May 9, 2016 have both options: User Accounts and Web User Roles.
|How can I assign the Practice Administrator (applicable for billing company accounts) role to a user?||Under the Web User Roles settings, edit and assign the "System Admin" role to the user. This automatically assigns the "Practice Administrator" role to the user under User Accounts.|
|What is the difference between a System Administrator and a Practice Administrator (applicable for billing company accounts)?||System Administrators have Account Administrator permissions in the Desktop Application (PM) and the "System Admin" role in the Web App which allows full control and access to account and practice wide functionality. Practice Administrators have the "Practice Administrator" role in the Desktop Application (PM) and the "System Admin" role in the Web App which allows full control and access to practice wide functionality (only within practices they can access).|
|Can I customize the permissions of a Practice Administrator (applicable for billing company accounts)?||Yes. Default permissions for the Practice Administrator role can be edited under Manage Roles.
Note: Removing default permissions by editing the specific user account's Permissions removes the role from the user. Removing the Practice Administrator role automatically removes the System Admin web user role, and vice versa.
|Can a Practice Administrator (applicable for billing company accounts) create other System Admins in Web User Roles?||Yes. A Practice Administrator automatically has the System Admin web user role which allows them to create additional System Admins in Web User Roles. However, they can only grant users Practice Access (for accounts with multiple practices) to practices they themselves can access.|
|What does the "Manage Web User Roles" (applicable for billing company accounts) permission allow a user to do?||The "Manage Web User Roles" permission allows a user to see the Web User Roles option under Settings. However, permissions to access the Web User Roles settings requires that the user also have the System Admin web user role.|